Azure 存储 blob,使用客户端加密上传 blob,使用 CEK 和 KEK。现在尝试在客户端使用 KEK 下载解密的文件。但文件已下载但未解密。仅显示加密文件。
public class KeyVaultGettingStarted {
public static void main(String[] args) throws StorageException,
NoSuchAlgorithmException, InterruptedException, ExecutionException,
URISyntaxException, InvalidKeyException, IOException {
Utility.printSampleStartInfo("KeyVaultGettingStarted");
// Get the key ID from Utility if it exists.
String keyID = Utility.keyVaultKeyID;
// If no key ID was specified, we will create a new secret in Key Vault.
// To create a new secret, this client needs full permission to Key
// Vault secrets.
// Once the secret is created, its ID can be added to App.config. Once
// this is done,
// this client only needs read access to secrets.
if (keyID == null || keyID.isEmpty()) {
keyID = KeyVaultUtility.createSecret("KVGettingStartedSecret");
}
// Retrieve storage account information from connection string
// How to create a storage connection string -
// https://azure.microsoft.com/en-us/documentation/articles/storage-configure-connection-string/
CloudStorageAccount storageAccount = CloudStorageAccount
.parse(Utility.storageConnectionString);
CloudBlobClient client = storageAccount.createCloudBlobClient();
CloudBlobContainer container = client
.getContainerReference("blobencryptioncontainer"
+ UUID.randomUUID().toString().replace("-", ""));
container.createIfNotExists();
// Construct a resolver capable of looking up keys and secrets stored in
// Key Vault.
KeyVaultKeyResolver cloudResolver = new KeyVaultKeyResolver(
KeyVaultUtility.GetKeyVaultClient());
}
Azure 存储 blob,使用客户端加密上传 blob,使用 CEK 和 KEK。现在尝试在客户端使用 KEK 下载解密的文件。但文件已下载但未解密。仅显示加密文件。
守候你守候我
相关分类