全部文档
当前文档

暂无内容

如果没有找到您期望的内容,请尝试其他搜索词

文档中心

客户端加密(Java)

最近更新时间:2023-09-12 10:38:26

SDK客户端加密指的是:客户使用SDK在上传或下载文件时进行的加密或解密操作,与KS3 API描述的客户提供密钥的服务器端加密 (SSE-C)不同,请勿混淆。

环境配置(以JDK7示例)

初始化主密钥

使用对称主密钥

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.junit.Assert;

public class GenerateSymmetricMasterKey {
    private static final String keyDir = System.getProperty("java.io.tmpdir");
    private static final String keyName = "secret.key";

    public static void main(String[] args) throws Exception {
        //Generate symmetric 256 bit AES key.
        KeyGenerator symKeyGenerator = KeyGenerator.getInstance("AES");
        symKeyGenerator.init(256);
        SecretKey symKey = symKeyGenerator.generateKey();

        //Save key.
        saveSymmetricKey(keyDir, symKey);

        //Load key.
        SecretKey symKeyLoaded = loadSymmetricAESKey(keyDir, "AES");
        Assert.assertTrue(Arrays.equals(symKey.getEncoded(), symKeyLoaded.getEncoded()));
    }

    public static void saveSymmetricKey(String path, SecretKey secretKey)
    throws IOException {
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(
        secretKey.getEncoded());
        FileOutputStream keyfos = new FileOutputStream(path + "/" + keyName);
        keyfos.write(x509EncodedKeySpec.getEncoded());
        keyfos.close();
    }

    public static SecretKey loadSymmetricAESKey(String path, String algorithm)
    throws IOException,
    NoSuchAlgorithmException,
    InvalidKeySpecException,
    InvalidKeyException {
        //Read private key from file.
        File keyFile = new File(path + "/" + keyName);
        FileInputStream keyfis = new FileInputStream(keyFile);
        byte[] encodedPrivateKey = new byte[(int) keyFile.length()];
        keyfis.read(encodedPrivateKey);
        keyfis.close();

        //Generate secret key.
        return new SecretKeySpec(encodedPrivateKey, "AES");
    }
}

使用非对称主密钥

import static org.junit.Assert.assertTrue;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;

public class GenerateAsymmetricMasterKey {
    private static final String keyDir = System.getProperty("java.io.tmpdir");
    private static final SecureRandom srand = new SecureRandom();

    public static void main(String[] args) throws Exception {
        // Generate RSA key pair of 1024 bits
        KeyPair keypair = genKeyPair("RSA", 1024);

        // Save to file system
        saveKeyPair(keyDir, keypair);

        // Loads from file system
        KeyPair loaded = loadKeyPair(keyDir, "RSA");

        // Sanity check
        assertTrue(Arrays.equals(keypair.getPublic().getEncoded(), loaded
        .getPublic().getEncoded()));

        assertTrue(Arrays.equals(keypair.getPrivate().getEncoded(), loaded
        .getPrivate().getEncoded()));
    }

    public static KeyPair genKeyPair(String algorithm, int bitLength)
    throws NoSuchAlgorithmException {
        KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance(algorithm);
        keyGenerator.initialize(1024, srand);
        return keyGenerator.generateKeyPair();
    }

    public static void saveKeyPair(String dir, KeyPair keyPair)
    throws IOException {
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();

        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(
        publicKey.getEncoded());
        FileOutputStream fos = new FileOutputStream(dir + "/public.key");
        fos.write(x509EncodedKeySpec.getEncoded());
        fos.close();

        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(
        privateKey.getEncoded());
        fos = new FileOutputStream(dir + "/private.key");
        fos.write(pkcs8EncodedKeySpec.getEncoded());
        fos.close();
    }

    public static KeyPair loadKeyPair(String path, String algorithm)
    throws IOException,
    NoSuchAlgorithmException,

    InvalidKeySpecException {
        // read public key from file
        File filePublicKey = new File(path + "/public.key");
        FileInputStream fis = new FileInputStream(filePublicKey);
        byte[] encodedPublicKey = new byte[(int) filePublicKey.length()];
        fis.read(encodedPublicKey);
        fis.close();

        // read private key from file
        File filePrivateKey = new File(path + "/private.key");
        fis = new FileInputStream(filePrivateKey);
        byte[] encodedPrivateKey = new byte[(int) filePrivateKey.length()];
        fis.read(encodedPrivateKey);
        fis.close();

        // Convert them into KeyPair
        KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(
        encodedPublicKey);
        PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
        PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(
        encodedPrivateKey);
        PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
        return new KeyPair(publicKey, privateKey);
    }
}

初始化客户端

SecretKey symKey = ??//主密钥	
EncryptionMaterials keyMaterials = new EncryptionMaterials(symKey);	
Ks3  client = new Ks3EncryptionClient("<accesskeyid>","<accesskeysecret>",keyMaterials);

注意事项

  • 上传上去的文件是经过加密的。

  • 下载文件只能通过该客户端getObject方法下载,用其他方法下载下来的文件是经过加密的。

  • 分块上传时必须依次上传每一块。当上传最后一块时必须通过request.setLastPart指定最后一块。上传顺序不能错乱,不能使用多线程分块上传。

  • 请妥善保管自己的主密钥,如果主密钥丢失,将无法解密数据。

  • 涉及重定向的请求,需要传输的数据流小于128k。

文档导读
纯净模式常规模式

纯净模式

点击可全屏预览文档内容
文档反馈