From e416421eb68158105c1b06bfb2b9a57b6da49166 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Tue, 11 Nov 2025 11:17:05 -0800 Subject: [PATCH 01/12] auto commit --- .gitmodules | 8 +++ all-examples/net/.gitignore | 19 +++++ all-examples/net/v2/Program.cs | 115 ++++++++++++++++++++++++++++++ all-examples/net/v2/s3ec-v2-local | 1 + all-examples/net/v2/v2.csproj | 19 +++++ 5 files changed, 162 insertions(+) create mode 100644 all-examples/net/.gitignore create mode 100644 all-examples/net/v2/Program.cs create mode 160000 all-examples/net/v2/s3ec-v2-local create mode 100644 all-examples/net/v2/v2.csproj diff --git a/.gitmodules b/.gitmodules index e3080fcf..cd55bc91 100644 --- a/.gitmodules +++ b/.gitmodules @@ -52,3 +52,11 @@ path = test-server/net-v3-transition-server/s3ec-v3-transition-branch url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git branch = rishav/key-commitment +[submodule "all-examples/net/v2/s3ec-v2-local"] + path = all-examples/net/v2/s3ec-v2-local + url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git + branch = rishav/key-commitment +[submodule "all-examples/net/v4/s3ec-v4-local"] + path = all-examples/net/v4/s3ec-v4-local + url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git + branch = s3ec-v4-WIP diff --git a/all-examples/net/.gitignore b/all-examples/net/.gitignore new file mode 100644 index 00000000..c6a52ab1 --- /dev/null +++ b/all-examples/net/.gitignore @@ -0,0 +1,19 @@ +# Build results +bin/ +obj/ + +# User-specific files +*.user +*.suo +*.userosscache +*.sln.docstates + +# Visual Studio +.vs/ + +# Rider +.idea/ + +# NuGet packages +packages/ +*.nupkg diff --git a/all-examples/net/v2/Program.cs b/all-examples/net/v2/Program.cs new file mode 100644 index 00000000..499cbf74 --- /dev/null +++ b/all-examples/net/v2/Program.cs @@ -0,0 +1,115 @@ +using System; +using System.Collections.Generic; +using System.Threading.Tasks; +using Amazon.S3; + +namespace S3EncryptionClientV3Example +{ + class Program + { + static async Task Main(string[] args) + { + if (args.Length != 4) + { + Console.WriteLine("Usage: dotnet run "); + Console.WriteLine("Example: dotnet run avp-21638 s3ec-dotnet-v3 arn:aws:kms:us-east-2:648638458147:key/a47079da-17e4-45a5-b82e-2bac101cad01 us-east-2"); + Environment.Exit(1); + } + + string bucketName = args[0]; + string objectKey = args[1]; + string kmsKeyId = args[2]; + string region = args[3]; + + Console.WriteLine("=== S3 Encryption Client v3 Example (.NET) ==="); + Console.WriteLine($"Bucket: {bucketName}"); + Console.WriteLine($"Object Key: {objectKey}"); + Console.WriteLine($"KMS Key ID: {kmsKeyId}"); + Console.WriteLine($"Region: {region}"); + Console.WriteLine(); + + try + { + string testData = "Hello, World! This is a test message for S3 encryption client v3 in .NET."; + Console.WriteLine($"Original data: {testData}"); + Console.WriteLine($"Data length: {testData.Length} bytes"); + Console.WriteLine(); + + Console.WriteLine("--- Initialize S3 Encryption Client v2 ---"); + + var encryptionContextPerClient = new Dictionary + { + ["purpose"] = "example", + ["version"] = "v2", + ["language"] = "dotnet" + }; + + var s3Client = CreateS3ECClientKMSMaterial(kmsKeyId, encryptionContextPerClient); + Console.WriteLine("Successfully initialized S3 Encryption Client v2"); + + Console.WriteLine("--- Encrypt and Upload Object to S3 ---"); + + await s3Client.PutObjectAsync(new Amazon.S3.Model.PutObjectRequest + { + BucketName = bucketName, + Key = objectKey, + ContentBody = testData + }); + + Console.WriteLine("Successfully uploaded encrypted object to S3!"); + Console.WriteLine($" Bucket: {bucketName}"); + Console.WriteLine($" Key: {objectKey}"); + Console.WriteLine($" Encryption Context: {string.Join(", ", encryptionContextPerClient)}"); + Console.WriteLine(); + + Console.WriteLine("--- Download