C# 使用Azure Bob Storage v12 SDK for.Net进行加密
我想将代码迁移到,但如何使用Azure Keyvault 没有blobenchryptionpolicy类 这已经过时了。它仍然基于旧的SDK v11 SDK代码:C# 使用Azure Bob Storage v12 SDK for.Net进行加密,c#,.net,azure-storage-blobs,azure-keyvault,C#,.net,Azure Storage Blobs,Azure Keyvault,我想将代码迁移到,但如何使用Azure Keyvault 没有blobenchryptionpolicy类 这已经过时了。它仍然基于旧的SDK v11 SDK代码: // Retrieve the key that you created previously. // The IKey that is returned here is an RsaKey. var rsa = cloudResolver.ResolveKeyAsync( "https://con
// Retrieve the key that you created previously.
// The IKey that is returned here is an RsaKey.
var rsa = cloudResolver.ResolveKeyAsync(
"https://contosokeyvault.vault.azure.net/keys/TestRSAKey1",
CancellationToken.None).GetAwaiter().GetResult();
// Now you simply use the RSA key to encrypt by setting it in the BlobEncryptionPolicy.
BlobEncryptionPolicy policy = new BlobEncryptionPolicy(rsa, null);
BlobRequestOptions options = new BlobRequestOptions() { EncryptionPolicy = policy };
// Reference a block blob.
CloudBlockBlob blob = contain.GetBlockBlobReference("MyFile.txt");
// Upload using the UploadFromStream method.
using (var stream = System.IO.File.OpenRead(@"C:\Temp\MyFile.txt"))
blob.UploadFromStream(stream, stream.Length, null, options, null);
关于此问题,请参考以下步骤。有关更多详细信息,请参阅
字符串tenantId=”“;
字符串clientId=“”;
字符串clientSecret=“”;
字符串连接字符串=”;
ClientSecretCredential cred=新的ClientSecretCredential(tenantId、clientId、clientSecret);
var vaultUri=新Uri(“https://jimkey02.vault.azure.net/");
KeyClient KeyClient=新的KeyClient(vaultUri,cred);
//如果您没有密钥,请使用以下代码创建
//KeyVaultKey-rasKey=wait-keyClient.CreateRsaKeyAsync(新的CreateRsaKeyOptions(“blobKey”);
KeyVaultKey-rasKey=await-keyClient.GetKeyAsync(“blobKey”,即“);
IKeyEncryptionKey=新加密客户端(rasKey.Id,cred);
IKeyEncryptionKeyResolver keyResolver=新的keyResolver(cred);
ClientSideEncryptionOptions encryptionOptions=新的ClientSideEncryptionOptions(ClientSideEncryptionVersion.V1\u 0)
{
KeyEncryptionKey=密钥,
KeyResolver=KeyResolver,
//调用IKeyEncryptionKey.WrapKey()时存储客户端将使用的字符串
KeyWrapAlgorithm=“RSA1_5”
};
BlobClientOptions=new SpecializedBlobClientOptions(){ClientSideEncryption=encryptionOptions};
BlobClient blob=新的BlobServiceClient(connectionString,options).GetBlobContainerClient(“test”).GetBlobClient(“test.txt”);
使用(FileStream file=file.OpenRead(@“D:\test.txt”))
{
等待blob.UploadAsync(文件);
}
BlobDownloadInfo下载=等待blob.DownloadAsync();
使用(StreamReader=newstreamreader(download.Content)){
string text=wait reader.ReadToEndAsync();
控制台写入线(文本);
}
您还有其他顾虑吗?如果您没有其他顾虑,您能接受ii作为ana snwer吗?
string tenantId = "<sp tenant>";
string clientId = "<sp appId>";
string clientSecret = "<sp secret>";
string connectionString = "";
ClientSecretCredential cred = new ClientSecretCredential(tenantId, clientId, clientSecret);
var vaultUri = new Uri("https://jimkey02.vault.azure.net/");
KeyClient keyClient = new KeyClient(vaultUri, cred);
// if you do not have key, please use following code to create
//KeyVaultKey rasKey = await keyClient.CreateRsaKeyAsync(new CreateRsaKeyOptions("blobKey"));
KeyVaultKey rasKey = await keyClient.GetKeyAsync("blobKey", "<key version>");
IKeyEncryptionKey key =new CryptographyClient(rasKey.Id, cred);
IKeyEncryptionKeyResolver keyResolver = new KeyResolver(cred);
ClientSideEncryptionOptions encryptionOptions = new ClientSideEncryptionOptions(ClientSideEncryptionVersion.V1_0)
{
KeyEncryptionKey = key,
KeyResolver = keyResolver,
// string the storage client will use when calling IKeyEncryptionKey.WrapKey()
KeyWrapAlgorithm = "RSA1_5"
};
BlobClientOptions options = new SpecializedBlobClientOptions() { ClientSideEncryption = encryptionOptions };
BlobClient blob = new BlobServiceClient(connectionString, options).GetBlobContainerClient("test").GetBlobClient("test.txt");
using (FileStream file = File.OpenRead(@"D:\test.txt"))
{
await blob.UploadAsync(file);
}
BlobDownloadInfo download = await blob.DownloadAsync();
using (StreamReader reader = new StreamReader(download.Content)) {
string text = await reader.ReadToEndAsync();
Console.WriteLine(text);
}