0

我正在尝试查找有关如何将 AWS iOS SDK 与 KMS 一起使用的示例或模式,但没有结果。

iOS SDK 文档在这里:

https://aws.amazon.com/developers/getting-started/ios/
https://github.com/aws/aws-sdk-ios

似乎暗示了 S3 和 EC2 示例,但没有一个单独的 KMS 示例。

建议?

4

2 回答 2

1

如果您正在使用 AWS KMS CMK 在 AWS S3 中寻找服务器端加密,那么您可以指定,您需要在上传请求本身中对我的数据进行服务器端加密。

该代码用于将图像上传到 AWS S3 使用 AWS KMS CMK 进行服务器端加密。(用 swift 3 编写的代码)

@IBAction func uploadButtonPressed(_ sender: AnyObject) {
    if documentImageView.image == nil {
       // Do something here
    } else {
        let image = documentImageView.image! // I picked image from my imageView named as "documentImageView". You can choose from wherever you want.
        let fileManager = FileManager.default
        let path = (NSSearchPathForDirectoriesInDomains(.documentDirectory, .userDomainMask, true)[0] as NSString).appendingPathComponent("\(imageName!).jpeg")
        let imageData = UIImageJPEGRepresentation(image, 0.99)
        fileManager.createFile(atPath: path as String, contents: imageData, attributes: nil)

        let fileUrl = NSURL(fileURLWithPath: path)
        uploadRequest?.bucket = "S3BucketName"
        uploadRequest?.key = "yourImageName.jpeg"
        uploadRequest?.contentType = "image/jpeg"
        uploadRequest?.body = fileUrl as URL!
        uploadRequest?.serverSideEncryption = AWSS3ServerSideEncryption.awsKms
        uploadRequest?.ssekmsKeyId = "Your AWS KMS CMK id" 
        uploadRequest?.uploadProgress = { (bytesSent, totalBytesSent, totalBytesExpectedToSend) -> Void in
            DispatchQueue.main.async(execute: {
                self.amountUploaded = totalBytesSent. // To show the amount of data uploaded 
                self.fileSize = totalBytesExpectedToSend
            })
        }

        let transferManager = AWSS3TransferManager.default()
        transferManager?.upload(uploadRequest).continue(with: AWSExecutor.mainThread(), withSuccessBlock: { (taskk: AWSTask) -> Any? in

            if taskk.error != nil {
                // Error
            } else {
               // Handle success response
            }
            return nil
        })
    }
}

注意:如果您没有在上传请求中将您的AWS KMS CMK ID提供给属性ssekmsKeyId,则 AWS S3 将创建一个默认 CMK ID,该 ID 对于您的 IAM(如果您使用您的 IAM 凭证访问 AWS S3)或根凭证是唯一的(如果您使用根凭证访问 AWS S3)。仅在您在上传请求中的ssekmsKeyId 属性中指定您的 CMK Id之前,才会使用此默认CMK ID进行进一步的加密/解密。

于 2016-11-01T07:09:33.313 回答
0

Also looking for this. They have KMS api on Javascript (browser,node), Android (Java), and even C++ (which might work on iOS.. but please).

But not in the iOS SDK. Sigh.

于 2016-04-17T22:44:27.207 回答