Example 6 with StaticEncryptionMaterialsProvider
use of com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider in project aws-doc-sdk-examples by awsdocs.
the class S3Encrypt method strictAuthenticatedEncryption_CustomerManagedKey.
/**
* Uses AES/GCM with AESWrap key wrapping to encrypt the key. Uses v2 metadata schema. The only difference between this and
* {@link #authenticatedEncryption_CustomerManagedKey()} is that attempting to retrieve an object non
* encrypted with AES/GCM will thrown an exception instead of falling back to encryption only or plaintext GET.
*/
// snippet-start:[s3.java1.s3_encrypt.strict_authenticated_encryption]
public void strictAuthenticatedEncryption_CustomerManagedKey() throws NoSuchAlgorithmException {
// snippet-start:[s3.java1.s3_encrypt.strict_authenticated_encryption_build]
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.StrictAuthenticatedEncryption)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
// snippet-end:[s3.java1.s3_encrypt.strict_authenticated_encryption_build]
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
try {
s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY);
} catch (SecurityException e) {
// Strict authenticated encryption will throw an exception if an object is not encrypted with AES/GCM
System.err.println(NON_ENCRYPTED_KEY + " was not encrypted with AES/GCM");
}
}
Also used :
AmazonS3(com.amazonaws.services.s3.AmazonS3)
SecretKey(javax.crypto.SecretKey)
AmazonS3Encryption(com.amazonaws.services.s3.AmazonS3Encryption)
Example 7 with StaticEncryptionMaterialsProvider
use of com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider in project aws-doc-sdk-examples by awsdocs.
the class S3Encrypt method encryptionOnly_CustomerManagedKey.
/**
* Uses AES/CBC algorithm, no key wrapping.
*/
public void encryptionOnly_CustomerManagedKey() throws NoSuchAlgorithmException {
SecretKey secretKey = KeyGenerator.getInstance("AES").generateKey();
AmazonS3Encryption s3Encryption = AmazonS3EncryptionClientBuilder.standard().withRegion(Regions.US_WEST_2).withCryptoConfiguration(new CryptoConfiguration(CryptoMode.EncryptionOnly)).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
AmazonS3 s3NonEncrypt = AmazonS3ClientBuilder.standard().withRegion(Regions.DEFAULT_REGION).build();
s3Encryption.putObject(BUCKET_NAME, ENCRYPTED_KEY, "some contents");
s3NonEncrypt.putObject(BUCKET_NAME, NON_ENCRYPTED_KEY, "some other contents");
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, ENCRYPTED_KEY));
System.out.println(s3Encryption.getObjectAsString(BUCKET_NAME, NON_ENCRYPTED_KEY));
}
Also used :
AmazonS3(com.amazonaws.services.s3.AmazonS3)
SecretKey(javax.crypto.SecretKey)
AmazonS3Encryption(com.amazonaws.services.s3.AmazonS3Encryption)
Example 8 with StaticEncryptionMaterialsProvider
use of com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider in project aws-doc-sdk-examples by awsdocs.
the class S3ClientSideEncryptionAsymmetricMasterKey method main.
public static void main(String[] args) throws Exception {
Regions clientRegion = Regions.DEFAULT_REGION;
String bucketName = "*** Bucket name ***";
String objectKeyName = "*** Key name ***";
String rsaKeyDir = System.getProperty("java.io.tmpdir");
String publicKeyName = "public.key";
String privateKeyName = "private.key";
// Generate a 1024-bit RSA key pair.
KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance("RSA");
keyGenerator.initialize(1024, new SecureRandom());
KeyPair origKeyPair = keyGenerator.generateKeyPair();
// To see how it works, save and load the key pair to and from the file system.
saveKeyPair(rsaKeyDir, publicKeyName, privateKeyName, origKeyPair);
KeyPair keyPair = loadKeyPair(rsaKeyDir, publicKeyName, privateKeyName, "RSA");
try {
// Create the encryption client.
EncryptionMaterials encryptionMaterials = new EncryptionMaterials(keyPair);
AmazonS3 s3EncryptionClient = AmazonS3EncryptionClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(encryptionMaterials)).withRegion(clientRegion).build();
// Create a new object.
byte[] plaintext = "S3 Object Encrypted Using Client-Side Asymmetric Master Key.".getBytes();
S3Object object = new S3Object();
object.setKey(objectKeyName);
object.setObjectContent(new ByteArrayInputStream(plaintext));
ObjectMetadata metadata = new ObjectMetadata();
metadata.setContentLength(plaintext.length);
// Upload the object. The encryption client automatically encrypts it.
PutObjectRequest putRequest = new PutObjectRequest(bucketName, object.getKey(), object.getObjectContent(), metadata);
s3EncryptionClient.putObject(putRequest);
// Download and decrypt the object.
S3Object downloadedObject = s3EncryptionClient.getObject(bucketName, object.getKey());
byte[] decrypted = IOUtils.toByteArray(downloadedObject.getObjectContent());
// Verify that the data that you downloaded is the same as the original data.
System.out.println("Plaintext: " + new String(plaintext));
System.out.println("Decrypted text: " + new String(decrypted));
} catch (AmazonServiceException e) {
// The call was transmitted successfully, but Amazon S3 couldn't process
// it, so it returned an error response.
e.printStackTrace();
} catch (SdkClientException e) {
// Amazon S3 couldn't be contacted for a response, or the client
// couldn't parse the response from Amazon S3.
e.printStackTrace();
}
}
Also used :
AmazonS3(com.amazonaws.services.s3.AmazonS3)
Regions(com.amazonaws.regions.Regions)
SdkClientException(com.amazonaws.SdkClientException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider)
Example 9 with StaticEncryptionMaterialsProvider
use of com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider in project aws-doc-sdk-examples by awsdocs.
the class S3ClientSideEncryptionSymMasterKey method main.
public static void main(String[] args) throws Exception {
Regions clientRegion = Regions.DEFAULT_REGION;
String bucketName = "*** Bucket name ***";
String objectKeyName = "*** Object key name ***";
String masterKeyDir = System.getProperty("java.io.tmpdir");
String masterKeyName = "secret.key";
// Generate a symmetric 256-bit AES key.
KeyGenerator symKeyGenerator = KeyGenerator.getInstance("AES");
symKeyGenerator.init(256);
SecretKey symKey = symKeyGenerator.generateKey();
// To see how it works, save and load the key to and from the file system.
saveSymmetricKey(masterKeyDir, masterKeyName, symKey);
symKey = loadSymmetricAESKey(masterKeyDir, masterKeyName, "AES");
try {
// Create the Amazon S3 encryption client.
EncryptionMaterials encryptionMaterials = new EncryptionMaterials(symKey);
AmazonS3 s3EncryptionClient = AmazonS3EncryptionClientBuilder.standard().withCredentials(new ProfileCredentialsProvider()).withEncryptionMaterials(new StaticEncryptionMaterialsProvider(encryptionMaterials)).withRegion(clientRegion).build();
// Upload a new object. The encryption client automatically encrypts it.
byte[] plaintext = "S3 Object Encrypted Using Client-Side Symmetric Master Key.".getBytes();
s3EncryptionClient.putObject(new PutObjectRequest(bucketName, objectKeyName, new ByteArrayInputStream(plaintext), new ObjectMetadata()));
// Download and decrypt the object.
S3Object downloadedObject = s3EncryptionClient.getObject(bucketName, objectKeyName);
byte[] decrypted = com.amazonaws.util.IOUtils.toByteArray(downloadedObject.getObjectContent());
// Verify that the data that you downloaded is the same as the original data.
