Deprecated Class Aws\S3\Crypto\S3EncryptionClient

Aws\Crypto\AbstractCryptoClient

Aws\S3\Crypto\S3EncryptionClient uses Aws\Crypto\Cipher\CipherBuilderTrait, Aws\S3\Crypto\CryptoParamsTrait, Aws\Crypto\DecryptionTrait, Aws\Crypto\EncryptionTrait, Aws\S3\Crypto\UserAgentTrait

Namespace: Aws\S3\Crypto

Deprecated

Located at S3/Crypto/S3EncryptionClient.php

Provides a wrapper for an S3Client that supplies functionality to encrypt data on putObject[Async] calls and decrypt data on getObject[Async] calls.

Legacy implementation using older encryption workflow.

AWS strongly recommends the upgrade to the S3EncryptionClientV2 (over the S3EncryptionClient), as it offers updated data security best practices to our customers who upgrade. S3EncryptionClientV2 contains breaking changes, so this will require planning by engineering teams to migrate. New workflows should just start with S3EncryptionClientV2.

Methods Summary

__construct ( Aws\S3\S3Client $client, string|null $instructionFileSuffix = null )
putObjectAsync ( array $args )
Encrypts the data in the 'Body' field of $args and promises to upload it to the specified location on S3.
putObject ( array $args )
Encrypts the data in the 'Body' field of $args and uploads it to the specified location on S3.
getObjectAsync ( array $args )
Promises to retrieve an object from S3 and decrypt the data in the 'Body' field.
getObject ( array $args )
Retrieves an object from S3 and decrypts the data in the 'Body' field.

Methods inherited from Aws\Crypto\AbstractCryptoClient

decrypt(), encrypt(), isSupportedCipher()

Methods Details

__construct ( `Aws\S3\S3Client` $client, string|null $instructionFileSuffix = null )

Parameters

`Aws\S3\S3Client`	$client	The S3Client to be used for true uploading and retrieving objects from S3 when using the encryption client.
string\|null	$instructionFileSuffix = null	Suffix for a client wide default when using instruction files for metadata storage.

`GuzzleHttp\Promise\PromiseInterface` putObjectAsync ( array $args )

Encrypts the data in the 'Body' field of $args and promises to upload it to the specified location on S3.

Parameters

array

$args

Arguments for encrypting an object and uploading it to S3 via PutObject.

The required configuration arguments are as follows:

@MaterialsProvider: (MaterialsProvider) Provides Cek, Iv, and Cek encrypting/decrypting for encryption metadata.
@CipherOptions: (array) Cipher options for encrypting data. Only the Cipher option is required. Accepts the following:
- Cipher: (string) cbc|gcm See also: AbstractCryptoClient::$supportedCiphers. Note that cbc is deprecated and gcm should be used when possible.
- KeySize: (int) 128|192|256 See also: MaterialsProvider::$supportedKeySizes
- Aad: (string) Additional authentication data. This option is passed directly to OpenSSL when using gcm. It is ignored when using cbc. Note if you pass in Aad for gcm encryption, the PHP SDK will be able to decrypt the resulting object, but other AWS SDKs may not be able to do so.

The optional configuration arguments are as follows:

@MetadataStrategy: (MetadataStrategy|string|null) Strategy for storing MetadataEnvelope information. Defaults to using a HeadersMetadataStrategy. Can either be a class implementing MetadataStrategy, a class name of a predefined strategy, or empty/null to default.
@InstructionFileSuffix: (string|null) Suffix used when writing to an instruction file if using an InstructionFileMetadataHandler.

Returns

GuzzleHttp\Promise\PromiseInterface

Exceptions

InvalidArgumentException

Thrown when arguments above are not passed or are passed incorrectly.

`Aws\Result` putObject ( array $args )

Encrypts the data in the 'Body' field of $args and uploads it to the specified location on S3.

Parameters

array

$args

Arguments for encrypting an object and uploading it to S3 via PutObject.

The required configuration arguments are as follows:

@MaterialsProvider: (MaterialsProvider) Provides Cek, Iv, and Cek encrypting/decrypting for encryption metadata.
@CipherOptions: (array) Cipher options for encrypting data. A Cipher is required. Accepts the following options:
- Cipher: (string) cbc|gcm See also: AbstractCryptoClient::$supportedCiphers. Note that cbc is deprecated and gcm should be used when possible.
- KeySize: (int) 128|192|256 See also: MaterialsProvider::$supportedKeySizes
- Aad: (string) Additional authentication data. This option is passed directly to OpenSSL when using gcm. It is ignored when using cbc. Note if you pass in Aad for gcm encryption, the PHP SDK will be able to decrypt the resulting object, but other AWS SDKs may not be able to do so.

