1

我用 :

  • 用于存储文件的 minio 服务器
  • nginx 作为反向代理,以便能够将 https 与 minio 服务器一起使用
  • .NET AWSSDK.S3 通过 nginx 与 Minio 服务器通信

由于服务器端加密不适用于 minio 服务器,我尝试使用 AWS 的客户端加密帮助。但是文件的解密不适用于 minio 服务器。

当我对 AWS 服务器帐户使用相同的代码时,加密/解密效果很好。

似乎文件在 minio 服务器中创建时会丢失其元数据。

当我尝试获取文件时,出现异常:

AWSSDK.Core.dll 中出现“Amazon.Runtime.AmazonServiceException”类型的未处理异常附加信息:无法解密对象文件流-27e52c5f-05d1-4296-的数据

这是我的代码

    static void Main()
    {
        string filePath = @"c:/tempPrivateKey.txt";
        string privateKey = File.ReadAllText(filePath);
        RSA rsaAlgorithm = RSA.Create();
        rsaAlgorithm.FromXmlString(privateKey);
        EncryptionMaterials encryptionMaterials = new EncryptionMaterials(rsaAlgorithm);
        var credentials = new BasicAWSCredentials(AccessKey, SecretKey);

        AmazonS3CryptoConfiguration cryptoConfig = new AmazonS3CryptoConfiguration
        {
            RegionEndpoint = RegionEndpoint.EUWest1,
            StorageMode = CryptoStorageMode.ObjectMetadata,
            ServiceURL = EndPointNginx,
            UseHttp = false,
            ForcePathStyle = true
        };

        _amazonS3Client = new AmazonS3EncryptionClient(credentials, cryptoConfig, encryptionMaterials);

        string bucketName = "bucket-" + Guid.NewGuid();

        string fileStreamKey = "file-stream-" + Guid.NewGuid();

        Stream fileStream = CreateRandomFileOnStream();

        CreateBucket(bucketName);

        AddFileToBucket(fileStreamKey, fileStream, bucketName);

        Stream fileStreamToRead = GetFile(fileStreamKey, bucketName);

        using (var reader = new StreamReader(fileStreamToRead))
        {
            Console.Out.WriteLine(reader.ReadToEnd());
        }

        DeleteFile(fileStreamKey, bucketName);

        DeleteBucket(bucketName);

        Console.ReadKey();
    }

    private static void AddFileToBucket(string fileKey, Stream fileStream, string bucketName)
    {
        Console.Out.WriteLine();
        Console.Out.WriteLine($"adding file {fileKey} to bucket {bucketName}.");

        var objectToPut = new PutObjectRequest
        {
            BucketName = bucketName,
            Key = fileKey,
            InputStream = fileStream
        };

        _amazonS3Client.PutObject(objectToPut);

        if (fileStream.CanRead)
            fileStream.Dispose();
        Console.Out.WriteLine("file added");
    }

    private static Stream GetFile(string fileKey, string bucketName)
    {
        // This line throw an exception.
        GetObjectResponse response = _amazonS3Client.GetObject(new GetObjectRequest { BucketName = bucketName, Key = fileKey });
        return response.ResponseStream;
    }

在最坏的情况下,我将手动加密/解密文件,但我想确定是否有解决此问题的方法。

4

0 回答 0