1. 首頁
  2. 問答
  3. AWS服務器端加密C#

AWS服務器端加密C#

2017-05-05 60 views
1

嗨,我們正在嘗試使用AWS S3上傳並使用加密獲取文件URL。AWS服務器端加密C#

我們正在使用此代碼上傳:

using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint)) 
{ 
var request = new PutObjectRequest 
    { 
     BucketName = FilePathInS3, 
     Key = FileNameInS3, 
     ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256, 
     ServerSideEncryptionCustomerProvidedKey = base64Key //= "Is this ServerSideEncryptionKeyManagementServiceKeyId?" 
    }; 
    using (var ms = new MemoryStream(fileByteArray)) 
    { 
     request.InputStream = ms; 
     client.PutObject(request); 
    } 
}

而這款以獲取:

using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint)) 
{ 
    GetPreSignedUrlRequest request = new GetPreSignedUrlRequest 
    { 
     BucketName = FilePathInS3, 
     Key = FileNameInS3, 
     Expires = 1, 
     Protocol = Protocol.HTTP, 
     ServerSideEncryptionKeyManagementServiceKeyId = "KEY" 
    }; 
    url = client.GetPreSignedURL(request); 
}

當我們得到的URL和嘗試訪問它,我們得到了拒絕訪問密鑰無效。

有什麼不對?請幫忙。

來源

2017-05-05 user1981120

回答

0

我認爲,爲了做到加密/ deencryption與AmazonS3和c#你需要設置PutObjectRequest以下性的判定和GetObjectRequest對象:

  • ServerSideEncryptionCustomerMethod = AES256
  • ServerSideEncryptionCustomerProvidedKey =的base64(祕密密鑰)
  • ServerSideEncryptionCustomerProvidedKeyMD5:md5(base64(secretkey))

c#代碼示例:

  var amazonS3Config = new AmazonS3Config(); 
      amazonS3Config.RegionEndpoint = RegionEndpoint.USEast1;// use your region endpoint 
      var s3Client = new AmazonS3Client("your access key", "your secret key", amazonS3Config); 
      PutObjectRequest request = new PutObjectRequest(); 
      request.BucketName = "your bucket name"; 
      request.Key = "your file key name"; 
      request.InputStream = File.Open(@"d:\SmallData\Doc1.pdf", FileMode.OpenOrCreate); 
      // please generate your own keys 
      String CustomerKey = "qsiFY0xPeBtZn55eaT6i/bFLgpkO30QKNucYMGlbnck="; 
      String CustomerKeyMD5 = "RyOu+4ghh+CgGcPryIvPdw=="; 

      request.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256;     
      request.ServerSideEncryptionCustomerProvidedKey = CustomerKey; 
      request.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5; 
      s3Client.PutObject(request); // save the file encrypted to amazonS3

從AmazonS3檢索加密內容:

 GetObjectRequest getRequest = new GetObjectRequest(); 
     getRequest.BucketName = "your bucket name"; 
     getRequest.Key = "your file key name"; 
     getRequest.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256; 
     getRequest.ServerSideEncryptionCustomerProvidedKey = CustomerKey; 
     getRequest.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5; 
     using (GetObjectResponse response = s3Client.GetObject(getRequest)) 
     { 
      using (Stream test = response.ResponseStream) 
      { 
       using(FileStream file = new FileStream(@"d:\SmallData\result\test.pdf", FileMode.OpenOrCreate)) 
       { 
        CopyStream(test, file); 
       } 
      } 
     }

我希望這可以幫助你。 關於它的一些參考鏈接如下: https://sprightlysoft.com/blog/?p=209 https://security.stackexchange.com/questions/111202/aws-s3-server-side-encryption-client-provided-keys-php http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingDotNetSDK.html

來源

2017-05-16 02:43:59

相關問題

 相關問題