The optional configuration arguments are as follows:

@MetadataStrategy: (MetadataStrategy|string|null) Strategy for storing MetadataEnvelope information. Defaults to using a HeadersMetadataStrategy. Can either be a class implementing MetadataStrategy, a class name of a predefined strategy, or empty/null to default.
@InstructionFileSuffix: (string|null) Suffix used when writing to an instruction file if an using an InstructionFileMetadataHandler was determined.

Returns

Aws\Result

PutObject call result with the details of uploading the encrypted file.

Exceptions

InvalidArgumentException

Thrown when arguments above are not passed or are passed incorrectly.

`GuzzleHttp\Promise\PromiseInterface` getObjectAsync ( array $args )

Promises to retrieve an object from S3 and decrypt the data in the 'Body' field.

Parameters

array

$args

Arguments for retrieving an object from S3 via GetObject and decrypting it.

The required configuration argument is as follows:

@MaterialsProvider: (MaterialsProvider) Provides Cek, Iv, and Cek encrypting/decrypting for decryption metadata. May have data loaded from the MetadataEnvelope upon decryption.

The optional configuration arguments are as follows:

SaveAs: (string) The path to a file on disk to save the decrypted object data. This will be handled by file_put_contents instead of the Guzzle sink.
@MetadataStrategy: (MetadataStrategy|string|null) Strategy for reading MetadataEnvelope information. Defaults to determining based on object response headers. Can either be a class implementing MetadataStrategy, a class name of a predefined strategy, or empty/null to default.
@InstructionFileSuffix: (string) Suffix used when looking for an instruction file if an InstructionFileMetadataHandler is being used.
@CipherOptions: (array) Cipher options for decrypting data. A Cipher is required. Accepts the following options:
- Aad: (string) Additional authentication data. This option is passed directly to OpenSSL when using gcm. It is ignored when using cbc.

Returns

GuzzleHttp\Promise\PromiseInterface

Exceptions

InvalidArgumentException

Thrown when required arguments are not passed or are passed incorrectly.

`Aws\Result` getObject ( array $args )

Retrieves an object from S3 and decrypts the data in the 'Body' field.

Parameters

array

$args

Arguments for retrieving an object from S3 via GetObject and decrypting it.

The required configuration argument is as follows:

@MaterialsProvider: (MaterialsProvider) Provides Cek, Iv, and Cek encrypting/decrypting for decryption metadata. May have data loaded from the MetadataEnvelope upon decryption.

The optional configuration arguments are as follows:

SaveAs: (string) The path to a file on disk to save the decrypted object data. This will be handled by file_put_contents instead of the Guzzle sink.
@InstructionFileSuffix: (string|null) Suffix used when looking for an instruction file if an InstructionFileMetadataHandler was detected.
@CipherOptions: (array) Cipher options for encrypting data. A Cipher is required. Accepts the following options:
- Aad: (string) Additional authentication data. This option is passed directly to OpenSSL when using gcm. It is ignored when using cbc.

Returns

Aws\Result

GetObject call result with the 'Body' field wrapped in a decryption stream with its metadata information.

Exceptions

InvalidArgumentException

Thrown when arguments above are not passed or are passed incorrectly.

Constants summary

`string`	`CRYPTO_VERSION`	# `'1n'`

Namespaces

Classes

Traits

Class S3EncryptionClient

Methods Summary

Methods inherited from Aws\Crypto\AbstractCryptoClient

Methods Details

__construct ( `Aws\S3\S3Client` $client, string|null $instructionFileSuffix = null )

Parameters

`GuzzleHttp\Promise\PromiseInterface` putObjectAsync ( array $args )

Parameters

Returns

Exceptions

`Aws\Result` putObject ( array $args )

Parameters

Returns

Exceptions

`GuzzleHttp\Promise\PromiseInterface` getObjectAsync ( array $args )

Parameters

Returns

Exceptions

`Aws\Result` getObject ( array $args )

Parameters

Returns

Exceptions

Constants summary

Namespaces

Classes

Traits

Class S3EncryptionClient

Methods Summary

Methods inherited from Aws\Crypto\AbstractCryptoClient

Methods Details

__construct ( Aws\S3\S3Client $client, string|null $instructionFileSuffix = null )

Parameters

GuzzleHttp\Promise\PromiseInterface putObjectAsync ( array $args )

Parameters

Returns

Exceptions

Aws\Result putObject ( array $args )

Parameters

Returns

Exceptions

GuzzleHttp\Promise\PromiseInterface getObjectAsync ( array $args )

Parameters

Returns

Exceptions

Aws\Result getObject ( array $args )

Parameters

Returns

Exceptions

Constants summary

__construct ( `Aws\S3\S3Client` $client, string|null $instructionFileSuffix = null )

`GuzzleHttp\Promise\PromiseInterface` putObjectAsync ( array $args )

`Aws\Result` putObject ( array $args )

`GuzzleHttp\Promise\PromiseInterface` getObjectAsync ( array $args )

`Aws\Result` getObject ( array $args )