/// <summary> /// Builds an instruction object from the object metadata. /// </summary> /// <param name="response"> /// A non-null object response that contains encryption information in its metadata. /// </param> /// <param name="materials"> /// The non-null encryption materials to be used to encrypt and decrypt Envelope key. /// </param> /// <param name="decryptedEnvelopeKeyKMS"> /// The decrypted envelope key to be use if KMS key wrapping is being used. Or null if non-KMS key wrapping is being used. /// </param> /// <returns> /// </returns> internal static EncryptionInstructions BuildInstructionsFromObjectMetadata( GetObjectResponse response, EncryptionMaterials materials, byte[] decryptedEnvelopeKeyKMS) { MetadataCollection metadata = response.Metadata; if (metadata[XAmzKeyV2] != null) { EnsureSupportedAlgorithms(metadata); string base64EncodedEncryptedEnvelopeKey = metadata[XAmzKeyV2]; byte[] encryptedEnvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey); string base64EncodedIV = metadata[XAmzIV]; byte[] IV = Convert.FromBase64String(base64EncodedIV); return(new EncryptionInstructions(materials.MaterialsDescription, decryptedEnvelopeKeyKMS, encryptedEnvelopeKey, IV)); } else { string base64EncodedEncryptedEnvelopeKey = metadata[XAmzKey]; byte[] encryptedEnvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey); byte[] decryptedEnvelopeKey = DecryptNonKMSEnvelopeKey(encryptedEnvelopeKey, materials); string base64EncodedIV = metadata[XAmzIV]; byte[] IV = Convert.FromBase64String(base64EncodedIV); return(new EncryptionInstructions(materials.MaterialsDescription, decryptedEnvelopeKey, encryptedEnvelopeKey, IV)); } }
/// <summary> /// Generates an instruction that will be used to encrypt an object. /// </summary> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt data. /// </param> /// <returns> /// The instruction that will be used to encrypt an object. /// </returns> internal static EncryptionInstructions GenerateInstructions(EncryptionMaterials materials) { Aes AesObject = Aes.Create(); byte[] encryptedEnvelopeKey = EncryptEnvelopeKey(AesObject.Key, materials); return(new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, AesObject.Key, encryptedEnvelopeKey, AesObject.IV)); }
public S3Storage() { const string filename = "keyxml.pk"; var path = WebServerPathUtils.GetPathTo(Path.Combine("bin", filename)); var f = new FileInfo(path); if (f.Exists) { using (var file = f.OpenRead()) { var keyString = new StreamReader(file).ReadToEnd(); _algorithm = RSA.Create(); _algorithm.FromXmlString(keyString); var encryptionMaterials = new EncryptionMaterials(_algorithm); try { _client = new AmazonS3EncryptionClient(encryptionMaterials); var bucket = new S3DirectoryInfo(_client, PdfDocumentsBucketName); if (!bucket.Exists) { bucket.Create(); } } catch (Exception ex) { Console.WriteLine("Unable to initialize S3 client\n" + ex); } } } }
/// <summary> /// Decrypts an encrypted Envelope key using the provided encryption materials /// and returns it in raw byte array form. /// </summary> /// <param name="encryptedEnvelopeKey"> Encrypted envelope key</param> /// <param name="materials">Encryption materials needed to decrypt the encrypted envlelope key</param> /// <returns></returns> internal static byte[] DecryptEnvelopeKey(byte[] encryptedEnvelopeKey, EncryptionMaterials materials) { if (materials.AsymmetricProvider != null) { return(DecryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, encryptedEnvelopeKey)); } else { return(DecryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, encryptedEnvelopeKey)); } }
internal static byte[] EncryptEnvelopeKey(byte[] envelopeKey, EncryptionMaterials materials) { if (materials.AsymmetricProvider != null) { return (EncryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, envelopeKey)); } else { return (EncryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, envelopeKey)); } }
/// <summary> /// Decrypts an encrypted Envelope key using the provided encryption materials /// and returns it in raw byte array form. /// </summary> /// <param name="encryptedEnvelopeKey"> Encrypted envelope key</param> /// <param name="materials">Encryption materials needed to decrypt the encrypted envlelope key</param> /// <returns></returns> internal static byte[] DecryptNonKMSEnvelopeKey(byte[] encryptedEnvelopeKey, EncryptionMaterials materials) { if (materials.AsymmetricProvider != null) { return(DecryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, encryptedEnvelopeKey)); } else if (materials.SymmetricProvider != null) { return(DecryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, encryptedEnvelopeKey)); } else { throw new ArgumentException("Error decrypting non-KMS envelope key. " + "EncryptionMaterials must have the AsymmetricProvider or SymmetricProvider set."); } }
