如何在NodeJS上使用S3 SSE C（服務器端加密和客戶端提供的密鑰）

Question

如何在NodeJS上使用SSE C加密？我試過以下，但得到了一個錯誤

s3.putObject({ 
    Bucket: 'mybucket', 
    Body: 'Hello S3', 
    ACL: 'private', 
    Key: 'test.txt', 
    SSECustomerAlgorithm: 'AES256', 
    SSECustomerKey: '0699Exxxxxx' 
}, (err) => { 
    if (err) return console.error(err.stack) 
    s3.getSignedUrl('getObject', { 
    Key: 'test.txt', 
    Expires: 60, 
    SSECustomerAlgorithm: 'AES256', 
    SSECustomerKey: '0699Exxxxxx' 
    }, (err, data) => { 
    if (err) return console.error(err.stack) 
    console.log(data) 
    }) 
}) 

問題是我得到的「祕密密鑰是針對指定的算法無效」

sails> (node:4802) DeprecationWarning: Calling an asynchronous function without callback is deprecated. 
InvalidArgument: The secret key was invalid for the specified algorithm. 
    at Request.extractError (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/services/s3.js:538:35) 
    at Request.callListeners (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:105:20) 
    at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:77:10) 
    at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:668:14) 
    at Request.transition (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:22:10) 
    at AcceptorStateMachine.runTo (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:14:12) 
    at /home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:26:10 
    at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:38:9) 
    at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:670:12) 
    at Request.callListeners (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:115:18) 
    at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:77:10) 
    at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:668:14) 
    at Request.transition (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:22:10) 
    at AcceptorStateMachine.runTo (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:14:12) 
    at /home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:26:10 
    at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:38:9) 
    at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:670:12) 
    at Request.callListeners (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:115:18) 
    at callNextListener (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:95:12) 
    at IncomingMessage.onEnd (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/event_listeners.js:211:11) 
    at emitNone (events.js:91:20) 
    at IncomingMessage.emit (events.js:185:7) 

的哪些錯誤？他們鍵入我嘗試使用產生這樣的：

➜ openssl enc -d -a -md sha1 -aes-256-cbc -nosalt -p 
enter aes-256-cbc decryption password: 
key=0699EC90A02... 
iv =433BFB13C10... 

我用key爲SSECustomerKey

Answer 1

嘗試生成密鑰這樣：

const ssecKey = Buffer.alloc(32, 'your key')

然後你可以使用它像

s3.putObject({ 
    Bucket: 'mybucket', 
    Body: 'Hello S3', 
    ACL: 'private', 
    Key: 'test.txt', 
    SSECustomerAlgorithm: 'AES256', 
    SSECustomerKey: ssecKey 
}, (err) => { 
    if (err) return console.error(err.stack) 

    s3.getSignedUrl('getObject', { 
    Key: 'test.txt', 
    Expires: 60, 
    SSECustomerAlgorithm: 'AES256', 
    SSECustomerKey: ssecKey 
    }, (err, data) => { 
    if (err) return console.error(err.stack) 

    console.log(data) 
    }) 
})