AWS 문서 AWS SDK 예제 리포지토리에 더 많은 SDK
기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다.
AWS SDK를 사용하여 Amazon S3 객체의 암호화를 시작해 보십시오.
다음 코드 예제에서는 Amazon S3 객체 암호화를 시작하는 방법을 보여줍니다.
- .NET
-
- AWS SDK for .NET
-
참고
더 많은 정보가 있습니다. GitHub AWS 코드 예제 리포지토리
에서 전체 예제를 찾고 설정 및 실행하는 방법을 배워보세요. using System; using System.IO; using System.Security.Cryptography; using System.Threading.Tasks; using Amazon.S3; using Amazon.S3.Model; /// <summary> /// This example shows how to apply client encryption to an object in an /// Amazon Simple Storage Service (Amazon S3) bucket. /// </summary> public class SSEClientEncryption { public static async Task Main() { string bucketName = "doc-example-bucket"; string keyName = "exampleobject.txt"; string copyTargetKeyName = "examplecopy.txt"; // If the AWS Region defined for your default user is different // from the Region where your Amazon S3 bucket is located, // pass the Region name to the Amazon S3 client object's constructor. // For example: RegionEndpoint.USWest2. IAmazonS3 client = new AmazonS3Client(); try { // Create an encryption key. Aes aesEncryption = Aes.Create(); aesEncryption.KeySize = 256; aesEncryption.GenerateKey(); string base64Key = Convert.ToBase64String(aesEncryption.Key); // Upload the object. PutObjectRequest putObjectRequest = await UploadObjectAsync(client, bucketName, keyName, base64Key); // Download the object and verify that its contents match what you uploaded. await DownloadObjectAsync(client, bucketName, keyName, base64Key, putObjectRequest); // Get object metadata and verify that the object uses AES-256 encryption. await GetObjectMetadataAsync(client, bucketName, keyName, base64Key); // Copy both the source and target objects using server-side encryption with // an encryption key. await CopyObjectAsync(client, bucketName, keyName, copyTargetKeyName, aesEncryption, base64Key); } catch (AmazonS3Exception ex) { Console.WriteLine($"Error: {ex.Message}"); } } /// <summary> /// Uploads an object to an Amazon S3 bucket. /// </summary> /// <param name="client">The initialized Amazon S3 client object used to call /// PutObjectAsync.</param> /// <param name="bucketName">The name of the Amazon S3 bucket to which the /// object will be uploaded.</param> /// <param name="keyName">The name of the object to upload to the Amazon S3 /// bucket.</param> /// <param name="base64Key">The encryption key.</param> /// <returns>The PutObjectRequest object for use by DownloadObjectAsync.</returns> public static async Task<PutObjectRequest> UploadObjectAsync( IAmazonS3 client, string bucketName, string keyName, string base64Key) { PutObjectRequest putObjectRequest = new PutObjectRequest { BucketName = bucketName, Key = keyName, ContentBody = "sample text", ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256, ServerSideEncryptionCustomerProvidedKey = base64Key, }; PutObjectResponse putObjectResponse = await client.PutObjectAsync(putObjectRequest); return putObjectRequest; } /// <summary> /// Downloads an encrypted object from an Amazon S3 bucket. /// </summary> /// <param name="client">The initialized Amazon S3 client object used to call /// GetObjectAsync.</param> /// <param name="bucketName">The name of the Amazon S3 bucket where the object /// is located.</param> /// <param name="keyName">The name of the Amazon S3 object to download.</param> /// <param name="base64Key">The encryption key used to encrypt the /// object.</param> /// <param name="putObjectRequest">The PutObjectRequest used to upload /// the object.</param> public static async Task DownloadObjectAsync( IAmazonS3 client, string bucketName, string keyName, string base64Key, PutObjectRequest putObjectRequest) { GetObjectRequest getObjectRequest = new GetObjectRequest { BucketName = bucketName, Key = keyName, // Provide encryption information for the object stored in Amazon S3. ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256, ServerSideEncryptionCustomerProvidedKey = base64Key, }; using (GetObjectResponse getResponse = await client.GetObjectAsync(getObjectRequest)) using (StreamReader reader = new StreamReader(getResponse.ResponseStream)) { string content = reader.ReadToEnd(); if (string.Compare(putObjectRequest.ContentBody, content) == 0) { Console.WriteLine("Object content is same as we uploaded"); } else { Console.WriteLine("Error...Object content is not same."); } if (getResponse.ServerSideEncryptionCustomerMethod == ServerSideEncryptionCustomerMethod.AES256) { Console.WriteLine("Object encryption method is AES256, same as we set"); } else { Console.WriteLine("Error...Object encryption method is not the same as AES256 we set"); } } } /// <summary> /// Retrieves the metadata associated with an Amazon S3 object. /// </summary> /// <param name="client">The initialized Amazon S3 client object used /// to call GetObjectMetadataAsync.</param> /// <param name="bucketName">The name of the Amazon S3 bucket containing the /// object for which we want to retrieve metadata.</param> /// <param name="keyName">The name of the object for which we wish to /// retrieve the metadata.</param> /// <param name="base64Key">The encryption key associated with the /// object.</param> public static async Task GetObjectMetadataAsync( IAmazonS3 client, string bucketName, string keyName, string base64Key) { GetObjectMetadataRequest getObjectMetadataRequest = new GetObjectMetadataRequest { BucketName = bucketName, Key = keyName, // The object stored in Amazon S3 is encrypted, so provide the necessary encryption information. ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256, ServerSideEncryptionCustomerProvidedKey = base64Key, }; GetObjectMetadataResponse getObjectMetadataResponse = await client.GetObjectMetadataAsync(getObjectMetadataRequest); Console.WriteLine("The object metadata show encryption method used is: {0}", getObjectMetadataResponse.ServerSideEncryptionCustomerMethod); } /// <summary> /// Copies an encrypted object from one Amazon S3 bucket to another. /// </summary> /// <param name="client">The initialized Amazon S3 client object used to call /// CopyObjectAsync.</param> /// <param name="bucketName">The Amazon S3 bucket containing the object /// to copy.</param> /// <param name="keyName">The name of the object to copy.</param> /// <param name="copyTargetKeyName">The Amazon S3 bucket to which the object /// will be copied.</param> /// <param name="aesEncryption">The encryption type to use.</param> /// <param name="base64Key">The encryption key to use.</param> public static async Task CopyObjectAsync( IAmazonS3 client, string bucketName, string keyName, string copyTargetKeyName, Aes aesEncryption, string base64Key) { aesEncryption.GenerateKey(); string copyBase64Key = Convert.ToBase64String(aesEncryption.Key); CopyObjectRequest copyRequest = new CopyObjectRequest { SourceBucket = bucketName, SourceKey = keyName, DestinationBucket = bucketName, DestinationKey = copyTargetKeyName, // Information about the source object's encryption. CopySourceServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256, CopySourceServerSideEncryptionCustomerProvidedKey = base64Key, // Information about the target object's encryption. ServerSideEncryptionCustomerMethod = ServerSideEncryptionCustomerMethod.AES256, ServerSideEncryptionCustomerProvidedKey = copyBase64Key, }; await client.CopyObjectAsync(copyRequest); } }-
API 세부 정보는 AWS SDK for .NET API 참조의 다음 주제를 참조하십시오.
-
버킷 및 객체 시작하기
태깅 시작하기