[英]How to get Amazon s3 Encrypted object with signed URL?
I have created a signed URL for my s3 object. 我已经为我的s3对象创建了一个签名URL。
The object is stored using 'Server-Side Encryption with Customer-Provided Encryption Keys'. 使用“使用客户提供的加密密钥的服务器端加密”存储对象。
Now, When my client browses to the signed URL he gets : 现在,当我的客户浏览到签名的URL时,他得到:
The object was stored using a form of Server Side Encryption.
该对象是使用服务器端加密的形式存储的。 The correct parameters must be provided to retrieve the object
必须提供正确的参数才能检索对象
I need somehow make my client send the "x-amz-server-side-encryption-customer-algorithm" and "x-amz-server-side-encryption-customer-key" headers before reaching the URL. 我需要以某种方式使我的客户端在到达URL之前发送“ x-amz服务器端加密客户算法”标头和“ x-amz服务器端加密客户密钥”标头。
Any idea how can I achieve that ? 知道如何实现吗?
"x-amz-server-side-encryption-customer-algorithm" and "x-amz-server-side-encryption-customer-key" should be used at server side when signing the URL and the client don't need to add any header to the requests. 在签署网址时,应在服务器端使用“ x-amz服务器端加密客户算法”和“ x-amz服务器端加密客户密钥”,并且客户端无需添加请求的任何标头。
I don't know the PHP syntax but in Java SDK it works like this: 我不知道PHP语法,但是在Java SDK中,它的工作方式如下:
generatePresignedUrlRequest = new GeneratePresignedUrlRequest(BUCKET_NAME, TOKEN)
.withSSEAlgorithm(SSEAlgorithm.KMS.getAlgorithm())
.withKmsCmkId("YOUR_KMS_KEY_ID");
OR 要么
generatePresignedUrlRequest.addRequestParameter("x-amz-server-side-encryption", "aws:kms");
generatePresignedUrlRequest.addRequestParameter("x-amz-server-side-encryption-aws-kms-key-id", "YOUR_KMS_KEY_ID");
When signing for GET method you shouldn't do anything spacial. 在签名GET方法时,您不应做任何空间操作。
For more info you can look at this guide: Generating Amazon S3 Pre-signed URLs with SSE 有关更多信息,请参阅本指南: 使用SSE生成Amazon S3预签名URL
Raz 拉兹
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.