我尝试使用服务器端加密来加密和解密文件。我正在使用Amazon Aws Sdk和Java。我想用客户提供的加密密钥进行服务器端加密。
我遵循本指南: http://docs.aws.amazon.com/AmazonS3/latest/dev/sse-c-using-java-sdk.html
我收到此错误:
The request signature we calculated does not match the signature you provided. Check your key and signing method
此操作有两种方法:encryptAndUpload()和decryptAndDownload()。
这是我的encryptAndUpload()方法。我使用的是签名版本4.我认为这种方法很好用。
public void encryptAndUpload(byte[] salt, char[] password, InputStream stream, String key, String bucket){
SecretKey secretKey = deriveKey(password, salt);
SSECustomerKey sseCustomerKey = new SSECustomerKey(secretKey);
ClientConfiguration clientConfiguration = new ClientConfiguration().withSignerOverride("AWSS3V4SignerType");
AWSCredentials awsCredentials = new PropertiesCredentials(AmazonS3Uploader.class.getResourceAsStream("AwsCredentials.properties"));
AmazonS3 amazonS3EncryptionClient = new AmazonS3Client(awsCredentials, clientConfiguration);
amazonS3EncryptionClient.setRegion(Region.getRegion(Regions.EU_WEST_1));
PutObjectRequest putObjectRequest = new PutObjectRequest(bucket, key, stream, new ObjectMetadata()).withSSECustomerKey(sseCustomerKey);
PutObjectResult response = amazonS3EncryptionClient.putObject(putObjectRequest);
}
这是我的decryptAndDownload()方法。如您所见,创建键和amazonS3部件是完全相同的。
public URL decryptAndDownload(byte[] salt, char[] password, String key, String bucket) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException{
SecretKey secretKey = deriveKey(password, salt);
SSECustomerKey sseCustomerKey = new SSECustomerKey(secretKey);
ClientConfiguration clientConfiguration = new ClientConfiguration().withSignerOverride("AWSS3V4SignerType");
AWSCredentials awsCredentials = new PropertiesCredentials(AmazonS3Uploader.class.getResourceAsStream("AwsCredentials.properties"));
AmazonS3 amazonS3EncryptionClient = new AmazonS3Client(awsCredentials, clientConfiguration);
amazonS3EncryptionClient.setRegion(Region.getRegion(Regions.EU_WEST_1));
GetObjectRequest getObjectRequest = new GetObjectRequest(bucket, key).withSSECustomerKey(sseCustomerKey);
S3Object s3Object = amazonS3EncryptionClient.getObject(getObjectRequest);
GeneratePresignedUrlRequest generatePresignedUrlRequest = new GeneratePresignedUrlRequest(s3Object.getBucketName(), s3Object.getKey(), HttpMethod.GET).withSSECustomerKey(sseCustomerKey);
URL url = amazonS3EncryptionClient.generatePresignedUrl(generatePresignedUrlRequest);
return url;
}
现在,我想创建generatePresignedUrlRequest是个问题。但我不知道如何解决它。我感谢任何帮助。我可以添加deriveKey方法,但我认为我的参数和deriveKey方法是正确的。
修改:为清晰起见,我添加了deriveKey方法:
private SecretKey deriveKey(char[] password, byte[] salt) throws InvalidKeySpecException, NoSuchAlgorithmException {
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
KeySpec keySpec = new PBEKeySpec(password, salt, 65536, 256);
SecretKey tempSecretKey = secretKeyFactory.generateSecret(keySpec);
SecretKey secretKey = new SecretKeySpec(tempSecretKey.getEncoded(), "AES");
return secretKey;
}