Azure存储blob客户端加密不解密Java
Azure存储blob,使用客户端加密,使用CEK和KEK上传了blob。现在正在尝试使用客户端上的KEK下载解密文件。但是文件会被下载,不会解密。仅显示加密的文件Azure存储blob客户端加密不解密Java,java,azure-storage-blobs,Java,Azure Storage Blobs,Azure存储blob,使用客户端加密,使用CEK和KEK上传了blob。现在正在尝试使用客户端上的KEK下载解密文件。但是文件会被下载,不会解密。仅显示加密的文件 public class KeyVaultGettingStarted { public static void main(String[] args) throws StorageException, NoSuchAlgorithmException, InterruptedException,
public class KeyVaultGettingStarted {
public static void main(String[] args) throws StorageException,
NoSuchAlgorithmException, InterruptedException, ExecutionException,
URISyntaxException, InvalidKeyException, IOException {
Utility.printSampleStartInfo("KeyVaultGettingStarted");
// Get the key ID from Utility if it exists.
String keyID = Utility.keyVaultKeyID;
// If no key ID was specified, we will create a new secret in Key Vault.
// To create a new secret, this client needs full permission to Key
// Vault secrets.
// Once the secret is created, its ID can be added to App.config. Once
// this is done,
// this client only needs read access to secrets.
if (keyID == null || keyID.isEmpty()) {
keyID = KeyVaultUtility.createSecret("KVGettingStartedSecret");
}
// Retrieve storage account information from connection string
// How to create a storage connection string -
// https://azure.microsoft.com/en-us/documentation/articles/storage-configure-connection-string/
CloudStorageAccount storageAccount = CloudStorageAccount
.parse(Utility.storageConnectionString);
CloudBlobClient client = storageAccount.createCloudBlobClient();
CloudBlobContainer container = client
.getContainerReference("blobencryptioncontainer"
+ UUID.randomUUID().toString().replace("-", ""));
container.createIfNotExists();
// Construct a resolver capable of looking up keys and secrets stored in
// Key Vault.
KeyVaultKeyResolver cloudResolver = new KeyVaultKeyResolver(
KeyVaultUtility.GetKeyVaultClient());
// To demonstrate how multiple different types of key can be used, we
// also create a local key and resolver.
// This key is temporary and won't be persisted.
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024);
final KeyPair wrapKey = keyGen.generateKeyPair();
RsaKey rsaKey = new RsaKey("rsaKey1", wrapKey);
LocalResolver resolver = new LocalResolver();
resolver.add(rsaKey);
// If there are multiple key sources like Azure Key Vault and local KMS,
// set up an aggregate resolver as follows.
// This helps users to define a plug-in model for all the different key
// providers they support.
AggregateKeyResolver aggregateResolver = new AggregateKeyResolver();
aggregateResolver.Add(resolver);
aggregateResolver.Add(cloudResolver);
// Set up a caching resolver so the secrets can be cached on the client.
// This is the recommended usage
// pattern since the throttling targets for Storage and Key Vault
// services are orders of magnitude
// different.
CachingKeyResolver cachingResolver = new CachingKeyResolver(1,
aggregateResolver);
// Create a key instance corresponding to the key ID. This will cache
// the secret.
IKey cloudKey = cachingResolver.resolveKeyAsync(keyID).get();
System.out.println(cloudKey.toString());
try {
container.createIfNotExists();
int size = 5 * 1024 * 1024;
String a = "this is the encrypted message.";
// The first blob will use the key stored in the Azure Key Vault.
CloudBlockBlob blob = container.getBlockBlobReference("blockblob1");
BlobEncryptionPolicy uploadPolicy = new BlobEncryptionPolicy(
cloudKey, null);
// Set the encryption policy on the request options.
BlobRequestOptions uploadOptions = new BlobRequestOptions();
uploadOptions.setEncryptionPolicy(uploadPolicy);
System.out.println("Uploading the 1st encrypted blob.");
// Upload the encrypted contents to the blob.
ByteArrayInputStream inputStream = new
ByteArrayInputStream(a.getBytes());
blob.upload(inputStream, size, null, uploadOptions, null);
// Download the encrypted blob.
BlobEncryptionPolicy downloadPolicy = new BlobEncryptionPolicy(
null,cachingResolver);
// Set the decryption policy on the request options.
