github.com/aliyun/aliyun-oss-go-sdk@v3.0.2+incompatible/sample_crypto/sample_crypto.go (about) 1 package main 2 3 import ( 4 "bytes" 5 "fmt" 6 "io/ioutil" 7 "os" 8 9 kms "github.com/aliyun/alibaba-cloud-sdk-go/services/kms" 10 "github.com/aliyun/aliyun-oss-go-sdk/oss" 11 "github.com/aliyun/aliyun-oss-go-sdk/oss/crypto" 12 ) 13 14 func SampleRsaNormalObject() { 15 // create oss client 16 client, err := oss.New("<yourEndpoint>", "<yourAccessKeyId>", "<yourAccessKeySecret>") 17 if err != nil { 18 fmt.Println("Error:", err) 19 os.Exit(-1) 20 } 21 22 // Create a description of the master key. Once created, it cannot be modified. The master key description and the master key are one-to-one correspondence. 23 // If all objects use the same master key, the master key description can also be empty, but subsequent replacement of the master key is not supported. 24 // Because if the description is empty, it is impossible to determine which master key is used when decrypting object. 25 // It is strongly recommended that: configure the master key description(json string) for each master key, and the client should save the correspondence between them. 26 // The server does not save their correspondence 27 28 // Map converted by the master key description information (json string) 29 materialDesc := make(map[string]string) 30 materialDesc["desc"] = "<your master encrypt key material describe information>" 31 32 // Create a master key object based on the master key description 33 masterRsaCipher, err := osscrypto.CreateMasterRsa(materialDesc, "<your rsa public key>", "<your rsa private key>") 34 if err != nil { 35 fmt.Println("Error:", err) 36 os.Exit(-1) 37 } 38 39 // Create an interface for encryption based on the master key object, encrypt using aec ctr mode 40 contentProvider := osscrypto.CreateAesCtrCipher(masterRsaCipher) 41 42 // Get a storage space for client encryption, the bucket has to be created 43 // Client-side encrypted buckets have similar usages to ordinary buckets. 44 cryptoBucket, err := osscrypto.GetCryptoBucket(client, "<yourBucketName>", contentProvider) 45 if err != nil { 46 fmt.Println("Error:", err) 47 os.Exit(-1) 48 } 49 50 // put object ,will be automatically encrypted 51 err = cryptoBucket.PutObject("<yourObjectName>", bytes.NewReader([]byte("yourObjectValueByteArrary"))) 52 if err != nil { 53 fmt.Println("Error:", err) 54 os.Exit(-1) 55 } 56 57 // get object ,will be automatically decrypted 58 body, err := cryptoBucket.GetObject("<yourObjectName>") 59 if err != nil { 60 fmt.Println("Error:", err) 61 os.Exit(-1) 62 } 63 defer body.Close() 64 65 data, err := ioutil.ReadAll(body) 66 if err != nil { 67 fmt.Println("Error:", err) 68 os.Exit(-1) 69 } 70 fmt.Println("data:", string(data)) 71 } 72 73 func SampleRsaMultiPartObject() { 74 // create oss client 75 client, err := oss.New("<yourEndpoint>", "<yourAccessKeyId>", "<yourAccessKeySecret>") 76 if err != nil { 77 fmt.Println("Error:", err) 78 os.Exit(-1) 79 } 80 81 // Create a description of the master key. Once created, it cannot be modified. The master key description and the master key are one-to-one correspondence. 82 // If all objects use the same master key, the master key description can also be empty, but subsequent replacement of the master key is not supported. 83 // Because if the description is empty, it is impossible to determine which master key is used when decrypting object. 84 // It is strongly recommended that: configure the master key description(json string) for each master key, and the client should save the correspondence between them. 85 // The server does not save their correspondence 86 87 // Map converted by the master key description information (json string) 88 materialDesc := make(map[string]string) 89 materialDesc["desc"] = "<your master encrypt key material describe information>" 90 91 // Create a master key object based on the master key description 92 masterRsaCipher, err := osscrypto.CreateMasterRsa(materialDesc, "<your rsa public key>", "<your rsa private key>") 93 if err != nil { 94 fmt.Println("Error:", err) 95 os.Exit(-1) 96 } 97 98 // Create an interface for encryption based on the master key object, encrypt using aec ctr mode 99 contentProvider := osscrypto.CreateAesCtrCipher(masterRsaCipher) 100 101 // Get a storage space for client encryption, the bucket has to be created 102 // Client-side encrypted buckets have similar usages to ordinary buckets. 