C#学习教程:未使用.netS3进行客户端加密但是当我用S3浏览器检查它时它只显示服务器端加密,我做错了什么?我正在使用亚马逊的加密密钥服务,用户拥有使用这些密钥进行加密的完全权限。谢谢!静态字符串bucketName="mybucket";静态EncryptionMaterialsencryptionMaterials=newEncryptionMaterials(RSA.Create());静态AmazonS3EncryptionClient客户端=newAmazonS3EncryptionClient(Amazon.RegionEndpoint.USWest2,encryptionMaterials);client){try{PutObjectRequestputRequest1=newPutObjectRequest{BucketName=bucketName,FilePath=@"C:abcdef.pdf",Key="def.pdf",ServerSideEncryptionMethod=ServerSideEncryptionMethod.AWSKMS};client.PutObject(putRequest1);一个月前我遇到了同样的问题,但通过引入SymmetricAlgorithm和ICryptoTransform实现来支持KMS解决了这个问题。他们使用KMS服务和指定的CMK对信封密钥进行透明加密和解密。公共类KMSAlgorithm:SymmetricAlgorithm{privateIAmazonKeyManagementService_client;私有字符串_keyId;publicKMSAlgorithm(IAmazonKeyManagementServiceclient){this._client=client;}publicKMSAlgorithm(IAmazonKeyManagementServiceclient,stringkeyId):this(client){this._keyId=keyId;}publicoverrideICryptoTransformCreateDecryptor(){返回新的KMSCryptoTransform.Decryptor(_client);}publicoverrideICryptoTransformCreateDecryptor(byte[]rgbKey,byte[]rgbIV){thrownewNotImplementedException();}publicoverrideICryptoTransformCreateEncryptor(){返回新的KMSCryptoTransform.Encryptor(_client,_keyId);}publicoverrideICryptoTransformCreateEncryptor(byte[]rgbKey,byte[]rgbIV){thrownewNotImplementedException();}publicoverridevoidGenerateIV(){thrownewNotImplementedException();}publicoverridevoidGenerateKey(){thrownewNotImplementedException();}}公共抽象类KMSCryptoTransfor米:ICryptoTransform{受保护的IAmazonKeyManagementService_client;受保护的字符串_keyId;publicKMSCryptoTransform(IAmazonKeyManagementServiceclient){this._client=client;}publicKMSCryptoTransform(IAmazonKeyManagementServiceclient,stringkeyId):this(client){this._keyId=keyId;}publicboolCanReuseTransform{get{returntrue;}}publicboolCanTransformMultipleBlocks{get{returnfalse;}}publicintInputBlockSize{get{thrownewNotImplementedException();}}publicintOutputBlockSize{get{thrownewNotImplementedException();}}publicintTransformBlock(byte[]inputBuffer,intinputOffset,intinputCount,byte[]outputBuffer,intoutputOffset){thrownewNotImplementedException();}publicabstractbyte[]TransformFinalBlock(byte[]inputBuffer,intinputOffset,intinputCount);publicvoidDispose(){}publicclassDecryptor:KMSCryptoTransform{publicDecryptor(IAmazonKeyManagementServiceclient):base(cclient){}publicoverridebyte[]TransformFinalBlock(byte[]inputBuffer,intinputOffset,intinputCount){return_client.Decrypt(newDecryptRequest(){CiphertextBlob=newMemoryStream(inputBuffer,inputOffset,inputCount))}).明文ToArray();}}publicclassEncryptor:KMSCryptoTransform{publicEncryptor(IAamazonKeyManagementServiceclient,stringkeyId):base(client,keyId){}publicoverridebyte[]TransformFinalBlock(byte[]inputBuffer,intinputOffset,intinputCount){返回_client.Encrypt(newEncryptRequest(){KeyId=_keyId,Plaintext=MemoryStream(inputBuffer,inputOffset,inputCount))}).CiphertextBlob.ToArray();在EncryptionMaterials构造函数()中使用此KMSAlgorithm而不是Aes.Create,后者又在AmazonS3EncryptionClient构造函数中使用,如下所示varclient=AWSClientFactory.CreateAmazonKeyManagementServiceClient();使用(varalgorithm=newKMSAlgorithm(client,"CustomerMasterKeyIdOrAlias")){varmaterials=newEncryptionMaterials(algorithm);){BucketName="YourBucketName",Key="YourKeyName",InputStream=newMemoryStream(Encoding.Default.GetBytes("SecretMessage")),});}使用(varalgorithm=newKMSAlgorithm(client)){varmaterials=newEncryptionMaterials(algorithm);vars3client=newAmazonS3EncryptionClient(材料);varobj=s3client.GetObject(newGetObjectRequest(){BucketName="YourBucketName",Key="YourKeyName"});请注意,不需要显式指定CMKid或别名来解密信封密钥,只加密信封密钥。这个答案也发布在AmazonWebServicesDeveloperForum中。以上是C#学习教程:我没有使用.netS3获取客户端加密分享的所有内容。如果对你有用,需要进一步了解C#学习教程,希望大家多多关注。本文收集自网络,不代表立场。如涉及侵权,请点击右侧联系管理员删除。如需转载请注明出处:
