英文:
Usage of LocalKeyEncryptionKeyAsyncClient
问题
我正在尝试将 blob 上传到 Azure Blob 存储,但我希望在客户端进行加密,并将密钥存储在我的一侧(而不是在 Azure KeyVault 上)。我想使用最新的 Java SDK - v12。
我发现要进行客户端加密,我应该使用 EncryptedBlobClient 类,该类通过 EncryptedBlobClientBuilder 实例化。
EncryptedBlobClientBuilder 需要设置 AsyncKeyEncryptionKey,并且我希望使用存储在我的一侧的密钥 - LocalKeyEncryptionKeyAsyncClient 用于这些需求吗?我找不到关于这个类的太多信息。
谢谢
英文:
I am trying to upload blob to azure blob storage, but I'd like to have client side encryption with keys stored on my side(not on Azure KeyVault). I'd like to use newest Java SDK - v12.
I have found that for client side encryption I should use EncryptedBlobClient class, which is instanced through EncryptedBlobClientBuilder.
EncryptedBlobClientBuilder requires AsyncKeyEncryptionKey to be set, and I'd like to use keys stored on my side - is LocalKeyEncryptionKeyAsyncClient used for these needs? I can not find much about this class.
Thank you
答案1
得分: 1
以下是翻译好的部分:
这个示例使用 ResolveKeyAsync 方法返回一个 RsaKey。如果你不想将密钥存储在 KeyVault 中,那么就不需要使用它,你可以按照你的喜好使用密钥。
RsaKey rsa = new RsaKey("your private Key");
// 创建用于上传和下载的加密策略。
BlobEncryptionPolicy policy = new BlobEncryptionPolicy(rsa, null);
// 在请求选项上设置加密策略。
BlobRequestOptions options = new BlobRequestOptions();
options.setEncryptionPolicy(policy);
// 将加密内容上传到 Blob。
blob.upload(stream, size, null, options, null);
更多详情,请参阅类似的 issue。
更新:
有一个类似问题的 答案。
JsonWebKey localKey = JsonWebKey.fromAes(new SecretKeySpec(encryptionKeyBytes, "AES"), Arrays.asList(KeyOperation.WRAP_KEY, KeyOperation.UNWRAP_KEY)).setId("my-id");
AsyncKeyEncryptionKey akek = new LocalKeyEncryptionKeyClientBuilder().buildAsyncKeyEncryptionKey(localKey).block();
EncryptedBlobClient encryptedBlobClient = new EncryptedBlobClientBuilder()
.endpoint(serviceClient.getAccountUrl())
.sasToken("<SAS token>")
.containerName(containerName)
.blobName(blobName)
.key(akek, KeyWrapAlgorithm.A256KW.toString())
.buildEncryptedBlobClient();
encryptedBlobClient.uploadFromFile(filepath);
英文:
The sample uses ResolveKeyAsync method to return an RsaKey. If you don't want to store the Key into KeyVault then it's no need to use this, you could use the key as you like.
RsaKey rsa = new RsaKey("your private Key");
// Create the encryption policy to be used for upload and download.
BlobEncryptionPolicy policy = new BlobEncryptionPolicy(rsa, null);
// Set the encryption policy on the request options.
BlobRequestOptions options = new BlobRequestOptions();
options.setEncryptionPolicy(policy);
// Upload the encrypted contents to the blob.
blob.upload(stream, size, null, options, null);
For more details, see the similar issue.
Update:
There is an answer of the similar issue.
JsonWebKey localKey = JsonWebKey.fromAes(new SecretKeySpec(encryptionKeyBytes, "AES"), Arrays.asList(KeyOperation.WRAP_KEY, KeyOperation.UNWRAP_KEY)).setId("my-id");
AsyncKeyEncryptionKey akek = new LocalKeyEncryptionKeyClientBuilder().buildAsyncKeyEncryptionKey(localKey).block();
EncryptedBlobClient encryptedBlobClient = new EncryptedBlobClientBuilder()
.endpoint(serviceClient.getAccountUrl())
.sasToken("<SAS token>")
.containerName(containerName)
.blobName(blobName)
.key(akek, KeyWrapAlgorithm.A256KW.toString())
.buildEncryptedBlobClient();
encryptedBlobClient.uploadFromFile(filepath);
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论