问题描述
限时送ChatGPT账号..我在 django 应用程序中使用 boto3 将媒体上传到 S3.但是我在使用使用客户提供的加密密钥的服务器端加密"对服务器上的文件进行加密时遇到问题
I am using boto3 with my django application to upload media to S3. But I am having trouble encrypting the files on server using "Server Side Encryption using Customer Provided Encryption Keys"
我正在使用 boto3 的 object.put() api 上传文件并指定加密密钥.但我收到以下错误.
I'm using boto3's object.put() api to upload files and specify the encryption keys. But I am getting the following error.
"计算出的密钥的 MD5 哈希值与之前的哈希值不匹配提供."
"The calculated MD5 hash of the key did not match the hash that was provided."
我不确定如何创建将在服务器端匹配的密钥的 md5.这是我的代码.
I am not sure on how to create the md5 of the key that will match on the server side. here is my code.
password = "32characterslongpassphraseneeded".encode('utf-8')
encryption_key = hashlib.md5(password).hexdigest()
encryption_key_md5 = hashlib.md5(encryption_key.encode('utf-8')).hexdigest()
import boto3
s3 = boto3.resource('s3')
key = s3.Object(bucket_name, key_name)
kwargs = {
'SSECustomerAlgorithm': 'AES256',
'SSECustomerKey': encryption_key,
'SSECustomerKeyMD5': encryption_key_md5,
'ContentType': file_obj.content_type,
'Body': file_obj,
}
key.put(**kwargs)
我正在通过 php 客户端使用相同的 s3 api,它工作正常.
I am utilizing the same s3 api through a php client and it works fine.
$name="somename"
$customerKey = md5($name);
$s3->putObject([
'Bucket' => S3_BUCKET,
'Key' => "scope/{$name}",
'Body' => fopen($tmp_file_path, 'rb'),
'ACL' => S3_ACL,
'SSECustomerAlgorithm' => 'AES256',
'SSECustomerKey' => $customerKey,
'SSECustomerKeyMD5' => md5($customerKey ,true),
]);
我在这里看到的唯一区别是 php 的 md5 方法可以采用第二个参数,如果为真,则返回 16 个字符长的摘要,与正常的 32 个字符长摘要相比.现在我不知道如何使用 hashlib.md5 创建一个 16 个字符长的摘要.
The only difference I see here is that php's md5 method can take second argument which, if true, returns and 16 character long digest as compared to normal 32 character long digest. Now I don't know how to create a 16 character long digest using hashlib.md5.
推荐答案
正确的做法是使用os.urandom
import os
secret_key = os.urandom(32) # The key needs to be 32 character long.
并且不需要提供 SSECustomerKeyMD5
因为 boto3 会为您计算.
and one doesn't need to provide SSECustomerKeyMD5
as boto3 calculates it for you.
而且 SSE-C 在 key.put
中也不能正常工作,至于现在,我不知道是什么原因.必须这样做.
and also SSE-C doesn't work right in key.put
, as for now, I don't know for what reasons. One has to do it this way.
s3 = boto3.client('s3')
s3.put_object(**kwargs)
这篇关于在python中为boto3文件加密创建SSECustomerKey的正确方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
更多推荐
[db:关键词]
发布评论