Search in sources :

Example 11 with AmazonS3Encryption

use of com.amazonaws.services.s3.AmazonS3Encryption in project aws-doc-sdk-examples by awsdocs.

the class S3Encrypt method encryptionOnly_RangeGet_CustomerManagedKey.

/**
 * Non-authenticated encryption schemes can do range GETs without an issue.
 */
// snippet-start:[s3.java1.s3_encrypt.encryption_only]
public void encryptionOnly_RangeGet_CustomerManagedKey() throws NoSuchAlgorithmException {
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    System.out.println(s3Encryption.getObject(new GetObjectRequest(BUCKET_NAME, ENCRYPTED_KEY).withRange(0, 2)));
}
Also used : SecretKey(javax.crypto.SecretKey) AmazonS3Encryption(com.amazonaws.services.s3.AmazonS3Encryption)

Example 12 with AmazonS3Encryption

use of com.amazonaws.services.s3.AmazonS3Encryption in project aws-doc-sdk-examples by awsdocs.

the class S3Encrypt method authenticatedEncryption_KmsManagedKey.

// snippet-end:[s3.java1.s3_encrypt.kms_encryption_only]
/**
 * This uses the V2 metadata schema with a key wrap algorithm of 'kms' and a CEK algorithm of AES/GCM/NoPadding.
 */
// snippet-start:[s3.java1.s3_encrypt.kms_authenticated_encryption]
public void authenticatedEncryption_KmsManagedKey() throws NoSuchAlgorithmException {
    // snippet-start:[s3.java1.s3_encrypt.kms_authenticated_encryption_builder]
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption).withAwsKmsRegion(Region.getRegion(Regions.US_WEST_2))).withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key")).build();
    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
    // snippet-end:[s3.java1.s3_encrypt.kms_authenticated_encryption_builder]
    // snippet-start:[s3.java1.s3_encrypt.kms_authenticated_encryption_put_object]
    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
// snippet-end:[s3.java1.s3_encrypt.kms_authenticated_encryption_put_object]
}
Also used : AmazonS3(com.amazonaws.services.s3.AmazonS3) AmazonS3Encryption(com.amazonaws.services.s3.AmazonS3Encryption)

Aggregations

AmazonS3Encryption (com.amazonaws.services.s3.AmazonS3Encryption)12 AmazonS3 (com.amazonaws.services.s3.AmazonS3)9 SecretKey (javax.crypto.SecretKey)6 KeyPair (java.security.KeyPair)2 AmazonServiceException (com.amazonaws.AmazonServiceException)1 SdkClientException (com.amazonaws.SdkClientException)1 ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)1 Regions (com.amazonaws.regions.Regions)1 AWSKMS (com.amazonaws.services.kms.AWSKMS)1 CreateKeyResult (com.amazonaws.services.kms.model.CreateKeyResult)1 CryptoConfiguration (com.amazonaws.services.s3.model.CryptoConfiguration)1 KMSEncryptionMaterialsProvider (com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider)1 S3Object (com.amazonaws.services.s3.model.S3Object)1 S3ObjectInputStream (com.amazonaws.services.s3.model.S3ObjectInputStream)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1