更新时间:2023-11-09 GMT+08:00

加密示例

开发过程中,您有任何问题可以在github上提交issue

上传对象加密

以下代码展示了在上传对象时使用服务端加密功能:

static void test_put_object_by_aes_encrypt()
{
    // 待上传的buffer
    char *buffer = "11111111";
    // 待上传的buffer的长度
    int buffer_size = strlen(buffer);
    // 上传的对象名
    char *key = "put_buffer_aes";
    // 创建并初始化option
    obs_options option;
    init_obs_options(&option);
    option.bucket_options.host_name = "<your-endpoint>";
    option.bucket_options.bucket_name = "<Your bucketname>";

    // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY。
    // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
    option.bucket_options.access_key = getenv("ACCESS_KEY_ID");
    option.bucket_options.secret_access_key = getenv("SECRET_ACCESS_KEY");
    option.bucket_options.protocol = OBS_PROTOCOL_HTTPS;
    // 初始化上传对象属性
    obs_put_properties put_properties;
    init_put_properties(&put_properties);
    //初始化存储上传数据的结构体
    put_buffer_object_callback_data data;
    memset(&data, 0, sizeof(put_buffer_object_callback_data));
    data.put_buffer = buffer;
    data.buffer_size = buffer_size;
    //服务端加密 SSE加密
    server_side_encryption_params encryption_params;
    memset(&encryption_params, 0, sizeof(server_side_encryption_params));
    encryption_params.ssec_customer_algorithm = "AES256";
    encryption_params.ssec_customer_key = 
                "K7QkYpBkM5+hcs27fsNkUnNVaobncnLht/rCB2o/9Cw=";
    // 设置回调函数
    obs_put_object_handler putobjectHandler =
    {
        { &response_properties_callback, &put_buffer_complete_callback },
            &put_buffer_data_callback
    };
    put_object(&option, key, buffer_size, &put_properties,
                &encryption_params,&putobjectHandler,&data);

    if (OBS_STATUS_OK == data.ret_status) {
        printf("put object by_aes_encrypt successfully. \n");
    }
    else
    {
        printf("put object by_aes_encrypt encryption failed(%s).\n",
                    obs_get_status_name(data.ret_status));
    }
}

下载对象解密

以下代码展示了在下载对象时使用服务端解密功能:

static void test_get_object_by_aes_encrypt()
{
    char *file_name = "./test_by_aes";
    char *key = "put_buffer_aes";
    obs_object_info object_info;
    // 创建并初始化option
    obs_options option;
    init_obs_options(&option);
    option.bucket_options.host_name = "<your-endpoint>";
    option.bucket_options.bucket_name = "<Your bucketname>";

    // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY。
    // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html
    option.bucket_options.access_key = getenv("ACCESS_KEY_ID");
    option.bucket_options.secret_access_key = getenv("SECRET_ACCESS_KEY");
    option.bucket_options.protocol = OBS_PROTOCOL_HTTPS;

    // SSE加密的对象下载,需要传入SSE的密钥
    server_side_encryption_params encryption_params;
    memset(&encryption_params, 0, sizeof(server_side_encryption_params));
    encryption_params.use_ssec = '1';
    encryption_params.ssec_customer_algorithm = "AES256";
    encryption_params.ssec_customer_key = "K7QkYpBkM5+hcs27fsNkUnNVaobncnLht/rCB2o/9Cw=";
    
    memset(&object_info, 0, sizeof(obs_object_info));
    object_info.key =key;
    
    get_object_callback_data data;
    data.ret_status = OBS_STATUS_BUTT;
    data.outfile = write_to_file(file_name);

    obs_get_conditions getcondition;
    memset(&getcondition, 0, sizeof(obs_get_conditions));
    init_get_properties(&getcondition);

    obs_get_object_handler get_object_handler =
    { 
        { NULL, &get_object_complete_callback},
        &get_object_data_callback
    };
    
    get_object(&option, &object_info, &getcondition, &encryption_params, 
                &get_object_handler, &data);
    if (OBS_STATUS_OK == data.ret_status) {
        printf("get object by_aes successfully . \n");
    }
    else
    {
        printf("get object by_aes faied(%s).\n", obs_get_status_name(data.ret_status));
    }
    fclose(data.outfile);
}