Esempio n. 1
0
        /// <summary>
        ///  Builds an instruction object from the object metadata.
        /// </summary>
        /// <param name="response">
        /// A non-null object response that contains encryption information in its metadata.
        /// </param>
        /// <param name="materials">
        /// The non-null encryption materials to be used to encrypt and decrypt Envelope key.
        /// </param>
        /// <param name="decryptedEnvelopeKeyKMS">
        /// The decrypted envelope key to be use if KMS key wrapping is being used.  Or null if non-KMS key wrapping is being used.
        /// </param>
        /// <returns>
        /// </returns>
        internal static EncryptionInstructions BuildInstructionsFromObjectMetadata(
            GetObjectResponse response, EncryptionMaterials materials, byte[] decryptedEnvelopeKeyKMS)
        {
            MetadataCollection metadata = response.Metadata;

            if (metadata[XAmzKeyV2] != null)
            {
                EnsureSupportedAlgorithms(metadata);

                string base64EncodedEncryptedEnvelopeKey = metadata[XAmzKeyV2];
                byte[] encryptedEnvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey);

                string base64EncodedIV = metadata[XAmzIV];
                byte[] IV = Convert.FromBase64String(base64EncodedIV);

                return(new EncryptionInstructions(materials.MaterialsDescription, decryptedEnvelopeKeyKMS, encryptedEnvelopeKey, IV));
            }
            else
            {
                string base64EncodedEncryptedEnvelopeKey = metadata[XAmzKey];
                byte[] encryptedEnvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey);
                byte[] decryptedEnvelopeKey = DecryptNonKMSEnvelopeKey(encryptedEnvelopeKey, materials);

                string base64EncodedIV = metadata[XAmzIV];
                byte[] IV = Convert.FromBase64String(base64EncodedIV);

                return(new EncryptionInstructions(materials.MaterialsDescription, decryptedEnvelopeKey, encryptedEnvelopeKey, IV));
            }
        }
Esempio n. 2
0
        /// <summary>
        ///  Generates an instruction that will be used to encrypt an object.
        /// </summary>
        /// <param name="materials">
        /// The encryption materials to be used to encrypt and decrypt data.
        /// </param>
        /// <returns>
        /// The instruction that will be used to encrypt an object.
        /// </returns>
        internal static EncryptionInstructions GenerateInstructions(EncryptionMaterials materials)
        {
            Aes AesObject = Aes.Create();

            byte[] encryptedEnvelopeKey = EncryptEnvelopeKey(AesObject.Key, materials);
            return(new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, AesObject.Key, encryptedEnvelopeKey, AesObject.IV));
        }
Esempio n. 3
0
        public S3Storage()
        {
            const string filename = "keyxml.pk";
            var path = WebServerPathUtils.GetPathTo(Path.Combine("bin", filename));
            var f = new FileInfo(path);

            if (f.Exists)
            {
                using (var file = f.OpenRead())
                {
                    var keyString = new StreamReader(file).ReadToEnd();
                    _algorithm = RSA.Create();
                    _algorithm.FromXmlString(keyString);

                    var encryptionMaterials = new EncryptionMaterials(_algorithm);
                    try
                    {
                        _client = new AmazonS3EncryptionClient(encryptionMaterials);