BlobRequestOptions downloadOptions = new BlobRequestOptions();
downloadOptions.setEncryptionPolicy(downloadPolicy);
System.out.println(downloadOptions.toString());
System.out.println("Downloading the 1st encrypted blob.");
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
blob.download(outputStream, null, downloadOptions, null);
blob.downloadToFile("C:\\Users\\kashyap\\Downloads\\abc.txt");
}
Azure存储blob,使用客户端加密,使用CEK和KEK上传了blob。现在正在尝试使用客户端上的KEK下载解密文件。但是文件会被下载,不会解密。仅显示加密文件。这两个文档可能会给您一些帮助:
public class KeyVaultGettingStarted {
public static void main(String[] args) throws StorageException,
NoSuchAlgorithmException, InterruptedException, ExecutionException,
URISyntaxException, InvalidKeyException, IOException {
Utility.printSampleStartInfo("KeyVaultGettingStarted");
// Get the key ID from Utility if it exists.
String keyID = Utility.keyVaultKeyID;
// If no key ID was specified, we will create a new secret in Key Vault.
// To create a new secret, this client needs full permission to Key
// Vault secrets.
// Once the secret is created, its ID can be added to App.config. Once
// this is done,
// this client only needs read access to secrets.
if (keyID == null || keyID.isEmpty()) {
keyID = KeyVaultUtility.createSecret("KVGettingStartedSecret");
}
// Retrieve storage account information from connection string
// How to create a storage connection string -
// https://azure.microsoft.com/en-us/documentation/articles/storage-configure-connection-string/
CloudStorageAccount storageAccount = CloudStorageAccount
.parse(Utility.storageConnectionString);
CloudBlobClient client = storageAccount.createCloudBlobClient();
CloudBlobContainer container = client
.getContainerReference("blobencryptioncontainer"
+ UUID.randomUUID().toString().replace("-", ""));
container.createIfNotExists();
// Construct a resolver capable of looking up keys and secrets stored in
// Key Vault.
KeyVaultKeyResolver cloudResolver = new KeyVaultKeyResolver(
KeyVaultUtility.GetKeyVaultClient());
// To demonstrate how multiple different types of key can be used, we
// also create a local key and resolver.
// This key is temporary and won't be persisted.
final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024);
final KeyPair wrapKey = keyGen.generateKeyPair();
RsaKey rsaKey = new RsaKey("rsaKey1", wrapKey);
LocalResolver resolver = new LocalResolver();
resolver.add(rsaKey);
// If there are multiple key sources like Azure Key Vault and local KMS,
// set up an aggregate resolver as follows.
// This helps users to define a plug-in model for all the different key
// providers they support.
AggregateKeyResolver aggregateResolver = new AggregateKeyResolver();
aggregateResolver.Add(resolver);
aggregateResolver.Add(cloudResolver);
// Set up a caching resolver so the secrets can be cached on the client.
// This is the recommended usage
// pattern since the throttling targets for Storage and Key Vault
// services are orders of magnitude
// different.
CachingKeyResolver cachingResolver = new CachingKeyResolver(1,
aggregateResolver);
// Create a key instance corresponding to the key ID. This will cache
// the secret.
IKey cloudKey = cachingResolver.resolveKeyAsync(keyID).get();
System.out.println(cloudKey.toString());
try {
container.createIfNotExists();
int size = 5 * 1024 * 1024;
String a = "this is the encrypted message.";
// The first blob will use the key stored in the Azure Key Vault.
CloudBlockBlob blob = container.getBlockBlobReference("blockblob1");
BlobEncryptionPolicy uploadPolicy = new BlobEncryptionPolicy(
cloudKey, null);
// Set the encryption policy on the request options.
BlobRequestOptions uploadOptions = new BlobRequestOptions();
uploadOptions.setEncryptionPolicy(uploadPolicy);
System.out.println("Uploading the 1st encrypted blob.");
// Upload the encrypted contents to the blob.
ByteArrayInputStream inputStream = new
ByteArrayInputStream(a.getBytes());
blob.upload(inputStream, size, null, uploadOptions, null);
// Download the encrypted blob.
BlobEncryptionPolicy downloadPolicy = new BlobEncryptionPolicy(
null,cachingResolver);
// Set the decryption policy on the request options.
BlobRequestOptions downloadOptions = new BlobRequestOptions();
downloadOptions.setEncryptionPolicy(downloadPolicy);
System.out.println(downloadOptions.toString());
System.out.println("Downloading the 1st encrypted blob.");
ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
blob.download(outputStream, null, downloadOptions, null);
blob.downloadToFile("C:\\Users\\kashyap\\Downloads\\abc.txt");
}
blob.downloadToFile(“C:\\Users\\kashyap\\Downloads\\abc.txt”,null,uploadOptions,null)
您可以看到我上载到azure blob的图片已损坏:
但当我用这种方法下载它时,它又回到了图片:
这对我来说很有效。如果您有更多问题,请让我知道。您使用相同的密钥解密和加密blob吗?我的解决方案解决了您的问题吗?@KashyapSoni很乐意提供帮助。我也有同样的问题-Azure storage blob客户端加密不解密DOTNET-我使用了Wait blob.DownloadToStreamAsync(ms,null,options,null);