AWS Server-seitige Verschlüsselung C#

Question

Hallo, wir versuchen, AWS S3 zu verwenden, um URLs mit Verschlüsselung hochzuladen und zu erhalten.

Wir diesen Code verwenden, um hochladen:

using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint)) 
{ 
var request = new PutObjectRequest 
    { 
     BucketName = FilePathInS3, 
     Key = FileNameInS3, 
     ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256, 
     ServerSideEncryptionCustomerProvidedKey = base64Key //= "Is this ServerSideEncryptionKeyManagementServiceKeyId?" 
    }; 
    using (var ms = new MemoryStream(fileByteArray)) 
    { 
     request.InputStream = ms; 
     client.PutObject(request); 
    } 
} 

Und dies zu erhalten:

using (var client = GetS3ClientConnection(AccessKey, SecretKey, RegionEndpoint)) 
{ 
    GetPreSignedUrlRequest request = new GetPreSignedUrlRequest 
    { 
     BucketName = FilePathInS3, 
     Key = FileNameInS3, 
     Expires = 1, 
     Protocol = Protocol.HTTP, 
     ServerSideEncryptionKeyManagementServiceKeyId = "KEY" 
    }; 
    url = client.GetPreSignedURL(request); 
} 

Wenn wir die URL bekommen und versuchen, darauf zuzugreifen, wir hatten ungültigen Key Zugriff verweigert.

Was ist los ?, bitte helfen.

Answer 1

denke ich, Um die Verschlüsselungs-/deencryption mit AmazonS3 und C# Sie folgende properies von PutObjectRequest und GetObjectRequest Objekt festlegen müssen zu tun:

• ServerSideEncryptionCustomerMethod = AES256
• ServerSideEncryptionCustomerProvidedKey = base64 (SecretKey)
• ServerSideEncryptionCustomerProvidedKeyMD5: md5 (base64 (SecretKey))

Code-Beispiel mit C#:

  var amazonS3Config = new AmazonS3Config(); 
      amazonS3Config.RegionEndpoint = RegionEndpoint.USEast1;// use your region endpoint 
      var s3Client = new AmazonS3Client("your access key", "your secret key", amazonS3Config); 
      PutObjectRequest request = new PutObjectRequest(); 
      request.BucketName = "your bucket name"; 
      request.Key = "your file key name"; 
      request.InputStream = File.Open(@"d:\SmallData\Doc1.pdf", FileMode.OpenOrCreate); 
      // please generate your own keys 
      String CustomerKey = "qsiFY0xPeBtZn55eaT6i/bFLgpkO30QKNucYMGlbnck="; 
      String CustomerKeyMD5 = "RyOu+4ghh+CgGcPryIvPdw=="; 

      request.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256;     
      request.ServerSideEncryptionCustomerProvidedKey = CustomerKey; 
      request.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5; 
      s3Client.PutObject(request); // save the file encrypted to amazonS3 

verschlüsselten Inhalt aus AmazonS3 abzurufen:

 GetObjectRequest getRequest = new GetObjectRequest(); 
     getRequest.BucketName = "your bucket name"; 
     getRequest.Key = "your file key name"; 
     getRequest.ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256; 
     getRequest.ServerSideEncryptionCustomerProvidedKey = CustomerKey; 
     getRequest.ServerSideEncryptionCustomerProvidedKeyMD5 = CustomerKeyMD5; 
     using (GetObjectResponse response = s3Client.GetObject(getRequest)) 
     { 
      using (Stream test = response.ResponseStream) 
      { 
       using(FileStream file = new FileStream(@"d:\SmallData\result\test.pdf", FileMode.OpenOrCreate)) 
       { 
        CopyStream(test, file); 
       } 
      } 
     } 

Ich hoffe, das Ihnen helfen kann. einige Referenz Links davon sind die folgenden: https://sprightlysoft.com/blog/?p=209 https://security.stackexchange.com/questions/111202/aws-s3-server-side-encryption-client-provided-keys-php http://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingDotNetSDK.html