How to decrypt the amazon report-document from amazon selling partner api

Question

report-document-api GetReportDocument api

"response": {
              "payload": {
                "reportDocumentId": "0356cf79-b8b0-4226-b4b9-0ee058ea5760",
                "url": "https://d34o8swod1owfl.cloudfront.net/SampleResult%2BKey%3DSample%2BINITVEC%3D58+fa+bf+a7+08+11+95+0f+c1+a8+c6+e0+d5+6f+ae+c8",
                "encryptionDetails": {
                  "standard": "AES",
                  "initializationVector": "58 fa bf a7 08 11 95 0f c1 a8 c6 e0 d5 6f ae c8",
                  "key": "Sample"
                }
              }
            }

When I directly access this URL "url": "https://d34o8swod1owfl.cloudfront.net/SampleResult%2BKey%3DSample%2BINITVEC%3D58+fa+bf+a7+08+11+95+0f+c1+a8+c6+e0+d5+6f+ae+c8", download a file automatically, should I decrypt the file by AES？ the initializationVector is encoded by Base64？ How to get report？

If anyone else ends up here, the 2021-06-30 version of the reports API no longer uses the encryption. It was a fun exercise but the change is probably for the best (some cloud providers, such as Oracle Netsuite, had issues transferring raw binary over HTTP, and would cut off bytes outside the ASCII range) — Darren Ringer, Apr 15 '22 at 19:09

score 2 · Answer 1 · answered Mar 21 '21 at 18:10

After downloading the file by the url (you only have 5 minutes for that), you have to decrypt it. So download it bytewise (binary) and decrypt it with AES (originally called Rijndael) using ciphermode CBC. As you thought, the key and the initialization vector are base 64 encoded. Her is some sample code in C#:

GetReportDocumentResponse requestResult = ... //your request to getreportdocument here
byte[] rawData = new System.Net.WebClient().DownloadData(requestResult.payload.url);
byte[] key = Convert.FromBase64String(requestResult.payload.encryptionDetails.key);
byte[] iv = Convert.FromBase64String(requestResult.payload.encryptionDetails.initializationVector);

string documentText; // this will contain the decrypted document
using (var rijndaelManaged = new RijndaelManaged { Key = key, IV = iv, Mode = CipherMode.CBC })
using (var memoryStream = new MemoryStream(rawData))
using (var cryptoStream = new CryptoStream(memoryStream, rijndaelManaged.CreateDecryptor(key, iv), CryptoStreamMode.Read))
{
    documentText = new StreamReader(cryptoStream).ReadToEnd();
}

score 2 · Answer 2 · answered Aug 07 '21 at 21:17

//Here is my working code
++++++++++++++++++++++++++++

response3 = reportsApi.GetReportDocument("Give_your_ReportDocumentId");
            
byte[] rawData = new System.Net.WebClient().DownloadData(response3.Payload.Url);
byte[] key = Convert.FromBase64String(response3.Payload.EncryptionDetails.Key);
byte[] iv = Convert.FromBase64String(response3.Payload.EncryptionDetails.InitializationVector);

var reportData = ReportsApiTests.DecryptString(key, iv, rawData);
File.WriteAllText(report_type + ".txt", reportData);


public static string DecryptString(byte[] key, byte[] iv, byte[] cipherText)
{
    byte[] buffer = cipherText;

    using (Aes aes = Aes.Create())
    {
        aes.Key = key;
        aes.IV = iv;
        ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);

        using (MemoryStream memoryStream = new MemoryStream(buffer))
        {
            using (CryptoStream cryptoStream = new CryptoStream((Stream)memoryStream, decryptor, CryptoStreamMode.Read))
            {
                using (StreamReader streamReader = new StreamReader((Stream)cryptoStream))
                {
                    return streamReader.ReadToEnd();
                }
            }
        }
    }
    
}

How to decrypt the amazon report-document from amazon selling partner api

2 Answers2