                        var bucket = new S3DirectoryInfo(_client, PdfDocumentsBucketName);
                        if (!bucket.Exists)
                        {
                            bucket.Create();
                        }
                    }
                    catch (Exception ex)
                    {
                        Console.WriteLine("Unable to initialize S3 client\n" + ex);
                    }
                }
            }
        }
Esempio n. 4
0
 /// <summary>
 /// Decrypts an encrypted Envelope key using the provided encryption materials
 /// and returns it in raw byte array form.
 /// </summary>
 /// <param name="encryptedEnvelopeKey"> Encrypted envelope key</param>
 /// <param name="materials">Encryption materials needed to decrypt the encrypted envlelope key</param>
 /// <returns></returns>
 internal static byte[] DecryptEnvelopeKey(byte[] encryptedEnvelopeKey, EncryptionMaterials materials)
 {
     if (materials.AsymmetricProvider != null)
     {
         return(DecryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, encryptedEnvelopeKey));
     }
     else
     {
         return(DecryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, encryptedEnvelopeKey));
     }
 }
Esempio n. 5
0
 internal static byte[] EncryptEnvelopeKey(byte[] envelopeKey, EncryptionMaterials materials)
 {
     if (materials.AsymmetricProvider != null)
     {
         return (EncryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, envelopeKey));
     }
     else
     {
         return (EncryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, envelopeKey));
     }
 }
Esempio n. 6
0
 /// <summary>
 /// Decrypts an encrypted Envelope key using the provided encryption materials
 /// and returns it in raw byte array form.
 /// </summary>
 /// <param name="encryptedEnvelopeKey"> Encrypted envelope key</param>
 /// <param name="materials">Encryption materials needed to decrypt the encrypted envlelope key</param>
 /// <returns></returns>
 internal static byte[] DecryptNonKMSEnvelopeKey(byte[] encryptedEnvelopeKey, EncryptionMaterials materials)
 {
     if (materials.AsymmetricProvider != null)
     {
         return(DecryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, encryptedEnvelopeKey));
     }
     else if (materials.SymmetricProvider != null)
     {
         return(DecryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, encryptedEnvelopeKey));
     }
     else
     {
         throw new ArgumentException("Error decrypting non-KMS envelope key.  " +
                                     "EncryptionMaterials must have the AsymmetricProvider or SymmetricProvider set.");
     }
 }
Esempio n. 7
0
        /// <summary>
        /// Generates an instruction that will be used to encrypt an object
        /// using materials with the KMSKeyID set.
        /// </summary>
        /// <param name="kmsClient">
        /// Used to call KMS to generate a data key.
        /// </param>
        /// <param name="materials">
        /// The encryption materials to be used to encrypt and decrypt data.
        /// </param>
        /// <returns>
        /// The instruction that will be used to encrypt an object.
        /// </returns>
        internal static async System.Threading.Tasks.Task <EncryptionInstructions> GenerateInstructionsForKMSMaterialsAsync(
            ICoreAmazonKMS kmsClient, EncryptionMaterials materials)
        {
            if (materials.KMSKeyID != null)
            {
                var iv = new byte[IVLength];

                // Generate IV, and get both the key and the encrypted key from KMS.
                RandomNumberGenerator.Create().GetBytes(iv);
                var result = await kmsClient.GenerateDataKeyAsync(materials.KMSKeyID, materials.MaterialsDescription, KMSKeySpec).ConfigureAwait(false);

                return(new EncryptionInstructions(materials.MaterialsDescription, result.KeyPlaintext, result.KeyCiphertext, iv));
            }
            else
            {
                throw new ArgumentException("Error generating encryption instructions.  EncryptionMaterials must have the KMSKeyID set.");
            }
        }
Esempio n. 8
0
        public static void Initialize(TestContext a)
        {
            EncryptionMaterials encryptionMaterials = new EncryptionMaterials(generateAsymmetricProvider());
            s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials);

            AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration()
            {
                StorageMode = CryptoStorageMode.InstructionFile
            };

            s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials);

            using (StreamWriter writer = File.CreateText(fileName))
            {
                writer.Write(sampleContent);
            }