and Decrypt Object from S3 ---"); + + var getResponse = await s3Client.GetObjectAsync(bucketName, objectKey); + string decryptedData; + using (var reader = new System.IO.StreamReader(getResponse.ResponseStream)) + { + decryptedData = await reader.ReadToEndAsync(); + } + + Console.WriteLine("Successfully downloaded and decrypted object from S3!"); + Console.WriteLine($" Object size: {decryptedData.Length} bytes"); + Console.WriteLine($" Decrypted data: {decryptedData}"); + Console.WriteLine(); + + Console.WriteLine("--- Verify Roundtrip Success ---"); + + if (decryptedData == testData) + { + Console.WriteLine("SUCCESS: Roundtrip encryption/decryption completed successfully!"); + Console.WriteLine(" Original data matches decrypted data"); + Console.WriteLine(" Data integrity verified"); + } + else + { + Console.WriteLine("ERROR: Roundtrip failed - data mismatch"); + Console.WriteLine($" Original: {testData}"); + Console.WriteLine($" Decrypted: {decryptedData}"); + Environment.Exit(1); + } + + Console.WriteLine(); + Console.WriteLine("=== Example completed successfully! ==="); + } + catch (Exception ex) + { + Console.WriteLine($"Error: {ex.Message}"); + Environment.Exit(1); + } + } + + public static AmazonS3Client CreateS3ECClientKMSMaterial(string kmsKeyId, Dictionary encryptionContextPerClient) + { + EncryptionMaterialsV2 encryptionMaterial = + new EncryptionMaterialsV2(kmsKeyId, KmsType.KmsContext, encryptionContextPerClient); + var configuration = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2, CommitmentPolicy.ForbidEncryptAllowDecrypt, ContentEncryptionAlgorithm.AesGcm); + var encryptionClient = new AmazonS3EncryptionClientV2(configuration, encryptionMaterial); + + return encryptionClient; + } + } +} diff --git a/all-examples/net/v2/s3ec-v2-local b/all-examples/net/v2/s3ec-v2-local new file mode 160000 index 00000000..ca1149d9 --- /dev/null +++ b/all-examples/net/v2/s3ec-v2-local @@ -0,0 +1 @@ +Subproject commit ca1149d9b423591c09d35caa649b3f6846e511a6 diff --git a/all-examples/net/v2/v2.csproj b/all-examples/net/v2/v2.csproj new file mode 100644 index 00000000..cfb74fad --- /dev/null +++ b/all-examples/net/v2/v2.csproj @@ -0,0 +1,19 @@ + + + + Exe + net8.0 + enable + enable + false + + + + + + + + + + + From 2b47f111f9487ad1205d0d7aa28e11d624c3d58e Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Tue, 11 Nov 2025 11:21:29 -0800 Subject: [PATCH 02/12] auto commit --- .gitmodules | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.gitmodules b/.gitmodules index cd55bc91..87368c59 100644 --- a/.gitmodules +++ b/.gitmodules @@ -52,10 +52,6 @@ path = test-server/net-v3-transition-server/s3ec-v3-transition-branch url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git branch = rishav/key-commitment -[submodule "all-examples/net/v2/s3ec-v2-local"] - path = all-examples/net/v2/s3ec-v2-local - url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git - branch = rishav/key-commitment [submodule "all-examples/net/v4/s3ec-v4-local"] path = all-examples/net/v4/s3ec-v4-local url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git From 64f42a321f31160701b3d2bbcbb19e3a50d52db9 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Tue, 11 Nov 2025 11:24:54 -0800 Subject: [PATCH 03/12] auto commit --- .gitmodules | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitmodules b/.gitmodules index 87368c59..b25a8e51 100644 --- a/.gitmodules +++ b/.gitmodules @@ -56,3 +56,7 @@ path = all-examples/net/v4/s3ec-v4-local url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git branch = s3ec-v4-WIP +[submodule "all-examples/net/v2/s3ec-v2-local"] + path = all-examples/net/v2/s3ec-v2-local + url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git + branch = rishav/key-commitment From 