更新时间:2023-11-09 GMT+08:00
加密示例
上传对象加密
以下代码展示了在上传对象时使用服务端加密功能:
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // 生成一个加密密钥 System.Security.Cryptography.Aes aesEncryption = System.Security.Cryptography.Aes.Create(); aesEncryption.KeySize = 256; aesEncryption.GenerateKey(); string customerkey = Convert.ToBase64String(aesEncryption.Key); // 请根据实际情况配置本地待加密上传的文件 string filePathKms = "D:\\test\\testSseC.zip"; string filePathSseC = "D:\\test\\testSseC.zip"; // 上传对象 try { // 上传时以SSE-KMS算法加密对象 SseKmsHeader kms = new SseKmsHeader(); kms.Algorithm = SseKmsAlgorithmEnum.Kms; PutObjectRequest request1 = new PutObjectRequest { BucketName = "bucketname", ObjectKey = "objectname1", FilePath = filePathKms, SseHeader = kms, }; client.PutObject(request1); // 上传时以SSE-C算法加密对象 PutObjectRequest request2 = new PutObjectRequest { BucketName = "bucketname", ObjectKey = "objectname2", FilePath = filePathSseC, SseHeader = new SseCHeader() { Algorithm = SseCAlgorithmEnum.Aes256, KeyBase64 = customerkey } }; client.PutObject(request2); } catch (ObsException ex) { Console.WriteLine("ErrorCode: {0}", ex.ErrorCode); Console.WriteLine("ErrorMessage: {0}", ex.ErrorMessage); }
下载对象解密
以下代码展示了在下载对象时使用服务端解密功能:
// 初始化配置参数 ObsConfig config = new ObsConfig(); config.Endpoint = "https://your-endpoint"; // 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量AccessKeyID和SecretAccessKey。 // 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/intl/zh-cn/usermanual-ca/ca_01_0003.html string accessKey= Environment.GetEnvironmentVariable("AccessKeyID", EnvironmentVariableTarget.Machine); string secretKey= Environment.GetEnvironmentVariable("SecretAccessKey", EnvironmentVariableTarget.Machine); // 创建ObsClient实例 ObsClient client = new ObsClient(accessKey, secretKey, config); // 下载对象 try { // 下载时以SSE-C算法解密对象 GetObjectRequest request = new GetObjectRequest { BucketName = "bucketname", ObjectKey = "objectname2", // 此处的密钥必须和上传对象加密时使用的密钥一致 SseCHeader = new SseCHeader() { Algorithm = SseCAlgorithmEnum.Aes256, KeyBase64 = "customerkey" } }; client.GetObject(request); } catch (ObsException ex) { Console.WriteLine("ErrorCode: {0}", ex.ErrorCode); Console.WriteLine("ErrorMessage: {0}", ex.ErrorMessage); }
父主题: 服务端加密