protected async Task <byte[]> DownloadIkek(string objectKeyName, string versionId) { logger.Info($"download I-KEK from {objectKeyName} versionId={versionId}"); var getObject = new GetObjectRequest { BucketName = BucketName, Key = objectKeyName }; if (!string.IsNullOrEmpty(versionId)) { getObject.VersionId = versionId; } using (var algorithm = new KMSAlgorithm(new AmazonKeyManagementServiceClient(AwsRegion), KmsCmkId)) { var materials = new EncryptionMaterials(algorithm); using (var s3Client = GetS3EncryptionClient(materials, new AmazonS3CryptoConfiguration { RegionEndpoint = AwsRegion })) { var s3Object = await s3Client.GetObjectAsync(getObject); using (var reader = new StreamReader(s3Object.ResponseStream)) { var fileContents = await reader.ReadToEndAsync(); return(ASCIIEncoding.UTF8.GetBytes(fileContents)); } } } }
protected async Task <string> UploadIkek(string objectKeyName, byte[] ikek) { logger.Info($"encrypt I-KEK using {KmsCmkId}"); logger.Info($"upload I-KEK to {objectKeyName}"); using (var algorithm = new KMSAlgorithm(new AmazonKeyManagementServiceClient(AwsRegion), KmsCmkId)) { var materials = new EncryptionMaterials(algorithm); using (var s3Client = GetS3EncryptionClient(materials, new AmazonS3CryptoConfiguration { RegionEndpoint = AwsRegion })) { var putRequest = new PutObjectRequest { BucketName = BucketName, Key = objectKeyName, InputStream = new MemoryStream(ikek), ContentType = "application/octet-stream", ServerSideEncryptionKeyManagementServiceKeyId = KmsCmkId, ServerSideEncryptionMethod = ServerSideEncryptionMethod.AWSKMS }; var putResult = await s3Client.PutObjectAsync(putRequest); logger.Info($"uploaded I-KEK to {objectKeyName}"); return(putResult.VersionId); } } }