使用 LocalKeyEncryptionKeyAsyncClient

huangapple go评论161阅读模式
英文:

Usage of LocalKeyEncryptionKeyAsyncClient

问题

我正在尝试将 blob 上传到 Azure Blob 存储,但我希望在客户端进行加密,并将密钥存储在我的一侧(而不是在 Azure KeyVault 上)。我想使用最新的 Java SDK - v12。
我发现要进行客户端加密,我应该使用 EncryptedBlobClient 类,该类通过 EncryptedBlobClientBuilder 实例化。
EncryptedBlobClientBuilder 需要设置 AsyncKeyEncryptionKey,并且我希望使用存储在我的一侧的密钥 - LocalKeyEncryptionKeyAsyncClient 用于这些需求吗?我找不到关于这个类的太多信息。
谢谢

英文:

I am trying to upload blob to azure blob storage, but I'd like to have client side encryption with keys stored on my side(not on Azure KeyVault). I'd like to use newest Java SDK - v12.
I have found that for client side encryption I should use EncryptedBlobClient class, which is instanced through EncryptedBlobClientBuilder.
EncryptedBlobClientBuilder requires AsyncKeyEncryptionKey to be set, and I'd like to use keys stored on my side - is LocalKeyEncryptionKeyAsyncClient used for these needs? I can not find much about this class.
Thank you

答案1

得分: 1

以下是翻译好的部分:

这个示例使用 ResolveKeyAsync 方法返回一个 RsaKey。如果你不想将密钥存储在 KeyVault 中,那么就不需要使用它,你可以按照你的喜好使用密钥。

RsaKey rsa = new RsaKey("your private Key");

// 创建用于上传和下载的加密策略。
BlobEncryptionPolicy policy = new BlobEncryptionPolicy(rsa, null);

// 在请求选项上设置加密策略。
BlobRequestOptions options = new BlobRequestOptions();
options.setEncryptionPolicy(policy);

// 将加密内容上传到 Blob。
blob.upload(stream, size, null, options, null);

更多详情,请参阅类似的 issue

更新:

有一个类似问题的 答案

JsonWebKey localKey = JsonWebKey.fromAes(new SecretKeySpec(encryptionKeyBytes, "AES"), Arrays.asList(KeyOperation.WRAP_KEY, KeyOperation.UNWRAP_KEY)).setId("my-id");

AsyncKeyEncryptionKey akek = new LocalKeyEncryptionKeyClientBuilder().buildAsyncKeyEncryptionKey(localKey).block();

EncryptedBlobClient encryptedBlobClient = new EncryptedBlobClientBuilder()
    .endpoint(serviceClient.getAccountUrl())
    .sasToken("<SAS token>")
    .containerName(containerName)
    .blobName(blobName)
    .key(akek, KeyWrapAlgorithm.A256KW.toString())
    .buildEncryptedBlobClient();

encryptedBlobClient.uploadFromFile(filepath);
英文:

The sample uses ResolveKeyAsync method to return an RsaKey. If you don't want to store the Key into KeyVault then it's no need to use this, you could use the key as you like.

RsaKey rsa = new RsaKey(&quot;your private Key&quot;);

// Create the encryption policy to be used for upload and download.
BlobEncryptionPolicy policy = new BlobEncryptionPolicy(rsa, null);

// Set the encryption policy on the request options.
BlobRequestOptions options = new BlobRequestOptions();
options.setEncryptionPolicy(policy);

// Upload the encrypted contents to the blob.
blob.upload(stream, size, null, options, null);

For more details, see the similar issue.


Update:

There is an answer of the similar issue.

JsonWebKey localKey = JsonWebKey.fromAes(new SecretKeySpec(encryptionKeyBytes, &quot;AES&quot;), Arrays.asList(KeyOperation.WRAP_KEY, KeyOperation.UNWRAP_KEY)).setId(&quot;my-id&quot;);

AsyncKeyEncryptionKey akek = new LocalKeyEncryptionKeyClientBuilder().buildAsyncKeyEncryptionKey(localKey).block();

EncryptedBlobClient encryptedBlobClient = new EncryptedBlobClientBuilder()
    .endpoint(serviceClient.getAccountUrl())
    .sasToken(&quot;&lt;SAS token&gt;&quot;)
    .containerName(containerName)
    .blobName(blobName)
    .key(akek, KeyWrapAlgorithm.A256KW.toString())
    .buildEncryptedBlobClient();

encryptedBlobClient.uploadFromFile(filepath);

huangapple
  • 本文由 发表于 2020年8月11日 23:40:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/63361648.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定