Search in sources :

Example 6 with EncryptionMaterials

use of com.amazonaws.services.s3.model.EncryptionMaterials in project aws-doc-sdk-examples by awsdocs.

the class S3Encrypt method strictAuthenticatedEncryption_CustomerManagedKey.

/**
 * Uses AES/GCM with AESWrap key wrapping to encrypt the key. Uses v2 metadata schema. The only difference between this and
 * {@link #authenticatedEncryption_CustomerManagedKey()} is that attempting to retrieve an object non
 * encrypted with AES/GCM will thrown an exception instead of falling back to encryption only or plaintext GET.
 */
// snippet-start:[s3.java1.s3_encrypt.strict_authenticated_encryption]
public void strictAuthenticatedEncryption_CustomerManagedKey() throws NoSuchAlgorithmException {
    // snippet-start:[s3.java1.s3_encrypt.strict_authenticated_encryption_build]
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.StrictAuthenticatedEncryption)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
    // snippet-end:[s3.java1.s3_encrypt.strict_authenticated_encryption_build]
    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    try {
        s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY);
    } catch (SecurityException e) {
        // Strict authenticated encryption will throw an exception if an object is not encrypted with AES/GCM
        System.err.println(NON_ENCRYPTED_KEY + " was not encrypted with AES/GCM");
    }
}
Also used : AmazonS3(com.amazonaws.services.s3.AmazonS3) SecretKey(javax.crypto.SecretKey) AmazonS3Encryption(com.amazonaws.services.s3.AmazonS3Encryption)

Example 7 with EncryptionMaterials

use of com.amazonaws.services.s3.model.EncryptionMaterials in project aws-doc-sdk-examples by awsdocs.

the class S3Encrypt method encryptionOnly_CustomerManagedKey.

/**
 * Uses AES/CBC algorithm, no key wrapping.
 */
public void encryptionOnly_CustomerManagedKey() throws NoSuchAlgorithmException {
    SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
    AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
    AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
    s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
    s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
    System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
Also used : AmazonS3(com.amazonaws.services.s3.AmazonS3) SecretKey(javax.crypto.SecretKey) AmazonS3Encryption(com.amazonaws.services.s3.AmazonS3Encryption)

Example 8 with EncryptionMaterials

use of com.amazonaws.services.s3.model.EncryptionMaterials in project aws-doc-sdk-examples by awsdocs.

the class S3ClientSideEncryptionAsymmetricMasterKey method main.

public static void main(String[] args) throws Exception {
    Regions clientRegion = Regions.DEFAULT_REGION;
    String bucketName = "*** Bucket name ***";
    String objectKeyName = "*** Key name ***";
    String rsaKeyDir = System.getProperty("java.io.tmpdir");
    String publicKeyName = "public.key";
    String privateKeyName = "private.key";
    // Generate a 1024-bit RSA key pair.
    KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA");
    keyGenerator.initialize(1024, new SecureRandom());
    KeyPair origKeyPair = keyGenerator.generateKeyPair();
    // To see how it works, save and load the key pair to and from the file system.
    saveKeyPair(rsaKeyDir, publicKeyName, privateKeyName, origKeyPair);
    KeyPair keyPair = loadKeyPair(rsaKeyDir, publicKeyName, privateKeyName, "RSA");
    try {
        // Create the encryption client.
        EncryptionMaterials encryptionMaterials = new EncryptionMaterials(keyPair);
        AmazonS3 s3EncryptionClient = AmazonS3EncryptionClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(encryptionMaterials)).withRegion(clientRegion).build();
        // Create a new object.
        byte[] plaintext = "S3 Object Encrypted Using Client-Side Asymmetric Master Key.".getBytes();
        S3Object object = new S3Object();
        object.setKey(objectKeyName);
        object.setObjectContent(new ByteArrayInputStream(plaintext));
        ObjectMetadata metadata = new ObjectMetadata();
        metadata.setContentLength(plaintext.length);
        // Upload the object. The encryption client automatically encrypts it.
        PutObjectRequest putRequest = new PutObjectRequest(bucketName, object.getKey(), object.getObjectContent(), metadata);
        s3EncryptionClient.putObject(putRequest);
        // Download and decrypt the object.
        S3Object downloadedObject = s3EncryptionClient.getObject(bucketName, object.getKey());
        byte[] decrypted = IOUtils.toByteArray(downloadedObject.getObjectContent());
        // Verify that the data that you downloaded is the same as the original data.
        System.out.println("Plaintext: " + new String(plaintext));
        System.out.println("Decrypted text: " + new String(decrypted));
    } catch (AmazonServiceException e) {
        // The call was transmitted successfully, but Amazon S3 couldn't process
        // it, so it returned an error response.
        e.printStackTrace();
    } catch (SdkClientException e) {
        // Amazon S3 couldn't be contacted for a response, or the client
        // couldn't parse the response from Amazon S3.
        e.printStackTrace();
    }
}
Also used : AmazonS3(com.amazonaws.services.s3.AmazonS3) Regions(com.amazonaws.regions.Regions) SdkClientException(com.amazonaws.SdkClientException) AmazonServiceException(com.amazonaws.AmazonServiceException) ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider)

Example 9 with EncryptionMaterials

use of com.amazonaws.services.s3.model.EncryptionMaterials in project aws-doc-sdk-examples by awsdocs.

the class S3ClientSideEncryptionSymMasterKey method main.

