Created
October 26, 2017 07:08
-
-
Save harshavardhana/f123bfc9b250480b80c359423a1a8a5c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "bytes" | |
| "crypto/md5" | |
| "encoding/base64" | |
| "io/ioutil" | |
| "log" | |
| "os" | |
| minio "github.com/minio/minio-go" | |
| ) | |
| func main() { | |
| // Note: YOUR-ACCESSKEYID, YOUR-SECRETACCESSKEY, my-testfile, my-bucketname and | |
| // my-objectname are dummy values, please replace them with original values. | |
| // New returns an Amazon S3 compatible client object. API compatibility (v2 or v4) is automatically | |
| // determined based on the Endpoint value. | |
| minioClient, err := minio.New("localhost:9000", "USWUXHGYZQYFYFFIT3RE", "MOJRH0mkL1IPauahWITSVvyDrQbEEIwljvmxdq03", false) | |
| //minioClient, err := minio.New("s3.amazonaws.com", os.Getenv("ACCESS_KEY"), os.Getenv("SECRET_KEY"), false) | |
| if err != nil { | |
| log.Fatalln(err) | |
| } | |
| content := bytes.NewReader([]byte("Hello again")) | |
| key := []byte("32byteslongsecretkeymustprovided") | |
| h := md5.New() | |
| h.Write(key) | |
| encryptionKey := base64.StdEncoding.EncodeToString(key) | |
| encryptionKeyMD5 := base64.StdEncoding.EncodeToString(h.Sum(nil)) | |
| // Amazon S3 does not store the encryption key you provide. | |
| // Instead S3 stores a randomly salted HMAC value of the | |
| // encryption key in order to validate future requests. | |
| // The salted HMAC value cannot be used to derive the value | |
| // of the encryption key or to decrypt the contents of the | |
| // encrypted object. That means, if you lose the encryption | |
| // key, you lose the object. | |
| var metadata = map[string]string{ | |
| "x-amz-server-side-encryption-customer-algorithm": "AES256", | |
| "x-amz-server-side-encryption-customer-key": encryptionKey, | |
| "x-amz-server-side-encryption-customer-key-MD5": encryptionKeyMD5, | |
| } | |
| minioClient.TraceOn(os.Stderr) | |
| // minioClient.TraceOn(os.Stderr) // Enable to debug. | |
| _, err = minioClient.PutObject("testbucket", "my-encrypted-object.txt", content, 11, minio.PutObjectOptions{UserMetadata: metadata}) | |
| if err != nil { | |
| log.Fatalln(err) | |
| } | |
| opts := minio.GetObjectOptions{} | |
| for k, v := range metadata { | |
| opts.Set(k, v) | |
| } | |
| coreClient := minio.Core{minioClient} | |
| reader, _, err := coreClient.GetObject("testbucket", "my-encrypted-object.txt", opts) | |
| if err != nil { | |
| log.Fatalln(err) | |
| } | |
| defer reader.Close() | |
| decBytes, err := ioutil.ReadAll(reader) | |
| if err != nil { | |
| log.Fatalln(err) | |
| } | |
| if !bytes.Equal(decBytes, []byte("Hello again")) { | |
| log.Fatalln("Expected \"Hello, world\", got %s", string(decBytes)) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment