嗨,我们正在尝试使用AWS S3在加密上上传和获取文件URL。
我们正在使用此代码上传:
using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint))
{
var request = new PutObjectRequest
{
BucketName = FilePathInS3,
Key = FileNameInS3,
ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256,
ServerSideEncryptionCustomerProvidedKey = base64Key //= "Is this ServerSideEncryptionKeyManagementServiceKeyId?"
};
using (var ms = new MemoryStream(fileByteArray))
{
request.InputStream = ms;
client.PutObject(request);
}
}
,这要得到:
using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint))
{
GetPreSignedUrlRequest request = new GetPreSignedUrlRequest
{
BucketName = FilePathInS3,
Key = FileNameInS3,
Expires = 1,
Protocol = Protocol.HTTP,
ServerSideEncryptionKeyManagementServiceKeyId = "KEY"
};
url = client.GetPreSignedURL(request);
}
当我们获取URL并尝试访问它时,我们获得了访问拒绝的键。
怎么了?,请帮助。
我认为,要使用Amazons3和C#进行加密/DeCryption,您需要设置PutoBjectRequest和GetObjectRequest对象的以下适用率:
- serversIdeEncryptionCustomMerthod = aes256
- serversIdeEncryptionCustomerProvidekykey = base64(secretkey(
- serversIdeConcryptionCustomerProvidedKeymd5:md5(base64(secretkey((
c#的代码示例:
var amazonS3Config = new AmazonS3Config();
amazonS3Config.RegionEndpoint = RegionEndpoint.USEast1;// use your region endpoint
var s3Client = new AmazonS3Client("your access key", "your secret key", amazonS3Config);
PutObjectRequest request = new PutObjectRequest();
request.BucketName = "your bucket name";
request.Key = "your file key name";
request.InputStream = File.Open(@"d:SmallDataDoc1.pdf", FileMode.OpenOrCreate);
// please generate your own keys
String CustomerKey = "qsiFY0xPeBtZn55eaT6i/bFLgpkO30QKNucYMGlbnck=";
String CustomerKeyMD5 = "RyOu+4ghh+CgGcPryIvPdw==";
request.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256;
request.ServerSideEncryptionCustomerProvidedKey = CustomerKey;
request.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5;
s3Client.PutObject(request); // save the file encrypted to amazonS3
从Amazons检索加密内容3:
GetObjectRequest getRequest = new GetObjectRequest();
getRequest.BucketName = "your bucket name";
getRequest.Key = "your file key name";
getRequest.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256;
getRequest.ServerSideEncryptionCustomerProvidedKey = CustomerKey;
getRequest.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5;
using (GetObjectResponse response = s3Client.GetObject(getRequest))
{
using (Stream test = response.ResponseStream)
{
using(FileStream file = new FileStream(@"d:SmallDataresulttest.pdf", FileMode.OpenOrCreate))
{
CopyStream(test, file);
}
}
}
我希望这可以帮助您。有关它的一些参考链接如下:https://sprightlysoft.com/blog/?p=209https://security.stackexchange.com/questions/111202/aws-s3-server-side-side-client-client-provided-keys-phphttp://docs.aws.amazon.com/amazons3/latest/dev/sseustingdotnetsdk.html