103 cryptoBucket, err := osscrypto.GetCryptoBucket(client, "<yourBucketName>", contentProvider) 104 if err != nil { 105 fmt.Println("Error:", err) 106 os.Exit(-1) 107 } 108 109 fileName := "<yourLocalFilePath>" 110 fileInfo, err := os.Stat(fileName) 111 if err != nil { 112 fmt.Println("Error:", err) 113 os.Exit(-1) 114 } 115 fileSize := fileInfo.Size() 116 117 // Encryption context information 118 var cryptoContext osscrypto.PartCryptoContext 119 cryptoContext.DataSize = fileSize 120 121 // The expected number of parts, the actual number of parts is subject to subsequent calculations. 122 expectPartCount := int64(10) 123 124 //Currently aes ctr encryption block size requires 16 byte alignment 125 cryptoContext.PartSize = (fileSize / expectPartCount / 16) * 16 126 127 imur, err := cryptoBucket.InitiateMultipartUpload("<yourObjectName>", &cryptoContext) 128 if err != nil { 129 fmt.Println("Error:", err) 130 os.Exit(-1) 131 } 132 133 chunks, err := oss.SplitFileByPartSize(fileName, cryptoContext.PartSize) 134 if err != nil { 135 fmt.Println("Error:", err) 136 os.Exit(-1) 137 } 138 139 var partsUpload []oss.UploadPart 140 for _, chunk := range chunks { 141 part, err := cryptoBucket.UploadPartFromFile(imur, fileName, chunk.Offset, chunk.Size, (int)(chunk.Number), cryptoContext) 142 if err != nil { 143 fmt.Println("Error:", err) 144 os.Exit(-1) 145 } 146 partsUpload = append(partsUpload, part) 147 } 148 149 // Complete 150 _, err = cryptoBucket.CompleteMultipartUpload(imur, partsUpload) 151 if err != nil { 152 fmt.Println("Error:", err) 153 os.Exit(-1) 154 } 155 } 156 157 // Query the master key according to the master key description information. 158 // If you need to decrypt different master key encryption objects, you need to provide this interface. 159 type MockRsaManager struct { 160 } 161 162 func (mg *MockRsaManager) GetMasterKey(matDesc map[string]string) ([]string, error) { 163 // to do 164 keyList := []string{"<yourRsaPublicKey>", "<yourRsaPrivatKey>"} 165 return keyList, nil 166 } 167 168 // Decrypt the object encrypted by different master keys 169 func SampleMultipleMasterRsa() { 170 // create oss client 171 client, err := oss.New("<yourEndpoint>", "<yourAccessKeyId>", "<yourAccessKeySecret>") 172 if err != nil { 173 fmt.Println("Error:", err) 174 os.Exit(-1) 175 } 176 177 // Create a description of the master key. Once created, it cannot be modified. The master key description and the master key are one-to-one correspondence. 178 // If all objects use the same master key, the master key description can also be empty, but subsequent replacement of the master key is not supported. 179 // Because if the description is empty, it is impossible to determine which master key is used when decrypting object. 180 // It is strongly recommended that: configure the master key description(json string) for each master key, and the client should save the correspondence between them. 181 // The server does not save their correspondence 182 183 // Map converted by the master key description information (json string) 184 materialDesc := make(map[string]string) 185 materialDesc["desc"] = "<your master encrypt key material describe information>" 186 187 // Create a master key object based on the master key description 188 masterRsaCipher, err := osscrypto.CreateMasterRsa(materialDesc, "<your rsa public key>", "<your rsa private key>") 189 if err != nil { 190 fmt.Println("Error:", err) 191 os.Exit(-1) 192 } 193 194 // Create an interface for encryption based on the master key object, encrypt using aec ctr mode 195 contentProvider := osscrypto.CreateAesCtrCipher(masterRsaCipher) 196 197 // If you need to decrypt objects encrypted by different ma keys, you need to provide this interface. 