            bucketName = S3TestUtils.CreateBucket(s3EncryptionClientFileMode);
        }
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with AWS Access Key ID,
 /// AWS Secret Key and Encryption materials
 /// </summary>
 /// <param name="awsAccessKeyId">AWS Access Key ID</param>
 /// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
 /// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param>
 public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, EncryptionMaterials materials)
     : base(awsAccessKeyId, awsSecretAccessKey)
 {
     this.encryptionMaterials = materials;
     amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
 }
 /// <summary>
 ///  Constructs AmazonS3EncryptionClient with AWS Credentials and Encryption materials.
 /// </summary>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 /// <param name="credentials">AWS Credentials</param>
 public AmazonS3EncryptionClient(AWSCredentials credentials, EncryptionMaterials materials)
     : base(credentials)
 {
     this.encryptionMaterials = materials; 
     amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
 }
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with AWS Credentials, AmazonS3CryptoConfiguration Configuration object
 /// and Encryption materials
 /// </summary>
 /// <param name="credentials">AWS Credentials</param>
 /// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(AWSCredentials credentials, AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
     : base(credentials, config)
 {
     this.encryptionMaterials = materials; 
     amazonS3CryptoConfig = config;
 }
Esempio n. 12
0
        /// <summary>
        /// Builds an instruction object from the instruction file.
        /// </summary>
        /// <param name="response"> Instruction file GetObject response</param>
        /// <param name="materials">
        /// The non-null encryption materials to be used to encrypt and decrypt Envelope key.
        /// </param>
        /// <returns>
        /// A non-null instruction object containing encryption information.
        /// </returns>
        internal static EncryptionInstructions BuildInstructionsUsingInstructionFile(GetObjectResponse response, EncryptionMaterials materials)
        {
            using (TextReader textReader = new StreamReader(response.ResponseStream))
            {
                JsonData jsonData = JsonMapper.ToObject(textReader);

                var    base64EncodedEncryptedEnvelopeKey = jsonData["EncryptedEnvelopeKey"];
                byte[] encryptedEvelopeKey  = Convert.FromBase64String((string)base64EncodedEncryptedEnvelopeKey);
                byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials);

                var    base64EncodedIV = jsonData["IV"];
                byte[] IV = Convert.FromBase64String((string)base64EncodedIV);

