Search in sources :

Example 1 with EncryptionMaterials

use of com.amazonaws.services.s3.model.EncryptionMaterials in project aws-doc-sdk-examples by awsdocs.

the class S3EncryptV2 method putEncryptedData2.

public static void putEncryptedData2() throws NoSuchAlgorithmException {
    // snippet-start:[s3.java.s3_cse_v2.asymmetric]
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
    keyPairGenerator.initialize(2048);
    // generate an asymmetric key pair for testing
    KeyPair keyPair = keyPairGenerator.generateKeyPair();
    // snippet-start:[s3.java.s3_cse_v2.auth]
    String s3ObjectKey = "EncryptedContent2.txt";
    String s3ObjectContent = "This is the 2nd content to encrypt";
    AmazonS3EncryptionV2 s3Encryption = AmazonS3EncryptionClientV2Builder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfigurationV2().withCryptoMode(CryptoMode.StrictAuthenticatedEncryption)).withEncryptionMaterialsProvider(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(keyPair))).build();
    s3Encryption.putObject(bucketName, s3ObjectKey, s3ObjectContent);
    // snippet-end:[s3.java.s3_cse_v2.auth]
    System.out.println(s3Encryption.getObjectAsString(bucketName, s3ObjectKey));
    s3Encryption.shutdown();
// snippet-end:[s3.java.s3_cse_v2.asymmetric]
}
Also used : AmazonS3EncryptionV2(com.amazonaws.services.s3.AmazonS3EncryptionV2) KeyPair(java.security.KeyPair) EncryptionMaterials(com.amazonaws.services.s3.model.EncryptionMaterials) CryptoConfigurationV2(com.amazonaws.services.s3.model.CryptoConfigurationV2) KeyPairGenerator(java.security.KeyPairGenerator) StaticEncryptionMaterialsProvider(com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider)

Example 2 with EncryptionMaterials

use of com.amazonaws.services.s3.model.EncryptionMaterials in project aws-doc-sdk-examples by awsdocs.

the class S3Encrypt method authenticatedEncryption_CustomerManagedKey.

/**
 * Uses AES/GCM with AESWrap key wrapping to encrypt the key. Uses v2 metadata schema. Note that authenticated
 * encryption requires the bouncy castle provider to be on the classpath. Also, for authenticated encryption the size
 * of the data can be no longer than 64 GB.
 */
// snippet-start:[s3.java1.s3_encrypt.authenticated_encryption]
public void authenticatedEncryption_CustomerManagedKey() throws NoSuchAlgorithmException {
    // snippet-start:[s3.java1.s3_encrypt.authenticated_encryption_build]
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
    // snippet-end:[s3.java1.s3_encrypt.authenticated_encryption_build]
    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
Also used : AmazonS3(com.amazonaws.services.s3.AmazonS3) SecretKey(javax.crypto.SecretKey) AmazonS3Encryption(com.amazonaws.services.s3.AmazonS3Encryption)

Example 3 with EncryptionMaterials

use of com.amazonaws.services.s3.model.EncryptionMaterials in project aws-doc-sdk-examples by awsdocs.

the class S3Encrypt method strictAuthenticatedEncryption_RangeGet_CustomerManagedKey.

// snippet-end:[s3.java1.s3_encrypt.strict_authenticated_encryption]
/**
 * Strict authenticated encryption mode does not support ranged GETs. This is because we must use AES/CTR for ranged
 * GETs which is not an authenticated encryption algorithm. To do a partial get using authenticated encryption you have to
 * get the whole object and filter to the data you want.
 */
public void strictAuthenticatedEncryption_RangeGet_CustomerManagedKey() throws NoSuchAlgorithmException {
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.StrictAuthenticatedEncryption)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    try {
        s3Encryption.getObject(new GetObjectRequest(BUCKET_NAME, ENCRYPTED_KEY).withRange(0, 2));
    } catch (SecurityException e) {
        System.err.println("Range GET is not supported with authenticated encryption");
    }
}
Also used : SecretKey(javax.crypto.SecretKey) AmazonS3Encryption(com.amazonaws.services.s3.AmazonS3Encryption)

Example 4 with EncryptionMaterials

use of com.amazonaws.services.s3.model.EncryptionMaterials in project aws-doc-sdk-examples by awsdocs.

the class S3Encrypt method authenticatedEncryption_RangeGet_CustomerManagedKey.

