这可能是C ++ AWS开发工具包的错误。我可以从存储桶中上传,列出和下载项目,一切正常。我还可以使用加密客户端上传,列出列表,并使用普通客户端下载。此时,文件自然会被加密...但是,如果我尝试使用加密客户端列出并下载文件,则表明没有这样的密钥!
std::vector<std::string> files = GetList(); // uses s3 list object
Aws::Client::ClientConfiguration config;
config.region = '{region}'
const size_t keyLen = keyFile->GetKeyLength();
const auto key = std::string(keyFile->GetKey(), keyLen);
char to_uchar[keyLen];
std::copy(key.begin(), key.end(), to_uchar);
to_uchar[keyLen] = 0;
// AES256
auto encryption = Aws::MakeShared<Aws::S3Encryption::Materials::SimpleEncryptionMaterials>(to_uchar, keyLen);
#ifdef UNDER_MACOS
CryptoConfiguration cryptoConfiguration(StorageMethod::METADATA, CryptoMode::ENCRYPTION_ONLY);
#else
CryptoConfiguration cryptoConfiguration(StorageMethod::METADATA, CryptoMode::STRICT_AUTHENTICATED_ENCRYPTION);
#endif
//Aws::S3::S3Client s3(config); // <--- this works!
Aws::S3Encryption::S3EncryptionClient s3(encryption, cryptoConfiguration, config); // <-- this doesn't work!
for(auto key : files) {
Aws::S3::Model::GetObjectRequest req;
req.WithBucket("{BUCKET}");
req.WithKey(key.c_str());
auto res = s3.GetObject(req);
if(res.IsSuccess()) {
Aws::OFStream local_file;
std::string loc = "outputdir/"+key;
local_file.open(loc.c_str(), std::ios::out | std::ios::binary);
local_file << res.GetResult().GetBody().rdbuf();
} else {
std::cout << "S3 get `" + key + "` request failed with error (" << res.GetError().GetExceptionName() << "): \"" << res.GetError().GetMessage() << "\"" << std::endl;
}
}
同样,使用常规S3客户端也可以。使用S3EncryptionClient,这是我对每个文件的输出:
S3 get `fake_file_XYZ` request failed with error (NoSuchKey): "The specified key does not exist."
但是我的aws CLI证明确实如此!