Use URL safe encoding

aesItemCrypter.go → aesitemcrypter.go

@@ -36,13 +36,12 @@ type aesCryptedItem struct {
 func (c *aesCryptedItem) Encrypt(ctx context.Context,
 	item map[string]types.AttributeValue,
 ) (string, error) {
-	// Marshal the item into a JSON string
 	it, err := marshalJSON(item)
 	if err != nil {
 		return "", err
 	}
 	c.block.Encrypt(it, it)
-	return base64.StdEncoding.EncodeToString(it), nil
+	return base64.URLEncoding.EncodeToString(it), nil
 }
 
 // Decrypt decrypts a dynamodb item along with an encryption context.
@@ -51,18 +50,14 @@ func (c *aesCryptedItem) Decrypt(
 	ctx context.Context,
 	item string,
 ) (map[string]types.AttributeValue, error) {
-	// Decrypt the item with kmsKeyID
-	decodedItem, err := base64.StdEncoding.DecodeString(item)
+	decodedItem, err := base64.URLEncoding.DecodeString(item)
 	if err != nil {
 		return nil, err
 	}
 	c.block.Decrypt(decodedItem, decodedItem)
-
-	// Unmarshal the item into a map[string]types.AttributeValue
 	it := map[string]types.AttributeValue{}
 	if err := json.Unmarshal(decodedItem, &it); err != nil {
 		return nil, err
 	}
-
 	return it, nil
 }

kmsItemCrypter.go → kmsitemcrypter.go

@@ -47,8 +47,7 @@ func (c *kmsCryptedItem) Encrypt(
 	if err != nil {
 		return "", err
 	}
-
-	return base64.StdEncoding.EncodeToString(out.CiphertextBlob), nil
+	return base64.URLEncoding.EncodeToString(out.CiphertextBlob), nil
 }
 
 // Decrypt decrypts a dynamodb item. If ctx contains an encryption context, it will be used
@@ -57,7 +56,7 @@ func (c *kmsCryptedItem) Decrypt(
 	ctx context.Context,
 	item string,
 ) (map[string]types.AttributeValue, error) {
-	decodedItem, err := base64.StdEncoding.DecodeString(item)
+	decodedItem, err := base64.URLEncoding.DecodeString(item)
 	if err != nil {
 		return nil, err
 	}
@@ -72,11 +71,9 @@ func (c *kmsCryptedItem) Decrypt(
 	if err != nil {
 		return nil, err
 	}
-
 	it := map[string]types.AttributeValue{}
 	if err := json.Unmarshal(out.Plaintext, &it); err != nil {
 		return nil, err
 	}
-
 	return it, nil
 }