2

我正在尝试使用自定义密钥在亚马逊中实现加密,我根据文档提及在标题中提供这 3 个值

objectMetadata.setHeader("x-amz-server-side-encryption-customer-algorithm", ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION)
objectMetadata.setHeader("x-amz-server-side-encryption-customer-key", key2)
objectMetadata.setHeader("x-amz-server-side-encryption-customer-key-MD5", md5)

标头中需要这 3 个值,但它没有加密亚马逊服务器上的文件,我通过此代码生成客户密钥和 md5 密钥

    @Throws(Exception::class)
fun encrypt(
    plaintext: ByteArray?,
    password:  CharArray,
    key: SecretKey,
    IV: ByteArray?,
    salt: ByteArray
): ByteArray? {
    val cipher = Cipher.getInstance("AES")
    val pbKeySpec = PBEKeySpec(password, salt, 1324, 256)
    val secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1")
    val keyBytes = secretKeyFactory.generateSecret(pbKeySpec).encoded
    val keySpec = SecretKeySpec(keyBytes, "AES")
    val ivSpec = IvParameterSpec(IV)
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec)
    return cipher.doFinal(plaintext)
}
val key2 = Base64.getEncoder().encodeToString(encrypt(utf8, chr, key, iv, salt)) // This is how am calling the function and making base64 customer key

然后对于 md5 am 使用此代码创建 md5 密钥

 val md = MessageDigest.getInstance("MD5")

 Files.newInputStream(Paths.get(files[j].path)).use { `is` ->
      DigestInputStream(`is`, md).use { }
 }

 val digest: ByteArray = md.digest(files[j].path.encodeToByteArray())
 val md5 = Base64.getEncoder().encodeToString(digest)

文件已成功上传到 aws 服务器,但文件未加密,我似乎无法弄清楚是什么问题

4

1 回答 1

0

您是否在标题中正确添加了这 3 个键?

objectMetadata.setHeader("x-amz-server-side-encryption-customer-algorithm", ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION)
objectMetadata.setHeader("x-amz-server-side-encryption-customer-key", key2)
objectMetadata.setHeader("x-amz-server-side-encryption-customer-key-MD5", md5)
于 2021-12-28T08:36:03.000 回答