AWS服务器端加密C# [英] AWS Server-Side Encryption C#

查看:170
本文介绍了AWS服务器端加密C#的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

您好,我们正在尝试使用AWS S3通过Encryption上传和获取文件URL.

Hi we are trying to use AWS S3 to upload and get files URL with Encryption .

我们正在使用以下代码上传:

We are using this code to Upload:

  using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint))
{
var request = new PutObjectRequest
   {
        BucketName = FilePathInS3,
        Key = FileNameInS3,
        ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256,
        ServerSideEncryptionCustomerProvidedKey = base64Key //= "Is this ServerSideEncryptionKeyManagementServiceKeyId?"
    };
    using (var ms = new MemoryStream(fileByteArray))
    {
        request.InputStream = ms;
        client.PutObject(request);
    }
}

这就是要得到的:

using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint))
{
    GetPreSignedUrlRequest request = new GetPreSignedUrlRequest
    {
        BucketName = FilePathInS3,
        Key = FileNameInS3,
        Expires = 1,
        Protocol = Protocol.HTTP,
        ServerSideEncryptionKeyManagementServiceKeyId = "KEY"
    };
    url = client.GetPreSignedURL(request);
}

当我们获取URL并尝试访问它时,我们获得了访问被拒绝的无效密钥.

When we get the URL and try to access it, we got access denied invalid Key.

怎么了?请帮忙.

推荐答案

我认为,要使用AmazonS3和c#进行加密/解密,您需要设置PutObjectRequest和GetObjectRequest对象的以下属性:

I think In order to do encryption/deencryption with AmazonS3 and c# you need to set the following Properies of PutObjectRequest and GetObjectRequest object:

  • ServerSideEncryptionCustomerMethod = AES256
  • ServerSideEncryptionCustomerProvidedKey = base64(secretkey)
  • ServerSideEncryptionCustomerProvidedKeyMD5:md5(base64(secretkey))

使用c#的代码示例:

            var amazonS3Config = new AmazonS3Config();
            amazonS3Config.RegionEndpoint = RegionEndpoint.USEast1;// use your region endpoint
            var s3Client = new AmazonS3Client("your access key", "your secret key", amazonS3Config);
            PutObjectRequest request = new PutObjectRequest();
            request.BucketName = "your bucket name";
            request.Key = "your file key name";
            request.InputStream = File.Open(@"d:\SmallData\Doc1.pdf", FileMode.OpenOrCreate);
            // please generate your own keys 
            String CustomerKey = "qsiFY0xPeBtZn55eaT6i/bFLgpkO30QKNucYMGlbnck=";
            String CustomerKeyMD5 = "RyOu+4ghh+CgGcPryIvPdw==";

            request.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256;                
            request.ServerSideEncryptionCustomerProvidedKey = CustomerKey;
            request.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5;
            s3Client.PutObject(request); // save the file encrypted to amazonS3

从AmazonS3检索加密的内容:

to retrieve encrypted content from AmazonS3:

        GetObjectRequest getRequest = new GetObjectRequest();
        getRequest.BucketName = "your bucket name";
        getRequest.Key = "your file key name";
        getRequest.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256;
        getRequest.ServerSideEncryptionCustomerProvidedKey = CustomerKey;
        getRequest.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5;
        using (GetObjectResponse response = s3Client.GetObject(getRequest))
        {
            using (Stream test = response.ResponseStream)
            { 
                using(FileStream file = new FileStream(@"d:\SmallData\result\test.pdf", FileMode.OpenOrCreate))
                {
                    CopyStream(test, file);
                }
            }
        }

我希望这可以为您提供帮助. 一些有关它的参考链接如下: https://sprightlysoft.com/blog/?p=209 https://security.stackexchange.com/questions/111202/aws-s3-server-side-encryption-client-provided-keys-php http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingDotNetSDK.html

I hope this can help you. some reference links about it are the following: https://sprightlysoft.com/blog/?p=209 https://security.stackexchange.com/questions/111202/aws-s3-server-side-encryption-client-provided-keys-php http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingDotNetSDK.html

这篇关于AWS服务器端加密C#的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
C#/.NET最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