更新时间:2024-12-03 GMT+08:00
加密示例
开发过程中,您有任何问题可以在github上提交issue。
上传对象加密
以下代码展示了在上传对象时使用服务端加密功能:
static void test_put_object_by_aes_encrypt() { // 待上传的buffer char *buffer = "11111111"; // 待上传的buffer的长度 int buffer_size = strlen(buffer); // 上传的对象名 char *key = "put_buffer_aes"; // 创建并初始化option obs_options option; init_obs_options(&option); option.bucket_options.host_name = "<your-endpoint>"; option.bucket_options.bucket_name = "<Your bucketname>"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html option.bucket_options.access_key = getenv("ACCESS_KEY_ID"); option.bucket_options.secret_access_key = getenv("SECRET_ACCESS_KEY"); option.bucket_options.protocol = OBS_PROTOCOL_HTTPS; // 初始化上传对象属性 obs_put_properties put_properties; init_put_properties(&put_properties); //初始化存储上传数据的结构体 put_buffer_object_callback_data data; memset(&data, 0, sizeof(put_buffer_object_callback_data)); data.put_buffer = buffer; data.buffer_size = buffer_size; //服务端加密 SSE加密 server_side_encryption_params encryption_params; memset(&encryption_params, 0, sizeof(server_side_encryption_params)); encryption_params.ssec_customer_algorithm = "AES256"; encryption_params.ssec_customer_key = "K7QkYpBkM5+hcs27fsNkUnNVaobncnLht/rCB2o/9Cw="; // 设置回调函数 obs_put_object_handler putobjectHandler = { { &response_properties_callback, &put_buffer_complete_callback }, &put_buffer_data_callback }; put_object(&option, key, buffer_size, &put_properties, &encryption_params,&putobjectHandler,&data); if (OBS_STATUS_OK == data.ret_status) { printf("put object by_aes_encrypt successfully. \n"); } else { printf("put object by_aes_encrypt encryption failed(%s).\n", obs_get_status_name(data.ret_status)); } }
下载对象解密
以下代码展示了在下载对象时使用服务端解密功能:
static void test_get_object_by_aes_encrypt() { char *file_name = "./test_by_aes"; char *key = "put_buffer_aes"; obs_object_info object_info; // 创建并初始化option obs_options option; init_obs_options(&option); option.bucket_options.host_name = "<your-endpoint>"; option.bucket_options.bucket_name = "<Your bucketname>"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html option.bucket_options.access_key = getenv("ACCESS_KEY_ID"); option.bucket_options.secret_access_key = getenv("SECRET_ACCESS_KEY"); option.bucket_options.protocol = OBS_PROTOCOL_HTTPS; // SSE加密的对象下载,需要传入SSE的密钥 server_side_encryption_params encryption_params; memset(&encryption_params, 0, sizeof(server_side_encryption_params)); encryption_params.use_ssec = '1'; encryption_params.ssec_customer_algorithm = "AES256"; encryption_params.ssec_customer_key = "K7QkYpBkM5+hcs27fsNkUnNVaobncnLht/rCB2o/9Cw="; memset(&object_info, 0, sizeof(obs_object_info)); object_info.key =key; get_object_callback_data data; data.ret_status = OBS_STATUS_BUTT; data.outfile = write_to_file(file_name); obs_get_conditions getcondition; memset(&getcondition, 0, sizeof(obs_get_conditions)); init_get_properties(&getcondition); obs_get_object_handler get_object_handler = { { NULL, &get_object_complete_callback}, &get_object_data_callback }; get_object(&option, &object_info, &getcondition, &encryption_params, &get_object_handler, &data); if (OBS_STATUS_OK == data.ret_status) { printf("get object by_aes successfully . \n"); } else { printf("get object by_aes faied(%s).\n", obs_get_status_name(data.ret_status)); } fclose(data.outfile); }
父主题: 服务端加密