91189df71e2250c4ed84ecf372a7a1925c4f3c1c Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Tue, 11 Nov 2025 17:09:17 -0800 Subject: [PATCH 04/12] auto commit --- all-examples/net/v2/Makefile | 0 all-examples/net/v3/Makefile | 66 +++++++++++++++++++ all-examples/net/v3/Program.cs | 115 +++++++++++++++++++++++++++++++++ all-examples/net/v3/v3.csproj | 19 ++++++ 4 files changed, 200 insertions(+) create mode 100644 all-examples/net/v2/Makefile create mode 100644 all-examples/net/v3/Makefile create mode 100644 all-examples/net/v3/Program.cs create mode 100644 all-examples/net/v3/v3.csproj diff --git a/all-examples/net/v2/Makefile b/all-examples/net/v2/Makefile new file mode 100644 index 00000000..e69de29b diff --git a/all-examples/net/v3/Makefile b/all-examples/net/v3/Makefile new file mode 100644 index 00000000..c27e69cf --- /dev/null +++ b/all-examples/net/v3/Makefile @@ -0,0 +1,66 @@ +# Makefile for S3 Encryption Client .NET v3 Example + +# Default target +.PHONY: all install clean run help + +# Default arguments for running the example +# Override these when calling make run +BUCKET_NAME ?= avp-21638 +OBJECT_KEY ?= s3ec-dotnet-v3 +KMS_KEY_ID ?= arn:aws:kms:us-east-2:648638458147:key/a47079da-17e4-45a5-b82e-2bac101cad01 +AWS_REGION ?= us-east-2 + +all: install + +# Install dependencies using .NET modules +install: + @echo "Installing .NET dependencies..." + dotnet restore + @echo "Dependencies installed successfully!" + +# Clean .NET artifacts +clean: + @echo "Cleaning .NET artifacts..." + dotnet clean + @echo "Clean completed!" + +# Run the example with default arguments +run: install + @echo "Running S3 Encryption Client v3 .NET example..." + @echo "Bucket: $(BUCKET_NAME)" + @echo "Object Key: $(OBJECT_KEY)" + @echo "KMS Key ID: $(KMS_KEY_ID)" + @echo "Region: $(AWS_REGION)" + @echo "" + @dotnet run -- $(BUCKET_NAME) $(OBJECT_KEY) $(KMS_KEY_ID) $(AWS_REGION) + +# Run with custom arguments +# Usage: make run-custom BUCKET_NAME=my-bucket OBJECT_KEY=my-key KMS_KEY_ID=my-kms-key AWS_REGION=my-region +run-custom: install + @dotnet run -- $(BUCKET_NAME) $(OBJECT_KEY) $(KMS_KEY_ID) $(AWS_REGION) + +# Show help +help: + @echo "S3 Encryption Client .NET v3 Example Makefile" + @echo "" + @echo "Available targets:" + @echo " install - Install .NET dependencies using .NET modules" + @echo " run - Install dependencies and run the example with default parameters" + @echo " run-custom - Install dependencies and run with custom parameters" + @echo " clean - Remove .NET artifacts" + @echo " help - Show this help message" + @echo "" + @echo "Default parameters:" + @echo " BUCKET_NAME = $(BUCKET_NAME)" + @echo " OBJECT_KEY = $(OBJECT_KEY)" + @echo " KMS_KEY_ID = $(KMS_KEY_ID)" + @echo " AWS_REGION = $(AWS_REGION)" + @echo "" + @echo "To run with custom parameters:" + @echo " make run BUCKET_NAME=your-bucket OBJECT_KEY=your-key KMS_KEY_ID=your-kms-key AWS_REGION=your-region" + @echo "" + @echo "Prerequisites:" + @echo " - Supported .NET framework installed on the system. See https://www.nuget.org/packages/Amazon.Extensions.S3.Encryption for supported one." + @echo " - AWS credentials configured (AWS CLI, environment variables, or IAM role)" + @echo " - Valid S3 bucket and KMS key with appropriate permissions" + @echo " - S3 Encryption Client v3 .NET SDK (included in s3ec-v3-local)" \ No newline at end of file diff --git a/all-examples/net/v3/Program.cs b/all-examples/net/v3/Program.cs new file mode 100644 index 00000000..d98371fd --- /dev/null +++ b/all-examples/net/v3/Program.cs @@ -0,0 +1,115 @@ +using Amazon.Extensions.S3.Encryption; +using Amazon.Extensions.S3.Encryption.Primitives; +using Amazon.S3; +using Amazon.S3.Model; + +namespace S3EncryptionClientV2Example +{ + class Program + { + static async Task Main(string[] args) + { + if (args.Length != 4) + { + Console.WriteLine("Usage: