AWS服务器端加密C# [英] AWS Server-Side Encryption C#
问题描述
您好,我们正在尝试使用AWS S3通过Encryption上传和获取文件URL.
Hi we are trying to use AWS S3 to upload and get files URL with Encryption .
我们正在使用以下代码上传:
We are using this code to Upload:
using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint))
{
var request = new PutObjectRequest
{
BucketName = FilePathInS3,
Key = FileNameInS3,
ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256,
ServerSideEncryptionCustomerProvidedKey = base64Key //= "Is this ServerSideEncryptionKeyManagementServiceKeyId?"
};
using (var ms = new MemoryStream(fileByteArray))
{
request.InputStream = ms;
client.PutObject(request);
}
}
这就是要得到的:
using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint))
{
GetPreSignedUrlRequest request = new GetPreSignedUrlRequest
{
BucketName = FilePathInS3,
Key = FileNameInS3,
Expires = 1,
Protocol = Protocol.HTTP,
ServerSideEncryptionKeyManagementServiceKeyId = "KEY"
};
url = client.GetPreSignedURL(request);
}
当我们获取URL并尝试访问它时,我们获得了访问被拒绝的无效密钥.
When we get the URL and try to access it, we got access denied invalid Key.
怎么了?请帮忙.
推荐答案
我认为,要使用AmazonS3和c#进行加密/解密,您需要设置PutObjectRequest和GetObjectRequest对象的以下属性:
I think In order to do encryption/deencryption with AmazonS3 and c# you need to set the following Properies of PutObjectRequest and GetObjectRequest object:
- ServerSideEncryptionCustomerMethod = AES256
- ServerSideEncryptionCustomerProvidedKey = base64(secretkey)
- ServerSideEncryptionCustomerProvidedKeyMD5:md5(base64(secretkey))
使用c#的代码示例:
var amazonS3Config = new AmazonS3Config();
amazonS3Config.RegionEndpoint = RegionEndpoint.USEast1;// use your region endpoint
var s3Client = new AmazonS3Client("your access key", "your secret key", amazonS3Config);
PutObjectRequest request = new PutObjectRequest();
request.BucketName = "your bucket name";
request.Key = "your file key name";
request.InputStream = File.Open(@"d:\SmallData\Doc1.pdf", FileMode.OpenOrCreate);
// please generate your own keys
String CustomerKey = "qsiFY0xPeBtZn55eaT6i/bFLgpkO30QKNucYMGlbnck=";
String CustomerKeyMD5 = "RyOu+4ghh+CgGcPryIvPdw==";
request.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256;
request.ServerSideEncryptionCustomerProvidedKey = CustomerKey;
request.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5;
s3Client.PutObject(request); // save the file encrypted to amazonS3
从AmazonS3检索加密的内容:
to retrieve encrypted content from AmazonS3:
GetObjectRequest getRequest = new GetObjectRequest();
getRequest.BucketName = "your bucket name";
getRequest.Key = "your file key name";
getRequest.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256;
getRequest.ServerSideEncryptionCustomerProvidedKey = CustomerKey;
getRequest.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5;
using (GetObjectResponse response = s3Client.GetObject(getRequest))
{
using (Stream test = response.ResponseStream)
{
using(FileStream file = new FileStream(@"d:\SmallData\result\test.pdf", FileMode.OpenOrCreate))
{
CopyStream(test, file);
}
}
}
我希望这可以为您提供帮助. 一些有关它的参考链接如下: https://sprightlysoft.com/blog/?p=209 https://security.stackexchange.com/questions/111202/aws-s3-server-side-encryption-client-provided-keys-php http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingDotNetSDK.html
I hope this can help you. some reference links about it are the following: https://sprightlysoft.com/blog/?p=209 https://security.stackexchange.com/questions/111202/aws-s3-server-side-encryption-client-provided-keys-php http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingDotNetSDK.html
这篇关于AWS服务器端加密C#的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!