AWS服务器端加密C#

时间:2017-05-05 23:00:01

标签: c# amazon-web-services amazon-s3

您好我们正在尝试使用AWS S3上传并使用加密获取文件网址。

我们正在使用此代码上传:

  using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint))
{
var request = new PutObjectRequest
   {
        BucketName = FilePathInS3,
        Key = FileNameInS3,
        ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256,
        ServerSideEncryptionCustomerProvidedKey = base64Key //= "Is this ServerSideEncryptionKeyManagementServiceKeyId?"
    };
    using (var ms = new MemoryStream(fileByteArray))
    {
        request.InputStream = ms;
        client.PutObject(request);
    }
}

这是获得:

using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint))
{
    GetPreSignedUrlRequest request = new GetPreSignedUrlRequest
    {
        BucketName = FilePathInS3,
        Key = FileNameInS3,
        Expires = 1,
        Protocol = Protocol.HTTP,
        ServerSideEncryptionKeyManagementServiceKeyId = "KEY"
    };
    url = client.GetPreSignedURL(request);
}

当我们获取URL并尝试访问它时,我们获得了访问被拒绝的无效密钥。

有什么问题?请帮忙。

1 个答案:

答案 0 :(得分:0)

我认为为了使用AmazonS3和c#进行加密/解密,您需要设置以下PutObjectRequest和GetObjectRequest对象的权限:

  • ServerSideEncryptionCustomerMethod = AES256
  • ServerSideEncryptionCustomerProvidedKey = BASE64(秘密密钥)
  • ServerSideEncryptionCustomerProvidedKeyMD5:md5(base64(secretkey))

c#代码示例:

            var amazonS3Config = new AmazonS3Config();
            amazonS3Config.RegionEndpoint = RegionEndpoint.USEast1;// use your region endpoint
            var s3Client = new AmazonS3Client("your access key", "your secret key", amazonS3Config);
            PutObjectRequest request = new PutObjectRequest();
            request.BucketName = "your bucket name";
            request.Key = "your file key name";
            request.InputStream = File.Open(@"d:\SmallData\Doc1.pdf", FileMode.OpenOrCreate);
            // please generate your own keys 
            String CustomerKey = "qsiFY0xPeBtZn55eaT6i/bFLgpkO30QKNucYMGlbnck=";
            String CustomerKeyMD5 = "RyOu+4ghh+CgGcPryIvPdw==";

            request.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256;                
            request.ServerSideEncryptionCustomerProvidedKey = CustomerKey;
            request.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5;
            s3Client.PutObject(request); // save the file encrypted to amazonS3

从AmazonS3检索加密内容:

        GetObjectRequest getRequest = new GetObjectRequest();
        getRequest.BucketName = "your bucket name";
        getRequest.Key = "your file key name";
        getRequest.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256;
        getRequest.ServerSideEncryptionCustomerProvidedKey = CustomerKey;
        getRequest.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5;
        using (GetObjectResponse response = s3Client.GetObject(getRequest))
        {
            using (Stream test = response.ResponseStream)
            { 
                using(FileStream file = new FileStream(@"d:\SmallData\result\test.pdf", FileMode.OpenOrCreate))
                {
                    CopyStream(test, file);
                }
            }
        }

我希望这可以帮到你。 有关它的一些参考链接如下: https://sprightlysoft.com/blog/?p=209 https://security.stackexchange.com/questions/111202/aws-s3-server-side-encryption-client-provided-keys-php http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingDotNetSDK.html

相关问题
最新问题