我有一个S3存储桶,已使用自定义KMS密钥为其启用了默认加密。我正在尝试使用相同的KMS密钥(与默认加密相同)使用客户端加密将数据发布到该S3存储桶,并保持数据完整性,我使用了CryptoMode.AuthenticatedEncryption。数据将上传到S3存储桶,但在下载文件后,它将打开带有乱码的数据。我使用的示例代码如下。
val credentials = new BasicAWSCredentials(S3Contstants.S3_ACCESS_KEY, S3Contstants.S3_SECRET_KEY)
val materialProvider = new KMSEncryptionMaterialsProvider(S3Contstants.KMS_CMK_ID)
val encryptionClient = AmazonS3EncryptionClientBuilder.standard()
.withEncryptionMaterials(materialProvider)
.withCryptoConfiguration(new CryptoConfiguration()
.withCryptoMode(CryptoMode.AuthenticatedEncryption)
.withAwsKmsRegion(Region.getRegion(Regions.US_EAST_2)))
.withCredentials(new AWSStaticCredentialsProvider(credentials))
.withRegion(Regions.US_EAST_2)
.build()
val byteArrayOutputStream = new ByteArrayOutputStream()
workbook.write(byteArrayOutputStream)
byteArrayOutputStream.close()
val bi = new ByteArrayInputStream(byteArrayOutputStream.toByteArray)
val objectMetaData = new ObjectMetadata()
objectMetaData.setContentType(S3Contstants.S3_CONTENT_TYPE)
objectMetaData.setContentLength(byteArrayOutputStream.toByteArray.length)
objectMetaData.setSSEAlgorithm(S3Contstants.KMS_ENCRYPTION_ALGO)
encryptionClient.putObject(new PutObjectRequest(
bucketPrefix + orgId + S3Contstants.BUCKET_SUFFIX,
S3Contstants.FILE_PREFIX + Calendar.getInstance().getTime() + S3Contstants.FILE_SUFFIX,
bi,
objectMetaData)