我想加密流,然后使用Amazon S3发送。我正在使用旧版代码,并且有两个重要参数:未加密的InputStream及其长度。这很重要,因为AmazonS3Client希望在上传之前知道流的长度。
加密流不是非常困难的任务:
InputStream in = new FileInputStream("path-to-file");
KeyGenerator keygen = KeyGenerator.getInstance("AES");
Key key = keygen.generateKey();
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key);
OutputStream encryptedStream = new ByteArrayOutputStream();
CipherOutputStream out = new CipherOutputStream(encryptedStream, cipher);
out.write(in.read());
out.flush();
byte[] bytes = ((ByteArrayOutputStream) encryptedStream).toByteArray();
InputStream encryptedInput = new ByteArrayInputStream(bytes);
但是,这种方法只能用于小型文件,因为它们被写入内存中保存的字节数组。问题是我想加密大文件(> 1TB)。我该怎么做呢?更具体地说,我得到了InputStream,我的工作是返回将由Amazon S3使用的加密InputStream。
答案 0 :(得分:0)
请勿使用ByteArrayOutputStream
InputStream in = new FileInputStream("path-to-file");
KeyGenerator keygen = KeyGenerator.getInstance("AES");
Key key = keygen.generateKey();
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key);
try(CipherOutputStream out = new CipherOutputStream(
new FileOutputStream(new File("path to enc file")), cipher))
{
byte[] buffer = new byte[8192];
int count;
while ((count = in.read(buffer)) > 0)
{
out.write(buffer, 0, count);
}
}
return new FileInputStream(new File("path to enc file"));
管道流的另一个答案。
InputStream in = new FileInputStream("path-to-file");
KeyGenerator keygen = KeyGenerator.getInstance("AES");
Key key = keygen.generateKey();
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key);
PipedOutputStream pout = new PipedOutputStream();
//write data in a separate thread.
new Thread(() -> {
try(CipherOutputStream out = new CipherOutputStream(
pout, cipher))
{
byte[] buffer = new byte[8192];
int count;
while ((count = in.read(buffer)) > 0)
{
out.write(buffer, 0, count);
}
} catch (IOException e)
{
e.printStackTrace();
}
}).start();
return new PipedInputStream(pout);