                return(new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, IV));
            }
        }
Esempio n. 13
0
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with AWS Access Key ID,
 /// AWS Secret Key and Encryption materials
 /// </summary>
 /// <param name="awsAccessKeyId">AWS Access Key ID</param>
 /// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
 /// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param>
 public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, EncryptionMaterials materials)
     : base(awsAccessKeyId, awsSecretAccessKey)
 {
     this.EncryptionMaterials = materials;
     S3CryptoConfig           = new AmazonS3CryptoConfiguration();
 }
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's
 /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
 /// 
 /// Example App.config with credentials set. 
 /// <code>
 /// &lt;?xml version="1.0" encoding="utf-8" ?&gt;
 /// &lt;configuration&gt;
 ///     &lt;appSettings&gt;
 ///         &lt;add key="AWSProfileName" value="AWS Default"/&gt;
 ///     &lt;/appSettings&gt;
 /// &lt;/configuration&gt;
 /// </code>
 /// 
 /// </summary>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(EncryptionMaterials materials)
     : base()
 {
     this.encryptionMaterials = materials;
     amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
 }
 /// <summary>
 ///  Constructs AmazonS3EncryptionClient with AWS Credentials and Encryption materials.
 /// </summary>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 /// <param name="credentials">AWS Credentials</param>
 public AmazonS3EncryptionClient(AWSCredentials credentials, EncryptionMaterials materials)
     : base(credentials)
 {
     this.encryptionMaterials = materials;
     amazonS3CryptoConfig     = new AmazonS3CryptoConfiguration();
 }
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's
 /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
 ///
 /// Example App.config with credentials set.
 /// <code>
 /// &lt;?xml version="1.0" encoding="utf-8" ?&gt;
 /// &lt;configuration&gt;
 ///     &lt;appSettings&gt;
 ///         &lt;add key="AWSAccessKey" value="********************"/&gt;
 ///         &lt;add key="AWSSecretKey" value="****************************************"/&gt;
 ///     &lt;/appSettings&gt;
 /// &lt;/configuration&gt;
 /// </code>
 ///
 /// </summary>
 /// <param name="region">
 /// The region to connect.
 /// </param>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(RegionEndpoint region, EncryptionMaterials materials)
     : base(region)
 {
     this.encryptionMaterials = materials;
     amazonS3CryptoConfig     = new AmazonS3CryptoConfiguration();
 }
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with the Encryption materials,
 /// AmazonS3 CryptoConfiguration object and credentials loaded from the application's
 /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
 ///
 /// Example App.config with credentials set.
 /// <code>
 /// &lt;?xml version="1.0" encoding="utf-8" ?&gt;
 /// &lt;configuration&gt;
 ///     &lt;appSettings&gt;
 ///         &lt;add key="AWSAccessKey" value="********************"/&gt;
 ///         &lt;add key="AWSSecretKey" value="****************************************"/&gt;
 ///     &lt;/appSettings&gt;
 /// &lt;/configuration&gt;
 /// </code>
 ///
 /// </summary>
 /// <param name="config">
 /// The AmazonS3EncryptionClient CryptoConfiguration Object
 /// </param>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
     : base(config)
 {
     this.encryptionMaterials = materials;
     amazonS3CryptoConfig     = config;
 }
Esempio n. 18
0
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with AWS Credentials, Region and Encryption materials
 /// </summary>
 /// <param name="credentials">AWS Credentials</param>
 /// <param name="region">The region to connect.</param>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(AWSCredentials credentials, RegionEndpoint region, EncryptionMaterials materials)
     : base(credentials, region)
 {
     this.EncryptionMaterials = materials;
     S3CryptoConfig           = new AmazonS3CryptoConfiguration();
 }
Esempio n. 19
0
        /// <summary>
        /// Generates an instruction that will be used to encrypt an object
        /// using materials with the AsymmetricProvider or SymmetricProvider set.
        /// </summary>
        /// <param name="materials">
        /// The encryption materials to be used to encrypt and decrypt data.
        /// </param>
        /// <returns>
        /// The instruction that will be used to encrypt an object.
        /// </returns>
        internal static EncryptionInstructions GenerateInstructionsForNonKMSMaterials(EncryptionMaterials materials)
        {
            byte[] encryptedEnvelopeKey = null;

            // Generate the IV and key, and encrypt the key locally.
            Aes aesObject = Aes.Create();

            if (materials.AsymmetricProvider != null)
            {
                encryptedEnvelopeKey = EncryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, aesObject.Key);
            }
            else if (materials.SymmetricProvider != null)
            {
                encryptedEnvelopeKey = EncryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, aesObject.Key);
            }
            else
            {
                throw new ArgumentException("Error generating encryption instructions.  " +
                                            "EncryptionMaterials must have the AsymmetricProvider or SymmetricProvider set.");
            }