// snippet-end:[s3.java1.s3_encrypt.authenticated_encryption]
/**
 * For ranged GET we do not use authenticated encryption since we aren't reading the entire message and can't produce the
 * MAC. Instead we use AES/CTR, an unauthenticated encryption algorithm. If {@link CryptoMode#StrictAuthenticatedEncryption}
 * is enabled, ranged GETs will not be allowed since they do not use authenticated encryption..
 */
public void authenticatedEncryption_RangeGet_CustomerManagedKey() throws NoSuchAlgorithmException {
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.AuthenticatedEncryption)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
Also used : AmazonS3(com.amazonaws.services.s3.AmazonS3) SecretKey(javax.crypto.SecretKey) AmazonS3Encryption(com.amazonaws.services.s3.AmazonS3Encryption)

Example 5 with EncryptionMaterials

use of com.amazonaws.services.s3.model.EncryptionMaterials in project aws-doc-sdk-examples by awsdocs.

the class S3Encrypt method encryptionOnly_CustomerManagedAsymetricKey.

// snippet-end:[s3.java1.s3_encrypt.encryption_only]
/**
 * Uses an asymmetric key pair instead of a symmetric key. Note this does not change the algorithm used to encrypt
 * the content, that will still be a symmetric key algorithm (AES/CBC in this case) using the derived CEK. It does impact
 * the algorithm used to encrypt the CEK, in this case we use RSA/ECB/OAEPWithSHA-256AndMGF1Padding.
 */
// snippet-start:[s3.java1.s3_encrypt.encryption_only_asymetric_key]
public void encryptionOnly_CustomerManagedAsymetricKey() throws NoSuchAlgorithmException {
    // snippet-start:[s3.java1.s3_encrypt.encryption_only_asymetric_key_build]
    KeyPair keyPair = KeyPairGenerator.getInstance("RSA").generateKeyPair();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(keyPair))).build();
    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
    // snippet-end:[s3.java1.s3_encrypt.encryption_only_asymetric_key_build]
    // snippet-start:[s3.java1.s3_encrypt.encryption_only_asymetric_key_put_object]
    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    // snippet-end:[s3.java1.s3_encrypt.encryption_only_asymetric_key_put_object]
    // snippet-start:[s3.java1.s3_encrypt.encryption_only_asymetric_key_retrieve]
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
// snippet-end:[s3.java1.s3_encrypt.encryption_only_asymetric_key_retrieve]
}
Also used : AmazonS3(com.amazonaws.services.s3.AmazonS3) KeyPair(java.security.KeyPair) AmazonS3Encryption(com.amazonaws.services.s3.AmazonS3Encryption)

Aggregations

AmazonS3 (com.amazonaws.services.s3.AmazonS3)8 AmazonS3Encryption (com.amazonaws.services.s3.AmazonS3Encryption)8 SecretKey (javax.crypto.SecretKey)8 KeyPair (java.security.KeyPair)3 AmazonServiceException (com.amazonaws.AmazonServiceException)2 SdkClientException (com.amazonaws.SdkClientException)2 ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)2 Regions (com.amazonaws.regions.Regions)2 AmazonS3EncryptionV2 (com.amazonaws.services.s3.AmazonS3EncryptionV2)2 CryptoConfigurationV2 (com.amazonaws.services.s3.model.CryptoConfigurationV2)2 EncryptionMaterials (com.amazonaws.services.s3.model.EncryptionMaterials)2 StaticEncryptionMaterialsProvider (com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider)2 KeyGenerator (javax.crypto.KeyGenerator)2 ClientConfiguration (com.amazonaws.ClientConfiguration)1 KeyPairGenerator (java.security.KeyPairGenerator)1