public static void main(String[] args) throws Exception {
    Regions clientRegion = Regions.DEFAULT_REGION;
    String bucketName = "*** Bucket name ***";
    String objectKeyName = "*** Object key name ***";
    String masterKeyDir = System.getProperty("java.io.tmpdir");
    String masterKeyName = "secret.key";
    // Generate a symmetric 256-bit AES key.
    KeyGenerator symKeyGenerator = KeyGenerator.getInstance("AES");
    symKeyGenerator.init(256);
    SecretKey symKey = symKeyGenerator.generateKey();
    // To see how it works, save and load the key to and from the file system.
    saveSymmetricKey(masterKeyDir, masterKeyName, symKey);
    symKey = loadSymmetricAESKey(masterKeyDir, masterKeyName, "AES");
    try {
        // Create the Amazon S3 encryption client.
        EncryptionMaterials encryptionMaterials = new EncryptionMaterials(symKey);
        AmazonS3 s3EncryptionClient = AmazonS3EncryptionClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(encryptionMaterials)).withRegion(clientRegion).build();
        // Upload a new object. The encryption client automatically encrypts it.
        byte[] plaintext = "S3 Object Encrypted Using Client-Side Symmetric Master Key.".getBytes();
        s3EncryptionClient.putObject(new PutObjectRequest(bucketName, objectKeyName, new ByteArrayInputStream(plaintext), new ObjectMetadata()));
        // Download and decrypt the object.
        S3Object downloadedObject = s3EncryptionClient.getObject(bucketName, objectKeyName);
        byte[] decrypted = com.amazonaws.util.IOUtils.toByteArray(downloadedObject.getObjectContent());
        // Verify that the data that you downloaded is the same as the original data.
        System.out.println("Plaintext: " + new String(plaintext));
        System.out.println("Decrypted text: " + new String(decrypted));
    } catch (AmazonServiceException e) {
        // The call was transmitted successfully, but Amazon S3 couldn't process
        // it, so it returned an error response.
        e.printStackTrace();
    } catch (SdkClientException e) {
        // Amazon S3 couldn't be contacted for a response, or the client
        // couldn't parse the response from Amazon S3.
        e.printStackTrace();
    }
}
Also used : AmazonS3(com.amazonaws.services.s3.AmazonS3) Regions(com.amazonaws.regions.Regions) SecretKey(javax.crypto.SecretKey) SdkClientException(com.amazonaws.SdkClientException) AmazonServiceException(com.amazonaws.AmazonServiceException) ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider) KeyGenerator(javax.crypto.KeyGenerator)

Example 10 with EncryptionMaterials

use of com.amazonaws.services.s3.model.EncryptionMaterials in project aws-doc-sdk-examples by awsdocs.

the class S3EncryptV2 method putEncryptedData1.

public static void putEncryptedData1() throws NoSuchAlgorithmException {
    // snippet-start:[s3.java.s3_cse_v2.symmetric]
    KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
    keyGenerator.init(256);
    // generate a symmetric encryption key for testing
    SecretKey secretKey = keyGenerator.generateKey();
    // snippet-start:[s3.java.s3_cse_v2.strictauth]
    String s3ObjectKey = "EncryptedContent1.txt";
    String s3ObjectContent = "This is the 1st content to encrypt";
    AmazonS3EncryptionV2 s3Encryption = AmazonS3EncryptionClientV2Builder.standard().withRegion(Regions.DEFAULT_REGION).withClientConfiguration(new ClientConfiguration()).withCryptoConfiguration(new CryptoConfigurationV2().withCryptoMode(CryptoMode.StrictAuthenticatedEncryption)).withEncryptionMaterialsProvider(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
    s3Encryption.putObject(bucketName, s3ObjectKey, s3ObjectContent);
    // snippet-end:[s3.java.s3_cse_v2.strictauth]
    System.out.println(s3Encryption.getObjectAsString(bucketName, s3ObjectKey));
    s3Encryption.shutdown();
// snippet-end:[s3.java.s3_cse_v2.symmetric]
}
Also used : AmazonS3EncryptionV2(com.amazonaws.services.s3.AmazonS3EncryptionV2) SecretKey(javax.crypto.SecretKey) EncryptionMaterials(com.amazonaws.services.s3.model.EncryptionMaterials) CryptoConfigurationV2(com.amazonaws.services.s3.model.CryptoConfigurationV2) StaticEncryptionMaterialsProvider(com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider) KeyGenerator(javax.crypto.KeyGenerator) ClientConfiguration(com.amazonaws.ClientConfiguration)

Aggregations

AmazonS3 (com.amazonaws.services.s3.AmazonS3)8 AmazonS3Encryption (com.amazonaws.services.s3.AmazonS3Encryption)8 SecretKey (javax.crypto.SecretKey)8 KeyPair (java.security.KeyPair)3 AmazonServiceException (com.amazonaws.AmazonServiceException)2 SdkClientException (com.amazonaws.SdkClientException)2 ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)2 Regions (com.amazonaws.regions.Regions)2 AmazonS3EncryptionV2 (com.amazonaws.services.s3.AmazonS3EncryptionV2)2 CryptoConfigurationV2 (com.amazonaws.services.s3.model.CryptoConfigurationV2)2 EncryptionMaterials (com.amazonaws.services.s3.model.EncryptionMaterials)2 StaticEncryptionMaterialsProvider (com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider)2 KeyGenerator (javax.crypto.KeyGenerator)2 ClientConfiguration (com.amazonaws.ClientConfiguration)1 KeyPairGenerator (java.security.KeyPairGenerator)1