            return(new EncryptionInstructions(materials.MaterialsDescription, aesObject.Key, encryptedEnvelopeKey, aesObject.IV));
        }
Esempio n. 20
0
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's
 /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
 ///
 /// Example App.config with credentials set.
 /// <code>
 /// &lt;?xml version="1.0" encoding="utf-8" ?&gt;
 /// &lt;configuration&gt;
 ///     &lt;appSettings&gt;
 ///         &lt;add key="AWSProfileName" value="AWS Default"/&gt;
 ///     &lt;/appSettings&gt;
 /// &lt;/configuration&gt;
 /// </code>
 ///
 /// </summary>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(EncryptionMaterials materials)
     : base()
 {
     this.EncryptionMaterials = materials;
     S3CryptoConfig           = new AmazonS3CryptoConfiguration();
 }
Esempio n. 21
0
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key, SessionToken
 /// AmazonS3EncryptionClient CryptoConfiguration object and Encryption materials.
 /// </summary>
 /// <param name="awsAccessKeyId">AWS Access Key ID</param>
 /// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
 /// <param name="awsSessionToken">AWS Session Token</param>
 /// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
     : base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, config)
 {
     this.EncryptionMaterials = materials;
     S3CryptoConfig           = config;
 }
Esempio n. 22
0
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key,
 ///  SessionToken, Region and Encryption materials.
 /// </summary>
 /// <param name="awsAccessKeyId">AWS Access Key ID</param>
 /// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
 /// <param name="awsSessionToken">AWS Session Token</param>
 /// <param name="region">The region to connect.</param>
 /// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param>
 public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, RegionEndpoint region, EncryptionMaterials materials)
     : base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, region)
 {
     this.EncryptionMaterials = materials;
     S3CryptoConfig           = new AmazonS3CryptoConfiguration();
 }
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key,
 ///  SessionToken, Region and Encryption materials.
 /// </summary>
 /// <param name="awsAccessKeyId">AWS Access Key ID</param>
 /// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
 /// <param name="awsSessionToken">AWS Session Token</param>
 /// <param name="region">The region to connect.</param>
 /// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param>
 public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, RegionEndpoint region, EncryptionMaterials materials)
     : base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, region)
 {
     this.encryptionMaterials = materials; 
     amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
 }
Esempio n. 24
0
 /// <summary>
 ///  Generates an instruction that will be used to encrypt an object.
 /// </summary>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt data.
 /// </param>
 /// <returns>
 /// The instruction that will be used to encrypt an object.
 /// </returns>
 internal static EncryptionInstructions GenerateInstructions(EncryptionMaterials materials)
 {
     Aes AesObject = Aes.Create();
     byte[] encryptedEnvelopeKey = EncryptEnvelopeKey(AesObject.Key, materials);
     return new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, AesObject.Key, encryptedEnvelopeKey, AesObject.IV);
 }
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key, SessionToken
 /// AmazonS3EncryptionClient CryptoConfiguration object and Encryption materials.
 /// </summary>
 /// <param name="awsAccessKeyId">AWS Access Key ID</param>
 /// <param name="awsSecretAccessKey">AWS Secret Access Key</param>
 /// <param name="awsSessionToken">AWS Session Token</param>
 /// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
     : base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, config)
 {
     this.encryptionMaterials = materials; 
     amazonS3CryptoConfig = config;
 }        
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with the Encryption materials, 
 /// AmazonS3 CryptoConfiguration object and credentials loaded from the application's
 /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
 /// 
 /// Example App.config with credentials set. 
 /// <code>
 /// &lt;?xml version="1.0" encoding="utf-8" ?&gt;
 /// &lt;configuration&gt;
 ///     &lt;appSettings&gt;
 ///         &lt;add key="AWSProfileName" value="AWS Default"/&gt;
 ///     &lt;/appSettings&gt;
 /// &lt;/configuration&gt;
 /// </code>
 /// 
 /// </summary>
 /// <param name="config">
 /// The AmazonS3EncryptionClient CryptoConfiguration Object
 /// </param>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
     : base(config)
 {
     this.EncryptionMaterials = materials; 
     S3CryptoConfig = config;
 }
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's
 /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance.
 /// 
 /// Example App.config with credentials set. 
 /// <code>
 /// &lt;?xml version="1.0" encoding="utf-8" ?&gt;
 /// &lt;configuration&gt;
 ///     &lt;appSettings&gt;
 ///         &lt;add key="AWSProfileName" value="AWS Default"/&gt;
 ///     &lt;/appSettings&gt;
 /// &lt;/configuration&gt;
 /// </code>
 /// 
 /// </summary>
 /// <param name="region">
 /// The region to connect.
 /// </param>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(RegionEndpoint region, EncryptionMaterials materials)
     : base(region)
 {
     this.encryptionMaterials = materials;  
     amazonS3CryptoConfig = new AmazonS3CryptoConfiguration();
 }
Esempio n. 28
0
        /// <summary>
        /// Builds an instruction object from the instruction file.
        /// </summary>
        /// <param name="response"> Instruction file GetObject response</param>
        /// <param name="materials">
        /// The non-null encryption materials to be used to encrypt and decrypt Envelope key.
        /// </param>
        /// <returns>     
        /// A non-null instruction object containing encryption information.
        /// </returns>
        internal static EncryptionInstructions BuildInstructionsUsingInstructionFile(GetObjectResponse response, EncryptionMaterials materials)
        {
            using (TextReader textReader = new StreamReader(response.ResponseStream))
            {
                JsonData jsonData = JsonMapper.ToObject(textReader);

