我一直使用AWS SDK V3 for PHP将对象放到使用客户提供的密钥的服务器端加密的S3上。文档很粗略(或者至少我没有找到它)。CreateSignedURL失败使用PHP的AWS SSE-C
对于使用S3client上传的对象,我用putobject与
$params['SSECustomerAlgorithm'] = 'AES256';
$params['SSECustomerKey'] = $this->encryptioncustkey;
$params['SSECustomerKeyMD5'] = $this->encryptioncustkeymd5;
的$这个 - > encryptioncustkey是一个普通的用户密码(不Base64编码的,因为SDK似乎是这样做的)和这个 - > encryptioncustkeymd5 = md5($ this-> encryptioncustkey,true);
put对象正常工作。但是,问题在于生成createSignedURL。
$cmd = $client->getCommand('GetObject', array(
'Bucket' => $bucket,
'Key' => $storedPath,
'ResponseContentDisposition' => 'attachment;charset=utf-8;filename="'.utf8_encode($fileName).'"',
'ResponseContentType' => $ctype,
'SSECustomerAlgorithm' => 'AES256',
'SSECustomerKey' => $this->encryptioncustkey,
'SSECustomerKeyMD5' => $this->encryptioncustkey64md5
));
但我得到其中根据文档不需要SSE-C怪异响应表明它缺少“X-AMZ-服务器端加密”(ServerSideEncryption)。即使我将它设置为ServerSideEncryption ='AES256',它也不起作用。
<Error>
<Code>InvalidArgument</Code>
<Message>
Requests specifying Server Side Encryption with Customer provided keys must provide an appropriate secret key.
</Message>
<ArgumentName>x-amz-server-side-encryption</ArgumentName>
<ArgumentValue>null</ArgumentValue>
<RequestId>A3368F6CE5DD310D</RequestId>
<HostId>
nHavXXz/gFOoJT0tnh+wgFTbTgGdpggRkyb0sDh07H7SomcX7HrcKU1dDzgZimrQwyaVQEqAjdk=
</HostId>
</Error>