/// <summary> /// Generates an instruction that will be used to encrypt an object /// using materials with the KMSKeyID set. /// </summary> /// <param name="kmsClient"> /// Used to call KMS to generate a data key. /// </param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt data. /// </param> /// <returns> /// The instruction that will be used to encrypt an object. /// </returns> internal static async System.Threading.Tasks.Task <EncryptionInstructions> GenerateInstructionsForKMSMaterialsAsync( ICoreAmazonKMS kmsClient, EncryptionMaterials materials) { if (materials.KMSKeyID != null) { var iv = new byte[IVLength]; // Generate IV, and get both the key and the encrypted key from KMS. RandomNumberGenerator.Create().GetBytes(iv); var result = await kmsClient.GenerateDataKeyAsync(materials.KMSKeyID, materials.MaterialsDescription, KMSKeySpec).ConfigureAwait(false); return(new EncryptionInstructions(materials.MaterialsDescription, result.KeyPlaintext, result.KeyCiphertext, iv)); } else { throw new ArgumentException("Error generating encryption instructions. EncryptionMaterials must have the KMSKeyID set."); } }
public static void Initialize(TestContext a) { EncryptionMaterials encryptionMaterials = new EncryptionMaterials(generateAsymmetricProvider()); s3EncryptionClientMetadataMode = new AmazonS3EncryptionClient(encryptionMaterials); AmazonS3CryptoConfiguration config = new AmazonS3CryptoConfiguration() { StorageMode = CryptoStorageMode.InstructionFile }; s3EncryptionClientFileMode = new AmazonS3EncryptionClient(config, encryptionMaterials); using (StreamWriter writer = File.CreateText(fileName)) { writer.Write(sampleContent); } bucketName = S3TestUtils.CreateBucket(s3EncryptionClientFileMode); }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Access Key ID, /// AWS Secret Key and Encryption materials /// </summary> /// <param name="awsAccessKeyId">AWS Access Key ID</param> /// <param name="awsSecretAccessKey">AWS Secret Access Key</param> /// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param> public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, EncryptionMaterials materials) : base(awsAccessKeyId, awsSecretAccessKey) { this.encryptionMaterials = materials; amazonS3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Credentials and Encryption materials. /// </summary> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> /// <param name="credentials">AWS Credentials</param> public AmazonS3EncryptionClient(AWSCredentials credentials, EncryptionMaterials materials) : base(credentials) { this.encryptionMaterials = materials; amazonS3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Credentials, AmazonS3CryptoConfiguration Configuration object /// and Encryption materials /// </summary> /// <param name="credentials">AWS Credentials</param> /// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(AWSCredentials credentials, AmazonS3CryptoConfiguration config, EncryptionMaterials materials) : base(credentials, config) { this.encryptionMaterials = materials; amazonS3CryptoConfig = config; }
/// <summary> /// Builds an instruction object from the instruction file. /// </summary> /// <param name="response"> Instruction file GetObject response</param> /// <param name="materials"> /// The non-null encryption materials to be used to encrypt and decrypt Envelope key. /// </param> /// <returns> /// A non-null instruction object containing encryption information. /// </returns> internal static EncryptionInstructions BuildInstructionsUsingInstructionFile(GetObjectResponse response, EncryptionMaterials materials) { using (TextReader textReader = new StreamReader(response.ResponseStream)) { JsonData jsonData = JsonMapper.ToObject(textReader); var base64EncodedEncryptedEnvelopeKey = jsonData["EncryptedEnvelopeKey"]; byte[] encryptedEvelopeKey = Convert.FromBase64String((string)base64EncodedEncryptedEnvelopeKey); byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials); var base64EncodedIV = jsonData["IV"]; byte[] IV = Convert.FromBase64String((string)base64EncodedIV); return(new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, IV)); } }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Access Key ID, /// AWS Secret Key and Encryption materials /// </summary> /// <param name="awsAccessKeyId">AWS Access Key ID</param> /// <param name="awsSecretAccessKey">AWS Secret Access Key</param> /// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param> public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, EncryptionMaterials materials) : base(awsAccessKeyId, awsSecretAccessKey) { this.EncryptionMaterials = materials; S3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. /// /// Example App.config with credentials set. /// <code> /// <?xml version="1.0" encoding="utf-8" ?