System.out.println("Plaintext: " + new String(plaintext));
System.out.println("Decrypted text: " + new String(decrypted));
} catch (AmazonServiceException e) {
// The call was transmitted successfully, but Amazon S3 couldn't process
// it, so it returned an error response.
e.printStackTrace();
} catch (SdkClientException e) {
// Amazon S3 couldn't be contacted for a response, or the client
// couldn't parse the response from Amazon S3.
e.printStackTrace();
}
}
Also used :
AmazonS3(com.amazonaws.services.s3.AmazonS3)
Regions(com.amazonaws.regions.Regions)
SecretKey(javax.crypto.SecretKey)
SdkClientException(com.amazonaws.SdkClientException)
AmazonServiceException(com.amazonaws.AmazonServiceException)
ProfileCredentialsProvider(com.amazonaws.auth.profile.ProfileCredentialsProvider)
KeyGenerator(javax.crypto.KeyGenerator)
Example 10 with StaticEncryptionMaterialsProvider
use of com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider in project aws-doc-sdk-examples by awsdocs.
the class S3EncryptV2 method putEncryptedData1.
public static void putEncryptedData1() throws NoSuchAlgorithmException {
// snippet-start:[s3.java.s3_cse_v2.symmetric]
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(256);
// generate a symmetric encryption key for testing
SecretKey secretKey = keyGenerator.generateKey();
// snippet-start:[s3.java.s3_cse_v2.strictauth]
String s3ObjectKey = "EncryptedContent1.txt";
String s3ObjectContent = "This is the 1st content to encrypt";
AmazonS3EncryptionV2 s3Encryption = AmazonS3EncryptionClientV2Builder.standard().withRegion(Regions.DEFAULT_REGION).withClientConfiguration(new ClientConfiguration()).withCryptoConfiguration(new CryptoConfigurationV2().withCryptoMode(CryptoMode.StrictAuthenticatedEncryption)).withEncryptionMaterialsProvider(new StaticEncryptionMaterialsProvider(new EncryptionMaterials(secretKey))).build();
s3Encryption.putObject(bucketName, s3ObjectKey, s3ObjectContent);
// snippet-end:[s3.java.s3_cse_v2.strictauth]
System.out.println(s3Encryption.getObjectAsString(bucketName, s3ObjectKey));
s3Encryption.shutdown();
// snippet-end:[s3.java.s3_cse_v2.symmetric]
}
Also used :
AmazonS3EncryptionV2(com.amazonaws.services.s3.AmazonS3EncryptionV2)
SecretKey(javax.crypto.SecretKey)
EncryptionMaterials(com.amazonaws.services.s3.model.EncryptionMaterials)
CryptoConfigurationV2(com.amazonaws.services.s3.model.CryptoConfigurationV2)
StaticEncryptionMaterialsProvider(com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider)
KeyGenerator(javax.crypto.KeyGenerator)
ClientConfiguration(com.amazonaws.ClientConfiguration)
Aggregations
AmazonS3 (com.amazonaws.services.s3.AmazonS3)8
AmazonS3Encryption (com.amazonaws.services.s3.AmazonS3Encryption)8
SecretKey (javax.crypto.SecretKey)8
KeyPair (java.security.KeyPair)3
AmazonServiceException (com.amazonaws.AmazonServiceException)2
SdkClientException (com.amazonaws.SdkClientException)2
ProfileCredentialsProvider (com.amazonaws.auth.profile.ProfileCredentialsProvider)2
Regions (com.amazonaws.regions.Regions)2
AmazonS3EncryptionV2 (com.amazonaws.services.s3.AmazonS3EncryptionV2)2
CryptoConfigurationV2 (com.amazonaws.services.s3.model.CryptoConfigurationV2)2
EncryptionMaterials (com.amazonaws.services.s3.model.EncryptionMaterials)2
StaticEncryptionMaterialsProvider (com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider)2
KeyGenerator (javax.crypto.KeyGenerator)2
ClientConfiguration (com.amazonaws.ClientConfiguration)1
KeyPairGenerator (java.security.KeyPairGenerator)1
