全部文档
当前文档

暂无内容

如果没有找到您期望的内容,请尝试其他搜索词

文档中心

客户提供加密密钥的服务器端加密(Java)

最近更新时间:2025-01-03 17:16:18

KS3目前支持两种方式管理加密密钥:

  • 使用KS3托管密钥的服务器端加密 (SSE-S3) :由KS3服务端自动生成秘钥,KS3服务端加密使用256位高级加密标准 (AES-256)来加密您的数据。

  • 使用客户提供密钥的服务器端加密 (SSE-C) :客户自己提供和管理秘钥的方式,上传文件时客户需提供秘钥,操作或下载文件时客户也需提供正确秘钥才能访问成功。

本文主要介绍客户提供密钥的服务器端加密 (SSE-C) 使用示例。

请妥善保管自己的秘钥,如果密钥丢失,将无法解密数据。

上传文件及获取文件时均需设置加密密钥,密钥长度要求为 16/24/32。

public void serverSideEncryptionWithCustomerKeySample() throws IOException {
        // 初始化 ks3 client,详见"初始化"文档
        Ks3Client ks3Client = initClient();
        String bucketName = "<your-bucket>";
        String objectKey = "sse-test-object-with-customer-key";

        // 初始化密钥,密钥长度为 16/24/32
        String sseCustomerKeyStr = "<your-encryption-key>";
        SSECustomerKey sseCustomerKey = new SSECustomerKey(sseCustomerKeyStr.getBytes(StandardCharsets.UTF_8));

        byte[] bytes = "this is a test file".getBytes(StandardCharsets.UTF_8);
        PutObjectRequest putObjectRequest = new PutObjectRequest(bucketName, objectKey, new ByteArrayInputStream(bytes));
        // 设置加密密钥
        putObjectRequest.setSseCustomerKey(sseCustomerKey);
        PutObjectResult putObjectResult = ks3Client.putObject(putObjectRequest);
        System.out.println(putObjectResult);
        System.out.println("customer algorithm: " + putObjectResult.getSseCustomerAlgorithm());
        System.out.println("customer key md5: " + putObjectResult.getSseCustomerKeyMD5());

        // head object
        HeadObjectRequest headObjectRequest = new HeadObjectRequest(bucketName, objectKey);
        // 设置加密密钥
        headObjectRequest.setSseCustomerKey(sseCustomerKey);
        HeadObjectResult headObjectResult = ks3Client.headObject(headObjectRequest);
        System.out.println("customer algorithm: " + headObjectResult.getObjectMetadata().getSseCustomerAlgorithm());
        System.out.println("customer key md5: " + headObjectResult.getObjectMetadata().getSseCustomerKeyMD5());

        // get object
        GetObjectRequest getObjectRequest = new GetObjectRequest(bucketName, objectKey);
        // 设置加密密钥
        getObjectRequest.setSseCustomerKey(sseCustomerKey);
        GetObjectResult object = ks3Client.getObject(getObjectRequest);
        System.out.println(object);
        AutoAbortInputStream objectContent = object.getObject().getObjectContent();
        String content = IOUtils.toString(objectContent, StandardCharsets.UTF_8);
        System.out.println("object content: " + content);
        System.out.println("customer algorithm: " + object.getObject().getObjectMetadata().getSseCustomerAlgorithm());
        System.out.println("customer key md5: " + object.getObject().getObjectMetadata().getSseCustomerKeyMD5());
        objectContent.close();

        // init multipart upload
        String objectKey2 = "sse-test-object-2";
        InitiateMultipartUploadRequest initiateMultipartUploadRequest = new InitiateMultipartUploadRequest(bucketName, objectKey2);
        // 设置加密密钥
        initiateMultipartUploadRequest.setSseCustomerKey(sseCustomerKey);
        InitiateMultipartUploadResult initiateMultipartUploadResult = ks3Client.initiateMultipartUpload(initiateMultipartUploadRequest);
        String uploadId = initiateMultipartUploadResult.getUploadId();
        System.out.println("upload id: " + uploadId);
        System.out.println("customer algorithm: " + initiateMultipartUploadResult.getSseCustomerAlgorithm());
        System.out.println("customer key md5: " + initiateMultipartUploadResult.getSseCustomerKeyMD5());

        // upload part
        UploadPartRequest uploadPartRequest = new UploadPartRequest(bucketName, objectKey2, uploadId, 1, new ByteArrayInputStream(bytes), bytes.length);
        // 设置加密密钥
        uploadPartRequest.setSseCustomerKey(sseCustomerKey);
        PartETag partETag = ks3Client.uploadPart(uploadPartRequest);
        System.out.println("customer algorithm: " + partETag.getSseCustomerAlgorithm());
        System.out.println("customer key md5: " + partETag.getSseCustomerKeyMD5());

        // complete multipart upload
        CompleteMultipartUploadRequest completeMultipartUploadRequest = new CompleteMultipartUploadRequest(bucketName, objectKey2, uploadId, Arrays.asList(partETag));
        CompleteMultipartUploadResult completeMultipartUploadResult = ks3Client.completeMultipartUpload(completeMultipartUploadRequest);
        System.out.println("customer algorithm: " + completeMultipartUploadResult.getSseCustomerAlgorithm());
        System.out.println("customer key md5: " + completeMultipartUploadResult.getSseCustomerKeyMD5());

        // copy object
        CopyObjectRequest copyObjectRequest = new CopyObjectRequest(bucketName, objectKey2 + "-copy", bucketName, objectKey2);
        // 设置源文件的加密密钥
        copyObjectRequest.setSourceSSECustomerKey(sseCustomerKey);
        // 设置目标文件的加密密钥
        copyObjectRequest.setDestinationSSECustomerKey(sseCustomerKey);
        CopyResult copyResult = ks3Client.copyObject(copyObjectRequest);
        System.out.println("copy result: " + copyResult);
    }

文档导读
纯净模式常规模式

纯净模式

点击可全屏预览文档内容
文档反馈