> /// <configuration> /// <appSettings> /// <add key="AWSProfileName" value="AWS Default"/> /// </appSettings> /// </configuration> /// </code> /// /// </summary> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(EncryptionMaterials materials) : base() { this.encryptionMaterials = materials; amazonS3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Credentials and Encryption materials. /// </summary> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> /// <param name="credentials">AWS Credentials</param> public AmazonS3EncryptionClient(AWSCredentials credentials, EncryptionMaterials materials) : base(credentials) { this.encryptionMaterials = materials; amazonS3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. /// /// Example App.config with credentials set. /// <code> /// <?xml version="1.0" encoding="utf-8" ?> /// <configuration> /// <appSettings> /// <add key="AWSAccessKey" value="********************"/> /// <add key="AWSSecretKey" value="****************************************"/> /// </appSettings> /// </configuration> /// </code> /// /// </summary> /// <param name="region"> /// The region to connect. /// </param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(RegionEndpoint region, EncryptionMaterials materials) : base(region) { this.encryptionMaterials = materials; amazonS3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Constructs AmazonS3EncryptionClient with the Encryption materials, /// AmazonS3 CryptoConfiguration object and credentials loaded from the application's /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. /// /// Example App.config with credentials set. /// <code> /// <?xml version="1.0" encoding="utf-8" ?> /// <configuration> /// <appSettings> /// <add key="AWSAccessKey" value="********************"/> /// <add key="AWSSecretKey" value="****************************************"/> /// </appSettings> /// </configuration> /// </code> /// /// </summary> /// <param name="config"> /// The AmazonS3EncryptionClient CryptoConfiguration Object /// </param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(AmazonS3CryptoConfiguration config, EncryptionMaterials materials) : base(config) { this.encryptionMaterials = materials; amazonS3CryptoConfig = config; }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Credentials, Region and Encryption materials /// </summary> /// <param name="credentials">AWS Credentials</param> /// <param name="region">The region to connect.</param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(AWSCredentials credentials, RegionEndpoint region, EncryptionMaterials materials) : base(credentials, region) { this.EncryptionMaterials = materials; S3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Generates an instruction that will be used to encrypt an object /// using materials with the AsymmetricProvider or SymmetricProvider set. /// </summary> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt data. /// </param> /// <returns> /// The instruction that will be used to encrypt an object. /// </returns> internal static EncryptionInstructions GenerateInstructionsForNonKMSMaterials(EncryptionMaterials materials) { byte[] encryptedEnvelopeKey = null; // Generate the IV and key, and encrypt the key locally. Aes aesObject = Aes.Create(); if (materials.AsymmetricProvider != null) { encryptedEnvelopeKey = EncryptEnvelopeKeyUsingAsymmetricKeyPair(materials.AsymmetricProvider, aesObject.Key); } else if (materials.SymmetricProvider != null) { encryptedEnvelopeKey = EncryptEnvelopeKeyUsingSymmetricKey(materials.SymmetricProvider, aesObject.Key); } else { throw new ArgumentException("Error generating encryption instructions. " + "EncryptionMaterials must have the AsymmetricProvider or SymmetricProvider set."); } return(new EncryptionInstructions(materials.MaterialsDescription, aesObject.Key, encryptedEnvelopeKey, aesObject.IV)); }