198 var mockRsaManager MockRsaManager 199 var options []osscrypto.CryptoBucketOption 200 options = append(options, osscrypto.SetMasterCipherManager(&mockRsaManager)) 201 202 // Get a storage space for client encryption, the bucket has to be created 203 // Client-side encrypted buckets have similar usages to ordinary buckets. 204 cryptoBucket, err := osscrypto.GetCryptoBucket(client, "<yourBucketName>", contentProvider, options...) 205 if err != nil { 206 fmt.Println("Error:", err) 207 os.Exit(-1) 208 } 209 210 // put object ,will be automatically encrypted 211 err = cryptoBucket.PutObject("<yourObjectName>", bytes.NewReader([]byte("yourObjectValueByteArrary"))) 212 if err != nil { 213 fmt.Println("Error:", err) 214 os.Exit(-1) 215 } 216 217 // get object ,will be automatically decrypted 218 body, err := cryptoBucket.GetObject("<otherObjectNameEncryptedWithOtherRsa>") 219 if err != nil { 220 fmt.Println("Error:", err) 221 os.Exit(-1) 222 } 223 defer body.Close() 224 225 data, err := ioutil.ReadAll(body) 226 if err != nil { 227 fmt.Println("Error:", err) 228 os.Exit(-1) 229 } 230 fmt.Println("data:", string(data)) 231 } 232 233 func SampleKmsNormalObject() { 234 // create oss client 235 client, err := oss.New("<yourEndpoint>", "<yourAccessKeyId>", "<yourAccessKeySecret>") 236 if err != nil { 237 fmt.Println("Error:", err) 238 os.Exit(-1) 239 } 240 241 // create kms client 242 kmsClient, err := kms.NewClientWithAccessKey("<yourKmsRegion>", "<yourKmsAccessKeyId>", "<yourKmsAccessKeySecret>") 243 if err != nil { 244 fmt.Println("Error:", err) 245 os.Exit(-1) 246 } 247 248 // Create a description of the master key. Once created, it cannot be modified. The master key description and the master key are one-to-one correspondence. 249 // If all objects use the same master key, the master key description can also be empty, but subsequent replacement of the master key is not supported. 250 // Because if the description is empty, it is impossible to determine which master key is used when decrypting object. 251 // It is strongly recommended that: configure the master key description(json string) for each master key, and the client should save the correspondence between them. 252 // The server does not save their correspondence 253 254 // Map converted by the master key description information (json string) 255 materialDesc := make(map[string]string) 256 materialDesc["desc"] = "<your kms encrypt key material describe information>" 257 258 // Create a master key object based on the master key description 259 masterkmsCipher, err := osscrypto.CreateMasterAliKms(materialDesc, "<YourKmsId>", kmsClient) 260 if err != nil { 261 fmt.Println("Error:", err) 262 os.Exit(-1) 263 } 264 265 // Create an interface for encryption based on the master key object, encrypt using aec ctr mode 266 contentProvider := osscrypto.CreateAesCtrCipher(masterkmsCipher) 267 268 // Get a storage space for client encryption, the bucket has to be created 269 // Client-side encrypted buckets have similar usages to ordinary buckets. 270 cryptoBucket, err := osscrypto.GetCryptoBucket(client, "<yourBucketName>", contentProvider) 271 if err != nil { 272 fmt.Println("Error:", err) 273 os.Exit(-1) 274 } 275 276 // put object ,will be automatically encrypted 277 err = cryptoBucket.PutObject("<yourObjectName>", bytes.NewReader([]byte("yourObjectValueByteArrary"))) 278 if err != nil { 279 fmt.Println("Error:", err) 280 os.Exit(-1) 281 } 282 283 // get object ,will be automatically decrypted 284 body, err := cryptoBucket.GetObject("<yourObjectName>") 285 if err != nil { 286 fmt.Println("Error:", err) 287 os.Exit(-1) 288 } 289 defer body.Close() 290 291 data, err := ioutil.ReadAll(body) 292 if err != nil { 293 fmt.Println("Error:", err) 294 os.Exit(-1) 295 } 296 fmt.Println("data:", string(data)) 297 } 298 299 func main() { 300 SampleRsaNormalObject() 301 SampleRsaMultiPartObject() 302 SampleMultipleMasterRsa() 303 SampleKmsNormalObject() 304 }