文件未在 Aws s3 服務器端加密中加密（客戶提供的密鑰）Android

Question

我正在嘗試使用自定義密鑰在亞馬遜中實現加密，根據文檔提及，我在 header 中提供這 3 個值

objectMetadata.setHeader("x-amz-server-side-encryption-customer-algorithm", ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION)
objectMetadata.setHeader("x-amz-server-side-encryption-customer-key", key2)
objectMetadata.setHeader("x-amz-server-side-encryption-customer-key-MD5", md5)

header 中需要這 3 個值，但它不在亞馬遜服務器上加密文件，我通過此代碼生成客戶密鑰和 md5 密鑰

    @Throws(Exception::class)
fun encrypt(
    plaintext: ByteArray?,
    password:  CharArray,
    key: SecretKey,
    IV: ByteArray?,
    salt: ByteArray
): ByteArray? {
    val cipher = Cipher.getInstance("AES")
    val pbKeySpec = PBEKeySpec(password, salt, 1324, 256)
    val secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1")
    val keyBytes = secretKeyFactory.generateSecret(pbKeySpec).encoded
    val keySpec = SecretKeySpec(keyBytes, "AES")
    val ivSpec = IvParameterSpec(IV)
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec)
    return cipher.doFinal(plaintext)
}
val key2 = Base64.getEncoder().encodeToString(encrypt(utf8, chr, key, iv, salt)) // This is how am calling the function and making base64 customer key

然后對於 md5 am 使用此代碼創建 md5 密鑰

 val md = MessageDigest.getInstance("MD5")

 Files.newInputStream(Paths.get(files[j].path)).use { `is` ->
      DigestInputStream(`is`, md).use { }
 }

 val digest: ByteArray = md.digest(files[j].path.encodeToByteArray())
 val md5 = Base64.getEncoder().encodeToString(digest)

文件已成功上傳到 aws 服務器，但文件未加密，我似乎無法弄清楚是什么問題

Answer 1

您是否在 header 中正確添加了這 3 個鍵？

objectMetadata.setHeader("x-amz-server-side-encryption-customer-algorithm", ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION)
objectMetadata.setHeader("x-amz-server-side-encryption-customer-key", key2)
objectMetadata.setHeader("x-amz-server-side-encryption-customer-key-MD5", md5)