/// <summary> /// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. /// /// Example App.config with credentials set. /// <code> /// <?xml version="1.0" encoding="utf-8" ?> /// <configuration> /// <appSettings> /// <add key="AWSProfileName" value="AWS Default"/> /// </appSettings> /// </configuration> /// </code> /// /// </summary> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(EncryptionMaterials materials) : base() { this.EncryptionMaterials = materials; S3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key, SessionToken /// AmazonS3EncryptionClient CryptoConfiguration object and Encryption materials. /// </summary> /// <param name="awsAccessKeyId">AWS Access Key ID</param> /// <param name="awsSecretAccessKey">AWS Secret Access Key</param> /// <param name="awsSessionToken">AWS Session Token</param> /// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, AmazonS3CryptoConfiguration config, EncryptionMaterials materials) : base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, config) { this.EncryptionMaterials = materials; S3CryptoConfig = config; }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key, /// SessionToken, Region and Encryption materials. /// </summary> /// <param name="awsAccessKeyId">AWS Access Key ID</param> /// <param name="awsSecretAccessKey">AWS Secret Access Key</param> /// <param name="awsSessionToken">AWS Session Token</param> /// <param name="region">The region to connect.</param> /// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param> public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, RegionEndpoint region, EncryptionMaterials materials) : base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, region) { this.EncryptionMaterials = materials; S3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key, /// SessionToken, Region and Encryption materials. /// </summary> /// <param name="awsAccessKeyId">AWS Access Key ID</param> /// <param name="awsSecretAccessKey">AWS Secret Access Key</param> /// <param name="awsSessionToken">AWS Session Token</param> /// <param name="region">The region to connect.</param> /// <param name="materials">The encryption materials to be used to encrypt and decrypt envelope key.</param> public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, RegionEndpoint region, EncryptionMaterials materials) : base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, region) { this.encryptionMaterials = materials; amazonS3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Generates an instruction that will be used to encrypt an object. /// </summary> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt data. /// </param> /// <returns> /// The instruction that will be used to encrypt an object. /// </returns> internal static EncryptionInstructions GenerateInstructions(EncryptionMaterials materials) { Aes AesObject = Aes.Create(); byte[] encryptedEnvelopeKey = EncryptEnvelopeKey(AesObject.Key, materials); return new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, AesObject.Key, encryptedEnvelopeKey, AesObject.IV); }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Access Key ID, Secret Key, SessionToken /// AmazonS3EncryptionClient CryptoConfiguration object and Encryption materials. /// </summary> /// <param name="awsAccessKeyId">AWS Access Key ID</param> /// <param name="awsSecretAccessKey">AWS Secret Access Key</param> /// <param name="awsSessionToken">AWS Session Token</param> /// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(string awsAccessKeyId, string awsSecretAccessKey, string awsSessionToken, AmazonS3CryptoConfiguration config, EncryptionMaterials materials) : base(awsAccessKeyId, awsSecretAccessKey, awsSessionToken, config) { this.encryptionMaterials = materials; amazonS3CryptoConfig = config; }
/// <summary> /// Constructs AmazonS3EncryptionClient with the Encryption materials, /// AmazonS3 CryptoConfiguration object and credentials loaded from the application's /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. /// /// Example App.config with credentials set. /// <code> /// <?xml version="1.0" encoding="utf-8" ?> /// <configuration> /// <appSettings> /// <add key="AWSProfileName" value="AWS Default"/> /// </appSettings> /// </configuration> /// </code> /// /// </summary> /// <param name="config"> /// The AmazonS3EncryptionClient CryptoConfiguration Object /// </param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(AmazonS3CryptoConfiguration config, EncryptionMaterials materials) : base(config) { this.EncryptionMaterials = materials; S3CryptoConfig = config; }