                var base64EncodedEncryptedEnvelopeKey = jsonData["EncryptedEnvelopeKey"];
                byte[] encryptedEvelopeKey = Convert.FromBase64String((string)base64EncodedEncryptedEnvelopeKey);
                byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials);

                var base64EncodedIV = jsonData["IV"];
                byte[] IV = Convert.FromBase64String((string)base64EncodedIV);

                return new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, IV);
            }
        }
Esempio n. 29
0
        /// <summary>
        ///  Builds an instruction object from the object metadata.
        /// </summary>
        /// <param name="response">
        /// A non-null object response that contains encryption information in its metadata.
        /// </param>
        /// <param name="materials">
        /// The non-null encryption materials to be used to encrypt and decrypt Envelope key.
        /// </param>
        /// <returns>
        /// </returns>
        internal static EncryptionInstructions BuildInstructionsFromObjectMetadata(GetObjectResponse response, EncryptionMaterials materials)
        {
            MetadataCollection metadata = response.Metadata;

            string base64EncodedEncryptedEnvelopeKey = metadata[keyInMetadata];

            byte[] encryptedEvelopeKey  = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey);
            byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials);

            string base64EncodedIV = metadata[initVectorInMetadata];

            byte[] IV = Convert.FromBase64String(base64EncodedIV);

            return(new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, encryptedEvelopeKey, IV));
        }
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with AWS Credentials, Region and Encryption materials
 /// </summary>
 /// <param name="credentials">AWS Credentials</param>
 /// <param name="region">The region to connect.</param>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(AWSCredentials credentials, RegionEndpoint region, EncryptionMaterials materials)
     : base(credentials, region)
 {
     this.EncryptionMaterials = materials; 
     S3CryptoConfig = new AmazonS3CryptoConfiguration();
 }
Esempio n. 31
0
        /// <summary>
        ///  Builds an instruction object from the object metadata.
        /// </summary>
        /// <param name="response">
        /// A non-null object response that contains encryption information in its metadata.
        /// </param>
        /// <param name="materials">
        /// The non-null encryption materials to be used to encrypt and decrypt Envelope key.
        /// </param>
        /// <returns>
        /// </returns>
        internal static EncryptionInstructions BuildInstructionsFromObjectMetadata(GetObjectResponse response, EncryptionMaterials materials)
        {
            MetadataCollection metadata = response.Metadata;

            string base64EncodedEncryptedEnvelopeKey = metadata[keyInMetadata];
            byte[] encryptedEvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey);
            byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials);

            string base64EncodedIV = metadata[initVectorInMetadata];
            byte[] IV = Convert.FromBase64String(base64EncodedIV);

            return new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, encryptedEvelopeKey, IV);
        }
Esempio n. 32
0
 /// <summary>
 /// Constructs AmazonS3EncryptionClient with AWS Credentials, AmazonS3CryptoConfiguration Configuration object
 /// and Encryption materials
 /// </summary>
 /// <param name="credentials">AWS Credentials</param>
 /// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param>
 /// <param name="materials">
 /// The encryption materials to be used to encrypt and decrypt envelope key.
 /// </param>
 public AmazonS3EncryptionClient(AWSCredentials credentials, AmazonS3CryptoConfiguration config, EncryptionMaterials materials)
     : base(credentials, config)
 {
     this.EncryptionMaterials = materials;
     S3CryptoConfig           = config;
 }