Updated on 2023-11-09 GMT+08:00

Example of Encryption

Encrypting an Object to Be Uploaded

Sample code:

  • SSE-C encryption
static OBSClient *client;
NSString *endPoint = @"your-endpoint";
// Hard-coded or plaintext AK/SK are risky. For security purposes, encrypt your AK/SK and store them in the configuration file or environment variables. In this example, the AK/SK are stored in environment variables for identity authentication. Before running this example, configure environment variables AccessKeyID and SecretAccessKey.
// Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html.
char* ak_env = getenv("AccessKeyID");
char* sk_env = getenv("SecretAccessKey");
NSString *AK = [NSString stringWithUTF8String:ak_env];
NSString *SK = [NSString stringWithUTF8String:sk_env];

    
// Initialize identity authentication.
OBSStaticCredentialProvider *credentialProvider = [[OBSStaticCredentialProvider alloc] initWithAccessKey:AK secretKey:SK];
    
//Initialize service configuration.
OBSServiceConfiguration *conf = [[OBSServiceConfiguration alloc] initWithURLString:endPoint credentialProvider:credentialProvider];
    
// Initialize an instance of OBSClient.
client = [[OBSClient alloc] initWithConfiguration:conf];
    
// Use the SSE-C algorithm to upload an object.
NSData *uploadData = [NSData dataWithContentsOfFile:_imagePath];
OBSPutObjectWithDataRequest *request = [[OBSPutObjectWithDataRequest alloc]initWithBucketName:@"bucketname" objectKey:@"test/image1" uploadData:uploadData];
    
 // Encrypt the object.
request.encryption = [[OBSEncryptionTypeCustomer alloc]initWithAlgorithm:@"AES256" key:@"K7QkYpBkM5+hcs27fsNkUnNVaobncnLht/rCB2o/9Cw=" keyMD5:@"4XvB3tbNTN+tIEVa0/fGaQ=="];
    
request.uploadProgressBlock = ^(int64_t bytesSent, int64_t totalBytesSent, int64_t totalBytesExpectedToSend) {
    NSLog(@"%0.1f%%",(float)totalBytesSent*100/(float)totalBytesExpectedToSend);
};
[client putObject:request completionHandler:^(OBSPutObjectResponse *response, NSError *error){
    NSLog(@"%@",response);
}] ;
  • key: generated through AES256.
  • keyMD5: base64-encoded MD5 value of the key.
  • SSE-KMS encryption
static OBSClient *client;
NSString *endPoint = @"your-endpoint";
// Hard-coded or plaintext AK/SK are risky. For security purposes, encrypt your AK/SK and store them in the configuration file or environment variables. In this example, the AK/SK are stored in environment variables for identity authentication. Before running this example, configure environment variables AccessKeyID and SecretAccessKey.
// Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html.
char* ak_env = getenv("AccessKeyID");
char* sk_env = getenv("SecretAccessKey");
NSString *AK = [NSString stringWithUTF8String:ak_env];
NSString *SK = [NSString stringWithUTF8String:sk_env];
    
// Initialize identity authentication.
OBSStaticCredentialProvider *credentialProvider = [[OBSStaticCredentialProvider alloc] initWithAccessKey:AK secretKey:SK];
    
//Initialize service configuration.
OBSServiceConfiguration *conf = [[OBSServiceConfiguration alloc] initWithURLString:endPoint credentialProvider:credentialProvider];
    
// Initialize an instance of OBSClient.
client = [[OBSClient alloc] initWithConfiguration:conf];
    
// Use the SSE-KMS algorithm to upload an object.
OBSPutObjectWithFileRequest *request = [[OBSPutObjectWithFileRequest alloc]initWithBucketName:@"bucketname" objectKey:@"objectname" uploadFilePath:_imagePath];
    
// SSE-KMS encryption
request.encryption = [[OBSEncryptionTypeKMS alloc]initWithKeyID:nil];
    
request.uploadProgressBlock = ^(int64_t bytesSent, int64_t totalBytesSent, int64_t totalBytesExpectedToSend) {
    NSLog(@"%0.1f%%",(float)floor(totalBytesSent*10000/totalBytesExpectedToSend)/100);
};
    
[client putObject:request completionHandler:^(OBSPutObjectResponse *response, NSError *error){
    NSLog(@"%@",response.etag);
}];

Decrypting a Downloaded Object

Sample code:

static OBSClient *client;
NSString *endPoint = @"your-endpoint";
// Hard-coded or plaintext AK/SK are risky. For security purposes, encrypt your AK/SK and store them in the configuration file or environment variables. In this example, the AK/SK are stored in environment variables for identity authentication. Before running this example, configure environment variables AccessKeyID and SecretAccessKey.
// Obtain an AK/SK pair on the management console. For details, see https://support.huaweicloud.com/intl/en-us/usermanual-ca/ca_01_0003.html.
char* ak_env = getenv("AccessKeyID");
char* sk_env = getenv("SecretAccessKey");
NSString *AK = [NSString stringWithUTF8String:ak_env];
NSString *SK = [NSString stringWithUTF8String:sk_env];
    
// Initialize identity authentication.
OBSStaticCredentialProvider *credentialProvider = [[OBSStaticCredentialProvider alloc] initWithAccessKey:AK secretKey:SK];
    
//Initialize service configuration.
OBSServiceConfiguration *conf = [[OBSServiceConfiguration alloc] initWithURLString:endPoint credentialProvider:credentialProvider];
    
// Initialize an instance of OBSClient.
client = [[OBSClient alloc] initWithConfiguration:conf];
    
// Decrypt the downloaded object.
NSString * outfilePath = [NSTemporaryDirectory() stringByAppendingString:@"test.png"];
OBSGetObjectToFileRequest *request = [[OBSGetObjectToFileRequest alloc]initWithBucketName:@"bbucketname" objectKey:@"objectname" downloadFilePath:outfilePath];
    
// Enter the key and keyMD5 used for encrypting the object during the object upload.
request.encryption = [[OBSEncryptionTypeCustomer alloc]initWithAlgorithm:@"AES256" key:@"K7QkYpBkM5+hcs27fsNkUnNVaobncnLht/rCB2o/9Cw=" keyMD5:@"4XvB3tbNTN+tIEVa0/fGaQ=="];
request.downloadProgressBlock = ^(int64_t bytesWritten, int64_t totalBytesWritten, int64_t totalBytesExpectedToWrite) {
    NSLog(@"%0.1f%%",(float)floor(totalBytesWritten*10000/totalBytesExpectedToWrite)/100);
};
[client getObject:request completionHandler:^(OBSGetObjectResponse *response, NSError *error){
    NSLog(@"%@",response.etag);
}];