dotnet run "); + Console.WriteLine("Example: dotnet run avp-21638 s3ec-dotnet-v3 arn:aws:kms:us-east-2:648638458147:key/a47079da-17e4-45a5-b82e-2bac101cad01 us-east-2"); + Environment.Exit(1); + } + + var bucketName = args[0]; + var objectKey = args[1]; + var kmsKeyId = args[2]; + var region = args[3]; + + Console.WriteLine("=== S3 Encryption Client v3 Example (.NET) ==="); + Console.WriteLine($"Bucket: {bucketName}"); + Console.WriteLine($"Object Key: {objectKey}"); + Console.WriteLine($"KMS Key ID: {kmsKeyId}"); + Console.WriteLine($"Region: {region}"); + Console.WriteLine(); + + try + { + var testData = "Hello, World! This is a test message for S3 encryption client v3 in .NET."; + Console.WriteLine($"Original data: {testData}"); + Console.WriteLine($"Data length: {testData.Length} bytes"); + Console.WriteLine(); + + Console.WriteLine("--- Initialize S3 Encryption Client v2 ---"); + + var encryptionContextPerClient = new Dictionary + { + ["purpose"] = "example", + ["version"] = "v2", + ["language"] = "dotnet" + }; + + var s3Client = CreateS3ECWithKms(kmsKeyId, encryptionContextPerClient); + Console.WriteLine("Successfully initialized S3 Encryption Client v2"); + + Console.WriteLine("--- Encrypt and Upload Object to S3 ---"); + + await s3Client.PutObjectAsync(new PutObjectRequest + { + BucketName = bucketName, + Key = objectKey, + ContentBody = testData + }); + + Console.WriteLine("Successfully uploaded encrypted object to S3!"); + Console.WriteLine($" Bucket: {bucketName}"); + Console.WriteLine($" Key: {objectKey}"); + Console.WriteLine($" Encryption Context: {string.Join(", ", encryptionContextPerClient)}"); + Console.WriteLine(); + + Console.WriteLine("--- Download and Decrypt Object from S3 ---"); + + var getResponse = await s3Client.GetObjectAsync(bucketName, objectKey); + string decryptedData; + using (var reader = new System.IO.StreamReader(getResponse.ResponseStream)) + { + decryptedData = await reader.ReadToEndAsync(); + } + + Console.WriteLine("Successfully downloaded and decrypted object from S3!"); + Console.WriteLine($" Object size: {decryptedData.Length} bytes"); + Console.WriteLine($" Decrypted data: {decryptedData}"); + Console.WriteLine(); + + Console.WriteLine("--- Verify Roundtrip Success ---"); + + if (decryptedData == testData) + { + Console.WriteLine("SUCCESS: Roundtrip encryption/decryption completed successfully!"); + Console.WriteLine(" Original data matches decrypted data"); + Console.WriteLine(" Data integrity verified"); + } + else + { + Console.WriteLine("ERROR: Roundtrip failed - data mismatch"); + Console.WriteLine($" Original: {testData}"); + Console.WriteLine($" Decrypted: {decryptedData}"); + Environment.Exit(1); + } + + Console.WriteLine(); + Console.WriteLine("=== Example completed successfully! ==="); + } + catch (Exception ex) + { + Console.WriteLine($"Error: {ex.Message}"); + Environment.Exit(1); + } + } + + private static AmazonS3Client CreateS3ECWithKms(string kmsKeyId, Dictionary encryptionContextPerClient) + { + var encryptionMaterial = + new EncryptionMaterialsV2(kmsKeyId, KmsType.KmsContext, encryptionContextPerClient); + var configuration = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2, CommitmentPolicy.ForbidEncryptAllowDecrypt, ContentEncryptionAlgorithm.AesGcm); + var encryptionClient = new AmazonS3EncryptionClientV2(configuration, encryptionMaterial); + + return encryptionClient; + } + } +} diff --git a/all-examples/net/v3/v3.csproj b/all-examples/net/v3/v3.csproj new file mode 100644 index 00000000..7ff12786 --- /dev/null +++ b/all-examples/net/v3/v3.csproj @@ -0,0 +1,19 @@ + + + + Exe + net8.0 + enable + enable + false + + + + + + + + + + + From d1d394c7b4541944317204d186c23d554eafd33c Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Tue, 11 Nov 2025 22:05:24 -0800 Subject: [PATCH 