use of com.amazonaws.services.s3.model.CryptoConfiguration in project aws-doc-sdk-examples by awsdocs.
the class S3Encrypt method encryptionOnly_CustomerManagedAsymetricKey.
// snippet-end:[s3.java1.s3_encrypt.encryption_only]
/**
* Uses an asymmetric key pair instead of a symmetric key. Note this does not change the algorithm used to encrypt
* the content, that will still be a symmetric key algorithm (AES/CBC in this case) using the derived CEK. It does impact
* the algorithm used to encrypt the CEK, in this case we use RSA/ECB/OAEPWithSHA-256AndMGF1Padding.
*/
// snippet-start:[s3.java1.s3_encrypt.encryption_only_asymetric_key]
public void encryptionOnly_CustomerManagedAsymetricKey() throws NoSuchAlgorithmException {
// snippet-start:[s3.java1.s3_encrypt.encryption_only_asymetric_key_build]
KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(keyPair))).build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
// snippet-end:[s3.java1.s3_encrypt.encryption_only_asymetric_key_build]
// snippet-start:[s3.java1.s3_encrypt.encryption_only_asymetric_key_put_object]
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
// snippet-end:[s3.java1.s3_encrypt.encryption_only_asymetric_key_put_object]
// snippet-start:[s3.java1.s3_encrypt.encryption_only_asymetric_key_retrieve]
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
// snippet-end:[s3.java1.s3_encrypt.encryption_only_asymetric_key_retrieve]
}
use of com.amazonaws.services.s3.model.CryptoConfiguration in project aws-doc-sdk-examples by awsdocs.
the class S3Encrypt method strictAuthenticatedEncryption_KmsManagedKey.
// snippet-end:[s3.java1.s3_encrypt.kms_authenticated_encryption]
/**
* Same as authenticatedEncryption_KmsManagedKey except throws an exception when trying to get objects not encrypted with
* AES/GCM.
*/
// snippet-start:[s3.java1.s3_encrypt.kms_authenticated_encryption_strict]
public void strictAuthenticatedEncryption_KmsManagedKey() throws NoSuchAlgorithmException {
// snippet-start:[s3.java1.s3_encrypt.kms_authenticated_encryption_strict_builder]
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.StrictAuthenticatedEncryption).withAwsKmsRegion(Region.getRegion(Regions.US_WEST_2))).withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key")).build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
// snippet-end:[s3.java1.s3_encrypt.kms_authenticated_encryption_strict_builder]
// snippet-start:[s3.java1.s3_encrypt.kms_authenticated_encryption_strict_put_object]
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
// snippet-start:[s3.java1.s3_encrypt.kms_authenticated_encryption_strict_exception]
try {
s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY);
} catch (SecurityException e) {
// Strict authenticated encryption will throw an exception if an object is not encrypted with AES/GCM
System.err.println(NON_ENCRYPTED_KEY + " was not encrypted with AES/GCM");
}
// snippet-end:[s3.java1.s3_encrypt.kms_authenticated_encryption_strict_exception]
}
use of com.amazonaws.services.s3.model.CryptoConfiguration in project aws-doc-sdk-examples by awsdocs.
the class S3Encrypt method strictAuthenticatedEncryption_CustomerManagedKey.
/**
* Uses AES/GCM with AESWrap key wrapping to encrypt the key. Uses v2 metadata schema. The only difference between this and
* {@link #authenticatedEncryption_CustomerManagedKey()} is that attempting to retrieve an object non
* encrypted with AES/GCM will thrown an exception instead of falling back to encryption only or plaintext GET.
*/
// snippet-start:[s3.java1.s3_encrypt.strict_authenticated_encryption]
public void strictAuthenticatedEncryption_CustomerManagedKey() throws NoSuchAlgorithmException {
// snippet-start:[s3.java1.s3_encrypt.strict_authenticated_encryption_build]
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.StrictAuthenticatedEncryption)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
// snippet-end:[s3.java1.s3_encrypt.strict_authenticated_encryption_build]
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
try {
s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY);
} catch (SecurityException e) {
// Strict authenticated encryption will throw an exception if an object is not encrypted with AES/GCM
System.err.println(NON_ENCRYPTED_KEY + " was not encrypted with AES/GCM");
}
}
use of com.amazonaws.services.s3.model.CryptoConfiguration in project aws-doc-sdk-examples by awsdocs.
the class S3Encrypt method encryptionOnly_CustomerManagedKey.
/**
* Uses AES/CBC algorithm, no key wrapping.
*/
public void encryptionOnly_CustomerManagedKey() throws NoSuchAlgorithmException {
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
use of com.amazonaws.services.s3.model.CryptoConfiguration in project aws-doc-sdk-examples by awsdocs.
the class S3Encrypt method encryptionOnly_KmsManagedKey.
// snippet-end:[s3.java1.s3_encrypt.encryption_only_asymetric_key]
/**
* This uses the V2 metadata schema with a key wrap algorithm of 'kms' and a CEK algorithm of AES/CBC/PKCS5Padding.
*/
// snippet-start:[s3.java1.s3_encrypt.kms_encryption_only]
public void encryptionOnly_KmsManagedKey() throws NoSuchAlgorithmException {
// snippet-start:[s3.java1.s3_encrypt.kms_encryption_only_build]
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly).withAwsKmsRegion(Region.getRegion(Regions.US_WEST_2))).withEncryptionMaterials(new KMSEncryptionMaterialsProvider("alias/s3-kms-key")).build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
// snippet-end:[s3.java1.s3_encrypt.kms_encryption_only_build]
// snippet-start:[s3.java1.s3_encrypt.kms_encryption_only_put_object]
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
// snippet-end:[s3.java1.s3_encrypt.kms_encryption_only_put_object]
// snippet-start:[s3.java1.s3_encrypt.kms_encryption_only_retrieve]
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
// snippet-end:[s3.java1.s3_encrypt.kms_encryption_only_retrieve]
}
Aggregations