In my case, I want to encrypt each file which is uploaded to S3 bucket. I have followed AWS documentation on this link https://docs.aws.amazon.com/AmazonS3/latest/dev/SSEUsingJavaSDK.html .
the encryption already set using AES256 as following evaluation
The document have been uploaded successfully. But unfortunately, the server side encryption is not set.
Could anyone help me on this ?
Thank you,
Cheers,
Putra
Related
How to generate a signed url for GCP to download a file in Java/SpringBoot API?
Basically if we have generated gsutil url is as below -
https://storage.googleapis.com/test_bucket/Test_Document.xlsx?
x-goog-signature=55a0aaswd54a54b41t66161f351yfdbfd248b3383cb55c593050a751761bd8441d79b64
&x-goog-algorithm=GOOG4-RSA-SHA256
&x-goog-credential=abc.gserviceaccount.com%2F202208
&x-goog-date=20220809T134421Z
&x-goog-expires=1800
&x-goog-signedheaders=host
And, I am trying to convert the above gsutil command in Java program by forming the canonical query string. But I am not getting way to generate the value for x-goog-signature?
Please help in getting in creating signed url.
See the Java Code Sample tab to create a signed URL that can get an object from a bucket.
I am trying to use google cloud to store certificates and KMS to generate the keys for pdf certified signatures but I have no idea how to do that.
The current software has key and certificate stored in the YML file and we need the certificate to be trusted by adobe, so a HSM is required and google KMS should provide that, but I can't find any documentation or tutorial about how to actually do it. Could someone please help me?
The service is written in Java 8
We have run a standard Jackrabbit WebDAV server and uploaded some files in it.
When we upload a new file with the same name we need to check if the file on the server is up to date and shouldn't be replaced. The initial idea was to use ETags but we it turned out to be too weak and is not suitable for the application.
So now the idea is to check the checksum (hash) of the incoming and existing files. As files can be pretty big and downloading everytime can be a time-consuming operation, it's better to have an option to easily obtain checksum for already uploaded files.
So my question: are there any options to get a checksum for files uploaded to the server? Maybe there are some other options or features that will help in such file handling?
There used to be Content-MD5 for that (in the HTTP spec, not Jackrabbit).
The HTTP Working Group currently works on new digest types (see https://httpwg.org/http-extensions/draft-ietf-httpbis-digest-headers.html), but this is still work-in-progress and is not implemented in Jackrabbit.
That said, getting a hash definitively could be implemented as a WebDAV property, or using a WebDAV extension report.
You can use md5 or shaxxx hashes for this purpose. I found a prebuilt MD5 Javascript library on github. I'd be shocked if there wasn't one for Java
I need to generate an AWS Signature v4 signature for uploading to s3, like this: https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-post-example.html.
I tried a lot of examples, but have the error
<Error>
<Code>InvalidAccessKeyId</Code>
<Message>The AWS Access Key Id you provided does not exist in our records.</Message>
<AWSAccessKeyId>ASIA2AKMADUN</AWSAccessKeyId>
<RequestId>E68a1B73B15</RequestId>
<HostId>fIG19S=</HostId>
</Error>
I tried to build signature, using minio-java, like this https://github.com/minio/minio-java/blob/master/examples/PresignedPostPolicy.java
Also, I tried this code snippet https://gist.github.com/phstudy/3523576726d74a0410f8
P.S. My real target is uploading files from clients with limit of file size, like there, or there there. I can create presignS3UploadLink, but there is not way to set max size.
So, solution https://github.com/minio/minio-java/blob/master/examples/PresignedPostPolicy.java did not work, because of absent x-amz-security-token parameter.
We need to use session-token (which we get from amazon) for creating a POST-Policy and for form publishing - https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html
Sample code for minio:
conditions.add(new String[]{"eq", "$x-amz-security-token", sessionToken});
formData.put("x-amz-security-token", sessionToken);
P.S. x-amz-security-token is needed because of using of temporary security credentials - https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html
I'm trying to adapt this example to use with GAE: https://bitbucket.org/b_c/jose4j/wiki/JWT%20Examples
Above example requires a private key (secret) to sign JWT header + payload. AppIdentityService provides a way to sign arbitrary bytes but it does not explain how to verify the signature using PublicCertificate.
I need help to identify 2 things-
How to store and manage secret key in Google App Engine?
How to verify signature using AppIdentityService?
A reference to some working example which uses JWT with GAE would be very helpful.
An adaptation of the example at https://bitbucket.org/b_c/jose4j/wiki/JWT%20Examples that should work, if GAE signs using RSASSA-PKCS1-v1_5 using SHA-256, is in the first comment of https://bitbucket.org/b_c/jose4j/issues/33/using-jwt-with-google-app-engine