如何在NodeJS上使用S3 SSE C(服务器端encryption与客户端提供的密钥)
如何在NodeJS上使用SSE Cencryption? 我试了下面,但得到一个错误
s3.putObject({ Bucket: 'mybucket', Body: 'Hello S3', ACL: 'private', Key: 'test.txt', SSECustomerAlgorithm: 'AES256', SSECustomerKey: '0699Exxxxxx' }, (err) => { if (err) return console.error(err.stack) s3.getSignedUrl('getObject', { Key: 'test.txt', Expires: 60, SSECustomerAlgorithm: 'AES256', SSECustomerKey: '0699Exxxxxx' }, (err, data) => { if (err) return console.error(err.stack) console.log(data) }) }) 问题是我得到“密钥对于指定algorithm无效”
sails> (node:4802) DeprecationWarning: Calling an asynchronous function without callback is deprecated. InvalidArgument: The secret key was invalid for the specified algorithm. at Request.extractError (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/services/s3.js:538:35) at Request.callListeners (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:105:20) at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:77:10) at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:668:14) at Request.transition (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:14:12) at /home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:38:9) at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:670:12) at Request.callListeners (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:115:18) at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:77:10) at Request.emit (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:668:14) at Request.transition (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:22:10) at AcceptorStateMachine.runTo (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:14:12) at /home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/state_machine.js:26:10 at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:38:9) at Request.<anonymous> (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/request.js:670:12) at Request.callListeners (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:115:18) at callNextListener (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/sequential_executor.js:95:12) at IncomingMessage.onEnd (/home/jiewmeng/Dropbox/goldbell-server/node_modules/aws-sdk/lib/event_listeners.js:211:11) at emitNone (events.js:91:20) at IncomingMessage.emit (events.js:185:7)
怎么了? 我尝试使用的键他们生成像:
➜ openssl enc -d -a -md sha1 -aes-256-cbc -nosalt -p enter aes-256-cbc decryption password: key=0699EC90A02... iv =433BFB13C10...
我使用SSECustomerKey的key
尝试以这种方式生成密钥:
const ssecKey = Buffer.alloc(32, 'your key')
那么你可以使用它
s3.putObject({ Bucket: 'mybucket', Body: 'Hello S3', ACL: 'private', Key: 'test.txt', SSECustomerAlgorithm: 'AES256', SSECustomerKey: ssecKey }, (err) => { if (err) return console.error(err.stack) s3.getSignedUrl('getObject', { Key: 'test.txt', Expires: 60, SSECustomerAlgorithm: 'AES256', SSECustomerKey: ssecKey }, (err, data) => { if (err) return console.error(err.stack) console.log(data) }) })