全部文档
当前文档
最近更新时间:2025-01-03 17:15:39
KS3目前支持两种加密方式:
KS3托管密钥的服务器端加密 (SSE-S3) :由KS3服务端自动生成秘钥,KS3服务端加密使用256位高级加密标准 (AES-256)来加密您的数据。
客户提供密钥的服务器端加密 (SSE-C) :客户自己提供和管理秘钥的方式,上传文件时客户需提供秘钥,操作或下载文件时客户也需提供正确秘钥才能访问成功。
本文主要介绍KS3托管密钥的服务器端加密方式使用示例。
上传文件(PUT Object、Initiate Multipart Upload、PUT Object Copy等)需设置加密算法值为 AES256;获取文件(HEAD Object、GET Object等)无需设置加密算法,若响应结果中包含sseAlgorithm = "AES256",则表示该文件使用了服务端加密。
public void serverSideEncryptionSample() throws IOException {
// 初始化 ks3 client,详见"初始化"文档
Ks3Client ks3Client = initClient();
String bucketName = "<your-bucket>";
String objectKey = "sse-test-object";
byte[] bytes = "this is a test file".getBytes(StandardCharsets.UTF_8);
// put object,使用服务端加密
PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, objectKey, new ByteArrayInputStream(bytes));
// 设置加密算法,值为 AES256
putObjectRequest.getObjectMeta().setSseAlgorithm("AES256");
PutObjectResult putObjectResult = ks3Client.putObject(putObjectRequest);
System.out.println("algorithm: " + putObjectResult.getSseAlgorithm());
// head object,无需设置加密算法
HeadObjectRequest headObjectRequest = new HeadObjectRequest(bucketName, objectKey);
HeadObjectResult headObjectResult = ks3Client.headObject(headObjectRequest);
// 请求服务端加密的文件,响应头中包含加密算法,值为 AES256
System.out.println("algorithm: " + headObjectResult.getObjectMetadata().getSseAlgorithm());
// get object,无需设置加密算法
GetObjectRequest getObjectRequest = new GetObjectRequest(bucketName, objectKey);
GetObjectResult object = ks3Client.getObject(getObjectRequest);
AutoAbortInputStream inputStream = object.getObject().getObjectContent();
String content = IOUtils.toString(inputStream, StandardCharsets.UTF_8);
System.out.println("object content: " + content);
// 请求服务端加密的文件,响应头中包含加密算法,值为 AES256
System.out.println("algorithm: " + object.getObject().getObjectMetadata().getSseAlgorithm());
inputStream.close();
// init multipart upload
String objectKey2 = "sse-test-object-2";
InitiateMultipartUploadRequest initiateMultipartUploadRequest = new InitiateMultipartUploadRequest(bucketName, objectKey2);
// 设置加密算法,值为 AES256
initiateMultipartUploadRequest.getObjectMeta().setSseAlgorithm("AES256");
InitiateMultipartUploadResult initiateMultipartUploadResult = ks3Client.initiateMultipartUpload(initiateMultipartUploadRequest);
String uploadId = initiateMultipartUploadResult.getUploadId();
System.out.println("upload id: " + uploadId);
// 响应头中包含加密算法,值为 AES256
System.out.println("algorithm: " + initiateMultipartUploadResult.getSseAlgorithm());
// upload part,无需设置加密算法请求头
UploadPartRequest uploadPartRequest = new UploadPartRequest(bucketName, objectKey2, uploadId, 1, new ByteArrayInputStream(bytes), bytes.length);
PartETag partETag = ks3Client.uploadPart(uploadPartRequest);
// 响应头中包含加密算法,值为 AES256
System.out.println("algorithm: " + partETag.getSseAlgorithm());
// complete multipart upload,无需设置加密算法请求头
CompleteMultipartUploadRequest completeMultipartUploadRequest = new CompleteMultipartUploadRequest(bucketName, objectKey2, uploadId, Arrays.asList(partETag));
CompleteMultipartUploadResult completeMultipartUploadResult = ks3Client.completeMultipartUpload(completeMultipartUploadRequest);
// 响应头中包含加密算法,值为 AES256
System.out.println("algorithm: " + completeMultipartUploadResult.getSseAlgorithm());
// copy object
CopyObjectRequest copyObjectRequest = new CopyObjectRequest(bucketName, objectKey2 + "-copy", bucketName, objectKey2);
ObjectMetadata objectMetadata = new ObjectMetadata();
// 设置加密算法,值为 AES256
objectMetadata.setSseAlgorithm("AES256");
copyObjectRequest.setNewObjectMetadata(objectMetadata);
CopyResult copyResult = ks3Client.copyObject(copyObjectRequest);
System.out.println("copy result: " + copyResult);
}纯净模式