更新时间:2023-11-08 GMT+08:00
加密示例
开发过程中,您有任何问题可以在github上提交issue,或者在华为云对象存储服务论坛中发帖求助。
上传对象加密
以下代码展示了在上传对象时使用服务端加密功能:
static void test_put_object_by_aes_encrypt()
{
// 待上传的buffer
char *buffer = "11111111";
// 待上传的buffer的长度
int buffer_size = strlen(buffer);
// 上传的对象名
char *key = "put_buffer_aes";
// 创建并初始化option
obs_options option;
init_obs_options(&option);
option.bucket_options.host_name = "<your-endpoint>";
option.bucket_options.bucket_name = "<Your bucketname>";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html
option.bucket_options.access_key = getenv("ACCESS_KEY_ID");
option.bucket_options.secret_access_key = getenv("SECRET_ACCESS_KEY");
option.bucket_options.protocol = OBS_PROTOCOL_HTTPS;
// 初始化上传对象属性
obs_put_properties put_properties;
init_put_properties(&put_properties);
//初始化存储上传数据的结构体
put_buffer_object_callback_data data;
memset(&data, 0, sizeof(put_buffer_object_callback_data));
data.put_buffer = buffer;
data.buffer_size = buffer_size;
//服务端加密 SSE加密
server_side_encryption_params encryption_params;
memset(&encryption_params, 0, sizeof(server_side_encryption_params));
encryption_params.ssec_customer_algorithm = "AES256";
encryption_params.ssec_customer_key =
"K7QkYpBkM5+hcs27fsNkUnNVaobncnLht/rCB2o/9Cw=";
// 设置回调函数
obs_put_object_handler putobjectHandler =
{
{ &response_properties_callback, &put_buffer_complete_callback },
&put_buffer_data_callback
};
put_object(&option, key, buffer_size, &put_properties,
&encryption_params,&putobjectHandler,&data);
if (OBS_STATUS_OK == data.ret_status) {
printf("put object by_aes_encrypt successfully. \n");
}
else
{
printf("put object by_aes_encrypt encryption failed(%s).\n",
obs_get_status_name(data.ret_status));
}
}
下载对象解密
以下代码展示了在下载对象时使用服务端解密功能:
static void test_get_object_by_aes_encrypt()
{
char *file_name = "./test_by_aes";
char *key = "put_buffer_aes";
obs_object_info object_info;
// 创建并初始化option
obs_options option;
init_obs_options(&option);
option.bucket_options.host_name = "<your-endpoint>";
option.bucket_options.bucket_name = "<Your bucketname>";
// 认证用的ak和sk硬编码到代码中或者明文存储都有很大的安全风险,建议在配置文件或者环境变量中密文存放,使用时解密,确保安全;本示例以ak和sk保存在环境变量中为例,运行本示例前请先在本地环境中设置环境变量ACCESS_KEY_ID和SECRET_ACCESS_KEY。
// 您可以登录访问管理控制台获取访问密钥AK/SK,获取方式请参见https://support.huaweicloud.com/usermanual-ca/ca_01_0003.html
option.bucket_options.access_key = getenv("ACCESS_KEY_ID");
option.bucket_options.secret_access_key = getenv("SECRET_ACCESS_KEY");
option.bucket_options.protocol = OBS_PROTOCOL_HTTPS;
// SSE加密的对象下载,需要传入SSE的密钥
server_side_encryption_params encryption_params;
memset(&encryption_params, 0, sizeof(server_side_encryption_params));
encryption_params.use_ssec = '1';
encryption_params.ssec_customer_algorithm = "AES256";
encryption_params.ssec_customer_key = "K7QkYpBkM5+hcs27fsNkUnNVaobncnLht/rCB2o/9Cw=";
memset(&object_info, 0, sizeof(obs_object_info));
object_info.key =key;
get_object_callback_data data;
data.ret_status = OBS_STATUS_BUTT;
data.outfile = write_to_file(file_name);
obs_get_conditions getcondition;
memset(&getcondition, 0, sizeof(obs_get_conditions));
init_get_properties(&getcondition);
obs_get_object_handler get_object_handler =
{
{ NULL, &get_object_complete_callback},
&get_object_data_callback
};
get_object(&option, &object_info, &getcondition, &encryption_params,
&get_object_handler, &data);
if (OBS_STATUS_OK == data.ret_status) {
printf("get object by_aes successfully . \n");
}
else
{
printf("get object by_aes faied(%s).\n", obs_get_status_name(data.ret_status));
}
fclose(data.outfile);
}
父主题: 服务端加密
