如何在NodeJS上使用S3 SSE C(带有客户端提供的密钥的服务器端加密)

时间:2016-11-29 15:15:17

标签: node.js amazon-web-services encryption amazon-s3

如何在NodeJS上使用SSE C加密?我试过以下但是出错了

s3.putObject({
  Bucket: 'mybucket',
  Body: 'Hello S3',
  ACL: 'private',
  Key: 'test.txt',
  SSECustomerAlgorithm: 'AES256',
  SSECustomerKey: '0699Exxxxxx'
}, (err) => {
  if (err) return console.error(err.stack)
  s3.getSignedUrl('getObject', {
    Key: 'test.txt',
    Expires: 60,
    SSECustomerAlgorithm: 'AES256',
    SSECustomerKey: '0699Exxxxxx'
  }, (err, data) => {
    if (err) return console.error(err.stack)
    console.log(data)
  })
})

问题是我得到“密钥对于指定的算法无效”

sails> (node:4802) DeprecationWarning: Calling an asynchronous function without callback is deprecated.
InvalidArgument: The secret key was invalid for the specified algorithm.
    at Request.extractError (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/services/s3.js:538:35)
    at Request.callListeners (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
    at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
    at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:668:14)
    at Request.transition (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:670:12)
    at Request.callListeners (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
    at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
    at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:668:14)
    at Request.transition (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:670:12)
    at Request.callListeners (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
    at callNextListener (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:95:12)
    at IncomingMessage.onEnd (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/event_listeners.js:211:11)
    at emitNone (events.js:91:20)
    at IncomingMessage.emit (events.js:185:7)

什么错了?我尝试使用的密钥生成如下:

➜  openssl enc -d -a -md sha1 -aes-256-cbc -nosalt -p
enter aes-256-cbc decryption password:
key=0699EC90A02...
iv =433BFB13C10...

我将key用于SSECustomerKey

1 个答案:

答案 0 :(得分:4)

尝试以这种方式生成密钥:

const ssecKey = Buffer.alloc(32, 'your key')

然后你可以像

一样使用它 
s3.putObject({
  Bucket: 'mybucket',
  Body: 'Hello S3',
  ACL: 'private',
  Key: 'test.txt',
  SSECustomerAlgorithm: 'AES256',
  SSECustomerKey: ssecKey
}, (err) => {
  if (err) return console.error(err.stack)

  s3.getSignedUrl('getObject', {
    Key: 'test.txt',
    Expires: 60,
    SSECustomerAlgorithm: 'AES256',
    SSECustomerKey: ssecKey
  }, (err, data) => {
    if (err) return console.error(err.stack)

    console.log(data)
  })
})
相关问题
最新问题