05/12] auto commit --- all-examples/net/v3/Program.cs | 95 ++++++++++------------------------ all-examples/net/v3/v3.csproj | 4 +- 2 files changed, 30 insertions(+), 69 deletions(-) diff --git a/all-examples/net/v3/Program.cs b/all-examples/net/v3/Program.cs index d98371fd..e3f7ce81 100644 --- a/all-examples/net/v3/Program.cs +++ b/all-examples/net/v3/Program.cs @@ -1,9 +1,15 @@ +using Amazon; using Amazon.Extensions.S3.Encryption; using Amazon.Extensions.S3.Encryption.Primitives; using Amazon.S3; using Amazon.S3.Model; -namespace S3EncryptionClientV2Example +using Amazon.Extensions.S3.Encryption; +using Amazon.Extensions.S3.Encryption.Primitives; +using Amazon.S3; +using Amazon.S3.Model; + +namespace S3EncryptionClientV3Example { class Program { @@ -12,43 +18,18 @@ static async Task Main(string[] args) if (args.Length != 4) { Console.WriteLine("Usage: dotnet run "); - Console.WriteLine("Example: dotnet run avp-21638 s3ec-dotnet-v3 arn:aws:kms:us-east-2:648638458147:key/a47079da-17e4-45a5-b82e-2bac101cad01 us-east-2"); Environment.Exit(1); } - var bucketName = args[0]; - var objectKey = args[1]; - var kmsKeyId = args[2]; - var region = args[3]; + var (bucketName, objectKey, kmsKeyId, region) = (args[0], args[1], args[2], args[3]); + var testData = "Hello, World! This is a test message for S3 encryption client v3 in .NET."; Console.WriteLine("=== S3 Encryption Client v3 Example (.NET) ==="); - Console.WriteLine($"Bucket: {bucketName}"); - Console.WriteLine($"Object Key: {objectKey}"); - Console.WriteLine($"KMS Key ID: {kmsKeyId}"); - Console.WriteLine($"Region: {region}"); - Console.WriteLine(); try { - var testData = "Hello, World! This is a test message for S3 encryption client v3 in .NET."; - Console.WriteLine($"Original data: {testData}"); - Console.WriteLine($"Data length: {testData.Length} bytes"); - Console.WriteLine(); + var s3Client = CreateS3ECWithKms(kmsKeyId, region); - Console.WriteLine("--- Initialize S3 Encryption Client v2 ---"); - - var encryptionContextPerClient = new Dictionary - { - ["purpose"] = "example", - ["version"] = "v2", - ["language"] = "dotnet" - }; - - var s3Client = CreateS3ECWithKms(kmsKeyId, encryptionContextPerClient); - Console.WriteLine("Successfully initialized S3 Encryption Client v2"); - - Console.WriteLine("--- Encrypt and Upload Object to S3 ---"); - await s3Client.PutObjectAsync(new PutObjectRequest { BucketName = bucketName, @@ -56,44 +37,17 @@ await s3Client.PutObjectAsync(new PutObjectRequest ContentBody = testData }); - Console.WriteLine("Successfully uploaded encrypted object to S3!"); - Console.WriteLine($" Bucket: {bucketName}"); - Console.WriteLine($" Key: {objectKey}"); - Console.WriteLine($" Encryption Context: {string.Join(", ", encryptionContextPerClient)}"); - Console.WriteLine(); - - Console.WriteLine("--- Download and Decrypt Object from S3 ---"); - var getResponse = await s3Client.GetObjectAsync(bucketName, objectKey); - string decryptedData; - using (var reader = new System.IO.StreamReader(getResponse.ResponseStream)) - { - decryptedData = await reader.ReadToEndAsync(); - } + using var reader = new StreamReader(getResponse.ResponseStream); + var decryptedData = await reader.ReadToEndAsync(); - Console.WriteLine("Successfully downloaded and decrypted object from S3!"); - Console.WriteLine($" Object size: {decryptedData.Length} bytes"); - Console.WriteLine($" Decrypted data: {decryptedData}"); - Console.WriteLine(); - - Console.WriteLine("--- Verify Roundtrip Success ---"); - - if (decryptedData == testData) - { - Console.WriteLine("SUCCESS: Roundtrip encryption/decryption completed successfully!"); - Console.WriteLine(" Original data matches decrypted data"); - Console.WriteLine(" Data integrity verified"); - } - else + if (decryptedData != testData) { Console.WriteLine("ERROR: Roundtrip failed - data mismatch"); - Console.WriteLine($" Original: {testData}"); - Console.WriteLine($" Decrypted: {decryptedData}"); Environment.Exit(1); } - Console.WriteLine(); - Console.WriteLine("=== Example completed successfully! ==="); + Console.WriteLine("SUCCESS: Roundtrip encryption/decryption completed successfully!"); } catch (Exception ex) { @@ -102,14 +56,21 @@ await s3Client.PutObjectAsync(new PutObjectRequest } } - private static AmazonS3Client CreateS3ECWithKms(string kmsKeyId, Dictionary encryptionContextPerClient) + private static AmazonS3Client CreateS3ECWithKms(string kmsKeyId, string region) { - var encryptionMaterial = - new EncryptionMaterialsV2(kmsKeyId, KmsType.KmsContext, encryptionContextPerClient); - var configuration = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2, CommitmentPolicy.ForbidEncryptAllowDecrypt, ContentEncryptionAlgorithm.AesGcm); - var encryptionClient = new AmazonS3EncryptionClientV2(configuration, encryptionMaterial); - - return encryptionClient; + var encryptionContextPerClient = new Dictionary + { + ["purpose"] = "example", + ["version"] = "v3", + ["language"] = "dotnet" + }; + + var encryptionMaterial = new EncryptionMaterialsV2(kmsKeyId, KmsType.KmsContext, encryptionContextPerClient); + var configuration = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2, CommitmentPolicy.ForbidEncryptAllowDecrypt, ContentEncryptionAlgorithm.AesGcm) + { + RegionEndpoint = RegionEndpoint.GetBySystemName(region) + }; + return new AmazonS3EncryptionClientV2(configuration, encryptionMaterial); } } } diff --git a/all-examples/net/v3/v3.csproj b/all-examples/net/v3/v3.csproj index 7ff12786..cfb74fad 100644 --- a/all-examples/net/v3/v3.csproj +++ b/all-examples/net/v3/v3.csproj @@ -9,11 +9,11 @@ - + - + From 13e911b92d67e2d3ec50f0388cdc4d23f1ca2308 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Tue, 11 Nov 2025 22:06:10 -0800 Subject: [PATCH 06/12] auto commit --- .gitmodules | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitmodules b/.gitmodules index b25a8e51..7a0c8c51 100644 --- a/.gitmodules +++ b/.gitmodules @@ -56,7 +56,7 @@ path = all-examples/net/v4/s3ec-v4-local url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git branch = s3ec-v4-WIP -[submodule "all-examples/net/v2/s3ec-v2-local"] - path = all-examples/net/v2/s3ec-v2-local +[submodule "all-examples/net/v3/s3ec-v3-local"] + path = all-examples/net/v3/s3ec-v3-local url = https://github.com/aws/private-amazon-s3-encryption-client-dotnet-staging.git branch = rishav/key-commitment From c424b6956c406ab243fca4e76e3069018e11702d Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Tue, 11 Nov 2025 22:06:26 -0800 Subject: [PATCH 07/12] rm v2 --- all-examples/net/v2/Makefile | 0 all-examples/net/v2/Program.cs | 115 ------------------------------ all-examples/net/v2/s3ec-v2-local | 1 - all-examples/net/v2/v2.csproj | 19 ----- 4 files changed, 135 deletions(-) delete mode 100644 all-examples/net/v2/Makefile delete mode 100644 all-examples/net/v2/Program.cs delete mode 160000 all-examples/net/v2/s3ec-v2-local delete mode 100644 all-examples/net/v2/v2.csproj diff --git a/all-examples/net/v2/Makefile b/all-examples/net/v2/Makefile deleted file mode 100644 index e69de29b..00000000 diff --git a/all-examples/net/v2/Program.cs b/all-examples/net/v2/Program.cs deleted file mode 100644 index 499cbf74..00000000 --- a/all-examples/net/v2/Program.cs +++ /dev/null @@ -1,115 +0,0 @@ -using System; -using System.Collections.Generic; -using System.Threading.Tasks; -using Amazon.S3; - -namespace S3EncryptionClientV3Example -{ - class Program - { - static async Task Main(string[] args) - { - if (args.Length != 4) - { - Console.WriteLine("Usage: dotnet run "); - Console.WriteLine("Example: dotnet run avp-21638 s3ec-dotnet-v3 