/// <summary> /// Constructs AmazonS3EncryptionClient with the Encryption materials and credentials loaded from the application's /// default configuration, and if unsuccessful from the Instance Profile service on an EC2 instance. /// /// Example App.config with credentials set. /// <code> /// <?xml version="1.0" encoding="utf-8" ?> /// <configuration> /// <appSettings> /// <add key="AWSProfileName" value="AWS Default"/> /// </appSettings> /// </configuration> /// </code> /// /// </summary> /// <param name="region"> /// The region to connect. /// </param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(RegionEndpoint region, EncryptionMaterials materials) : base(region) { this.encryptionMaterials = materials; amazonS3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Builds an instruction object from the instruction file. /// </summary> /// <param name="response"> Instruction file GetObject response</param> /// <param name="materials"> /// The non-null encryption materials to be used to encrypt and decrypt Envelope key. /// </param> /// <returns> /// A non-null instruction object containing encryption information. /// </returns> internal static EncryptionInstructions BuildInstructionsUsingInstructionFile(GetObjectResponse response, EncryptionMaterials materials) { using (TextReader textReader = new StreamReader(response.ResponseStream)) { JsonData jsonData = JsonMapper.ToObject(textReader); var base64EncodedEncryptedEnvelopeKey = jsonData["EncryptedEnvelopeKey"]; byte[] encryptedEvelopeKey = Convert.FromBase64String((string)base64EncodedEncryptedEnvelopeKey); byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials); var base64EncodedIV = jsonData["IV"]; byte[] IV = Convert.FromBase64String((string)base64EncodedIV); return new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, IV); } }
/// <summary> /// Builds an instruction object from the object metadata. /// </summary> /// <param name="response"> /// A non-null object response that contains encryption information in its metadata. /// </param> /// <param name="materials"> /// The non-null encryption materials to be used to encrypt and decrypt Envelope key. /// </param> /// <returns> /// </returns> internal static EncryptionInstructions BuildInstructionsFromObjectMetadata(GetObjectResponse response, EncryptionMaterials materials) { MetadataCollection metadata = response.Metadata; string base64EncodedEncryptedEnvelopeKey = metadata[keyInMetadata]; byte[] encryptedEvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey); byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials); string base64EncodedIV = metadata[initVectorInMetadata]; byte[] IV = Convert.FromBase64String(base64EncodedIV); return(new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, encryptedEvelopeKey, IV)); }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Credentials, Region and Encryption materials /// </summary> /// <param name="credentials">AWS Credentials</param> /// <param name="region">The region to connect.</param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(AWSCredentials credentials, RegionEndpoint region, EncryptionMaterials materials) : base(credentials, region) { this.EncryptionMaterials = materials; S3CryptoConfig = new AmazonS3CryptoConfiguration(); }
/// <summary> /// Builds an instruction object from the object metadata. /// </summary> /// <param name="response"> /// A non-null object response that contains encryption information in its metadata. /// </param> /// <param name="materials"> /// The non-null encryption materials to be used to encrypt and decrypt Envelope key. /// </param> /// <returns> /// </returns> internal static EncryptionInstructions BuildInstructionsFromObjectMetadata(GetObjectResponse response, EncryptionMaterials materials) { MetadataCollection metadata = response.Metadata; string base64EncodedEncryptedEnvelopeKey = metadata[keyInMetadata]; byte[] encryptedEvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey); byte[] decryptedEnvelopeKey = DecryptEnvelopeKey(encryptedEvelopeKey, materials); string base64EncodedIV = metadata[initVectorInMetadata]; byte[] IV = Convert.FromBase64String(base64EncodedIV); return new EncryptionInstructions(EncryptionMaterials.EmptyMaterialsDescription, decryptedEnvelopeKey, encryptedEvelopeKey, IV); }
/// <summary> /// Constructs AmazonS3EncryptionClient with AWS Credentials, AmazonS3CryptoConfiguration Configuration object /// and Encryption materials /// </summary> /// <param name="credentials">AWS Credentials</param> /// <param name="config">The AmazonS3EncryptionClient CryptoConfiguration Object</param> /// <param name="materials"> /// The encryption materials to be used to encrypt and decrypt envelope key. /// </param> public AmazonS3EncryptionClient(AWSCredentials credentials, AmazonS3CryptoConfiguration config, EncryptionMaterials materials) : base(credentials, config) { this.EncryptionMaterials = materials; S3CryptoConfig = config; }