九游平台/ 对象存储服务 obs/ api参考/ api/ / 服务端加密sse-c方式
更新时间:2024-10-21 gmt 08:00
查看pdf

服务端加密sse-九游平台

功能介绍

sse-c方式,obs使用用户提供的密钥和密钥的md5值进行服务端加密。

新增头域

obs不存储您提供的加密密钥,如果您丢失加密密钥,则会无法获取该对象。sse-c方式新增加六个头域来支持sse-c加密。

使用sse-c方式加密对象,您必须使用下面的三个头域。

表1 sse-c方式加密对象使用的头域

名称

描述

x-obs-server-side-encryption-customer-algorithm

sse-c方式下使用该头域,该头域表示加密对象使用的算法。

示例:x-obs-server-side-encryption-customer-algorithm: aes256

x-obs-server-side-encryption-customer-key

sse-c方式下使用该头域,该头域表示加密对象使用的密钥,头域值是256位密钥的base64编码。

示例:x-obs-server-side-encryption-customer-key:k7qkypbkm5 hca27fsnkunnvaobncnlht/rcb2o/9cw=

x-obs-server-side-encryption-customer-key-md5

sse-c方式下使用该头域,该头域表示加密对象使用的密钥的md5值,头域值是加密密钥md5值的base64编码。md5值用于验证密钥传输过程中没有出错。

示例:x-obs-server-side-encryption-customer-key-md5:4xvb3tbntn tieva0/fgaq==

该新增的三个头域可以应用于如下接口:

针对复制对象和拷贝段,另外增加三个头域支持源对象是sse-c加密的场景。

表2 源对象是sse-c加密的头域

名称

描述

x-obs-copy-source-server-side-encryption-customer-algorithm

sse-c方式下使用该头域,该头域表示解密源对象使用的算法。

示例:x-obs-server-side-encryption-customer-algorithm: aes256

x-obs-copy-source-server-side-encryption-customer-key

sse-c方式下使用该头域,该头域表示解密源对象使用的密钥。

示例:x-obs-copy-source-server-side-encryption-customer-algorithm: k7qkypbkm5 hca27fsnkunnvaobncnlht/rcb2o/9cw=

x-obs-copy-source-server-side-encryption-customer-key-md5

sse-c方式下使用该头域,该头域表示解密源对象使用的密钥的md5值。md5值用于验证密钥传输过程中没有出错。

示例:x-obs-copy-source-server-side-encryption-customer-key:4xvb3tbntn tieva0/fgaq==

请求示例:上传sse-c加密对象

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
 
put/encryp2http/1.1
user-agent:curl/7.29.0
host:examplebucket.obs.cn-north-4.myhuaweicloud.com
accept:*/*
date:wed,06jun201809:12:00gmt
authorization:obsh4ipjx0tqththebqqcec:mzsfafom llapk0hgothlqeccu0=
x-obs-server-side-encryption-customer-algorithm:aes256
x-obs-server-side-encryption-customer-key:k7qkypbkm5 hca27fsnkunnvaobncnlht/rcb2o/9cw=
x-obs-server-side-encryption-customer-key-md5:4xvb3tbntn tieva0/fgaq==
content-length:5242
[5242byteobjectcontents]

响应示例:上传sse-c加密对象

1
2
3
4
5
6
7
8
9
 
http/1.1200ok
server:obs
x-obs-request-id:8df400000163d45e0017055619bd02b8
etag:"0f91242c7f3d86f98ae572a686d0696e"
x-obs-server-side-encryption-customer-algorithm:aes256
x-obs-server-side-encryption-customer-key-md5:4xvb3tbntn tieva0/fgaq==
x-obs-id-2:32aaaugaiaabaaaqaaeaabaaaqaaeaabcssaj8btnjv0x ote1ptuwecqymh6zbj
date:wed,06jun201809:12:00gmt
content-length:0

请求示例:将sse-c加密对象拷贝为kms加密对象

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
 
put/kmsobjecthttp/1.1
user-agent:curl/7.29.0
host:examplebucket.obs.cn-north-4.myhuaweicloud.com
accept:*/*
date:wed,06jun201809:20:10gmt
authorization:obsh4ipjx0tqththebqqcec:mzsfafom llapk0hgothlqeccu0=
x-obs-copy-source-server-side-encryption-customer-algorithm:aes256
x-obs-copy-source-server-side-encryption-customer-key:k7qkypbkm5 hca27fsnkunnvaobncnlht/rcb2o/9cw=
x-obs-copy-source-server-side-encryption-customer-key-md5:4xvb3tbntn tieva0/fgaq==
x-obs-server-side-encryption:kms
x-obs-copy-source:/examplebucket/encryp2
content-length:5242
[5242byteobjectcontents]

响应示例:将sse-c加密对象拷贝为kms加密对象

1
2
3
4
5
6
7
8
9
 
http/1.1200ok
server:obs
x-obs-request-id:bb7800000164848e0fc70528b9d92c41
etag:"1072e1b96b47d7ec859710068aa70d57"
x-obs-server-side-encryption:kms
x-obs-server-side-encryption-kms-key-id:cn-north-4:783fc6652cf246c096ea836694f71855:key/522d6070-5ad3-4765-9737-9312ddc72cdb
x-obs-id-2:32aaaujaiaabaaaqaaeaabaaaqaaeaabctkkrzqxs9eczzcavvrncbqqynkoaesr
date:wed,06jun201809:20:10gmt
content-length:0

请求示例:在url中携带签名并上传sse-c加密对象

put /encrypobject?accesskeyid=h4ipjx0tqththebqqcec&expires=1532688887&signature=eqmduohalurzrzrnzxws72cxexm= http/1.1
user-agent: curl/7.29.0
host: examplebucket.obs.cn-north-4.myhuaweicloud.com
accept: */*
x-obs-server-side-encryption-customer-algorithm: aes256
x-obs-server-side-encryption-customer-key:k7qkypbkm5 hca27fsnkunnvaobncnlht/rcb2o/9cw=
x-obs-server-side-encryption-customer-key-md5:4xvb3tbntn tieva0/fgaq==
content-length: 5242
expect: 100-continue
[5242 byte object contents]

响应示例:在url中携带签名并上传sse-c加密对象

1
2
3
4
5
6
7
8
9
 
http/1.1100continue
http/1.1200ok
server:obs
x-obs-request-id:804f00000164db5e5b7fb908d3ba8e00
etag:"1072e1b96b47d7ec859710068aa70d57"
x-obs-server-side-encryption-customer-algorithm:aes256
x-obs-server-side-encryption-customer-key-md5:4xvb3tbntn tieva0/fgaq==
x-obs-id-2:32aaaujaiaabaaaqaaeaabaaaqaaeaabctlpxiljhvk/hekowip8wn2iwmqoerfw
content-length:0
父主题:

相关文档

网站地图