의존성 추가(gradle)
implementation group: 'com.amazonaws', name: 'aws-java-sdk-kms', version: '1.12.303'
implementation group: 'com.amazonaws', name: 'aws-java-sdk', version: '1.11.106'
implementation group: 'com.amazonaws', name: 'aws-encryption-sdk-java', version: '1.3.1'JAVA 소스
인증 관련 부분은 필요 시에 따라 제거/추가가 필요하다.(추가:외부, 제거:내부(인증완료))
import java.io.IOException;
import java.io.Reader;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Properties;
import org.apache.commons.codec.binary.Base64;
import org.apache.ibatis.io.Resources;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.kms.AWSKMS;
import com.amazonaws.services.kms.AWSKMSClientBuilder;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.kms.model.EncryptRequest;
import com.amazonaws.services.kms.model.EncryptResult;
import com.amazonaws.services.kms.model.EncryptionAlgorithmSpec;
public class CryptUtils {
public static String keyId;
//사용자 설정 시 키 입력
//BasicAWSCredentials awsCreds = new BasicAWSCredentials("access_key_id", "secret_key_id");
AWSKMS kmsClient = AWSKMSClientBuilder.standard()
//.withCredentials(new AWSStaticCredentialsProvider(awsCreds))
.withRegion(Regions.AP_NORTHEAST_2)
.build();
//인증 값 설정
//리전 설정
public static void init(String kmsurl) {
Properties prop = new Properties();
try {
Reader reader = Resources.getResourceAsReader(kmsurl);
prop.load(reader);
keyId = prop.getProperty("KEY_ID");
//ex) 4d9ba757-....
} catch (IOException e) {
e.printStackTrace();
}
}
public String encrypt(String data) throws Exception {
if (data == null || "".equals(data))
return "";
EncryptRequest request = new EncryptRequest();
request.withKeyId(keyId);
request.withPlaintext(ByteBuffer.wrap(data.getBytes(StandardCharsets.UTF_8)));
request.withEncryptionAlgorithm(EncryptionAlgorithmSpec.SYMMETRIC_DEFAULT);
EncryptResult result = kmsClient.encrypt(request);
ByteBuffer ciphertextBlob = result.getCiphertextBlob();
data = new String(Base64.encodeBase64(ciphertextBlob.array()));
System.out.println("aws encData : " + data);
return data;
}
public String decrypt(String data) throws Exception {
DecryptRequest request = new DecryptRequest();
request.withCiphertextBlob(ByteBuffer.wrap(Base64.decodeBase64(data)));
request.withKeyId(keyId);
request.withEncryptionAlgorithm(EncryptionAlgorithmSpec.SYMMETRIC_DEFAULT);
ByteBuffer plainText = kmsClient.decrypt(request).getPlaintext();
data = new String(plainText.array());
System.out.println("aws decData : " + data);
return data;
}
}'IT 기술 > 코드샘플' 카테고리의 다른 글
| debezium 커넥터 설정 (0) | 2023.11.28 |
|---|---|
| debezium kafka (0) | 2023.11.24 |
| AWS JAVA 1.8 설치 (0) | 2022.02.28 |
| AWS 초기세팅(계정생성, 개인키공개키 로그인) (0) | 2022.02.25 |
| AWS 시간 맞추기 (0) | 2021.12.14 |