arn:aws:kms:us-east-2:648638458147:key/a47079da-17e4-45a5-b82e-2bac101cad01 us-east-2"); - Environment.Exit(1); - } - - string bucketName = args[0]; - string objectKey = args[1]; - string kmsKeyId = args[2]; - string region = args[3]; - - Console.WriteLine("=== S3 Encryption Client v3 Example (.NET) ==="); - Console.WriteLine($"Bucket: {bucketName}"); - Console.WriteLine($"Object Key: {objectKey}"); - Console.WriteLine($"KMS Key ID: {kmsKeyId}"); - Console.WriteLine($"Region: {region}"); - Console.WriteLine(); - - try - { - string testData = "Hello, World! This is a test message for S3 encryption client v3 in .NET."; - Console.WriteLine($"Original data: {testData}"); - Console.WriteLine($"Data length: {testData.Length} bytes"); - Console.WriteLine(); - - Console.WriteLine("--- Initialize S3 Encryption Client v2 ---"); - - var encryptionContextPerClient = new Dictionary - { - ["purpose"] = "example", - ["version"] = "v2", - ["language"] = "dotnet" - }; - - var s3Client = CreateS3ECClientKMSMaterial(kmsKeyId, encryptionContextPerClient); - Console.WriteLine("Successfully initialized S3 Encryption Client v2"); - - Console.WriteLine("--- Encrypt and Upload Object to S3 ---"); - - await s3Client.PutObjectAsync(new Amazon.S3.Model.PutObjectRequest - { - BucketName = bucketName, - Key = objectKey, - ContentBody = testData - }); - - Console.WriteLine("Successfully uploaded encrypted object to S3!"); - Console.WriteLine($" Bucket: {bucketName}"); - Console.WriteLine($" Key: {objectKey}"); - Console.WriteLine($" Encryption Context: {string.Join(", ", encryptionContextPerClient)}"); - Console.WriteLine(); - - Console.WriteLine("--- Download and Decrypt Object from S3 ---"); - - var getResponse = await s3Client.GetObjectAsync(bucketName, objectKey); - string decryptedData; - using (var reader = new System.IO.StreamReader(getResponse.ResponseStream)) - { - decryptedData = await reader.ReadToEndAsync(); - } - - Console.WriteLine("Successfully downloaded and decrypted object from S3!"); - Console.WriteLine($" Object size: {decryptedData.Length} bytes"); - Console.WriteLine($" Decrypted data: {decryptedData}"); - Console.WriteLine(); - - Console.WriteLine("--- Verify Roundtrip Success ---"); - - if (decryptedData == testData) - { - Console.WriteLine("SUCCESS: Roundtrip encryption/decryption completed successfully!"); - Console.WriteLine(" Original data matches decrypted data"); - Console.WriteLine(" Data integrity verified"); - } - else - { - Console.WriteLine("ERROR: Roundtrip failed - data mismatch"); - Console.WriteLine($" Original: {testData}"); - Console.WriteLine($" Decrypted: {decryptedData}"); - Environment.Exit(1); - } - - Console.WriteLine(); - Console.WriteLine("=== Example completed successfully! ==="); - } - catch (Exception ex) - { - Console.WriteLine($"Error: {ex.Message}"); - Environment.Exit(1); - } - } - - public static AmazonS3Client CreateS3ECClientKMSMaterial(string kmsKeyId, Dictionary encryptionContextPerClient) - { - EncryptionMaterialsV2 encryptionMaterial = - new EncryptionMaterialsV2(kmsKeyId, KmsType.KmsContext, encryptionContextPerClient); - var configuration = new AmazonS3CryptoConfigurationV2(SecurityProfile.V2, CommitmentPolicy.ForbidEncryptAllowDecrypt, ContentEncryptionAlgorithm.AesGcm); - var encryptionClient = new AmazonS3EncryptionClientV2(configuration, encryptionMaterial); - - return encryptionClient; - } - } -} diff --git a/all-examples/net/v2/s3ec-v2-local b/all-examples/net/v2/s3ec-v2-local deleted file mode 160000 index ca1149d9..00000000 --- a/all-examples/net/v2/s3ec-v2-local +++ /dev/null @@ -1 +0,0 @@ -Subproject commit ca1149d9b423591c09d35caa649b3f6846e511a6 diff --git a/all-examples/net/v2/v2.csproj b/all-examples/net/v2/v2.csproj deleted file mode 100644 index cfb74fad..00000000 --- a/all-examples/net/v2/v2.csproj +++ /dev/null @@ -1,19 +0,0 @@ - - - - Exe - net8.0 - enable - enable - false - - - - - - - - - - - From fd87bfd41478d037093e0a926b17b282c185e68d Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Tue, 11 Nov 2025 22:12:53 -0800 Subject: [PATCH 08/12] v4 --- all-examples/net/v4/Makefile | 66 +++++++++++++++++++++++++++ all-examples/net/v4/Program.cs | 76 +++++++++++++++++++++++++++++++ all-examples/net/v4/s3ec-v4-local | 1 + all-examples/net/v4/v4.csproj | 19 ++++++++ 4 files changed, 162 insertions(+) create mode 100644 all-examples/net/v4/Makefile create mode 100644 all-examples/net/v4/Program.cs create mode 160000 all-examples/net/v4/s3ec-v4-local create mode 100644 all-examples/net/v4/v4.csproj diff --git a/all-examples/net/v4/Makefile b/all-examples/net/v4/Makefile new file mode 100644 index 00000000..1c07b188 --- /dev/null +++ b/all-examples/net/v4/Makefile @@ -0,0 +1,66 @@ +# Makefile for S3 Encryption Client .NET v4 Example + +# Default target +.PHONY: all install clean run help + +# Default arguments for running the example +# Override these when calling make run +BUCKET_NAME ?= avp-21638 +OBJECT_KEY ?= s3ec-dotnet-v4 +KMS_KEY_ID ?= arn:aws:kms:us-east-2:648638458147:key/a47079da-17e4-45a5-b82e-2bac101cad01 +AWS_REGION ?= us-east-2 + +all: install + +# Install dependencies using .NET modules +install: + @echo "Installing .NET dependencies..." + dotnet restore + @echo "Dependencies installed successfully!" + +# Clean .NET artifacts +clean: + @echo "Cleaning .NET artifacts..." + dotnet clean + @echo "Clean completed!" + +# Run the example with default arguments +run: install + @echo "Running S3 Encryption Client v4 .NET example..." + @echo "Bucket: $(BUCKET_NAME)" + @echo "Object Key: $(OBJECT_KEY)" + @echo "KMS Key ID: $(KMS_KEY_ID)" + @echo "Region: $(AWS_REGION)" + @echo "" + @dotnet run -- $(BUCKET_NAME) $(OBJECT_KEY) $(KMS_KEY_ID) $(AWS_REGION) + +# Run with custom arguments +# Usage: make run-custom BUCKET_NAME=my-bucket OBJECT_KEY=my-key KMS_KEY_ID=my-kms-key AWS_REGION=my-region +run-custom: install + @dotnet run -- $(BUCKET_NAME) $(OBJECT_KEY) $(KMS_KEY_ID) $(AWS_REGION) + +# Show help +help: + @echo "S3 Encryption Client .NET v4 Example Makefile" + @echo "" + @echo "Available targets:" + @echo " install - Install .NET dependencies using .NET modules" + @echo " run - Install dependencies and run the example with default parameters" + @echo " run-custom - Install dependencies and run with custom parameters" + @echo " clean - Remove .NET artifacts" + @echo " help - Show this help message" + @echo "" + @echo "Default parameters:" + @echo " BUCKET_NAME = $(BUCKET_NAME)" + @echo " OBJECT_KEY = $(OBJECT_KEY)" + @echo " KMS_KEY_ID = $(KMS_KEY_ID)" + @echo " AWS_REGION = $(AWS_REGION)" + @echo "" + @echo "To run with custom parameters:" + @echo " make run BUCKET_NAME=your-bucket OBJECT_KEY=your-key KMS_KEY_ID=your-kms-key AWS_REGION=your-region" + @echo "" + @echo "Prerequisites:" + @echo " - Supported .NET framework installed on the system. See https://www.nuget.org/packages/Amazon.Extensions.S3.Encryption for supported one." + @echo " - AWS credentials configured (AWS CLI, environment variables, or IAM role)" + @echo " - Valid S3 bucket and KMS key with appropriate permissions" + @echo " - S3 Encryption Client v4 .NET SDK (included in s3ec-v4-local)" \ No newline at end of file diff --git a/all-examples/net/v4/Program.cs b/all-examples/net/v4/Program.cs new file mode 100644 index 00000000..40533c6a --- /dev/null +++ b/all-examples/net/v4/Program.cs @@ -0,0 +1,76 @@ +using Amazon; +using Amazon.Extensions.S3.Encryption; +using Amazon.Extensions.S3.Encryption.Primitives; +using Amazon.S3; +using Amazon.S3.Model; + +using Amazon.Extensions.S3.Encryption; +using Amazon.Extensions.S3.Encryption.Primitives; +using Amazon.S3; +using Amazon.S3.Model; + +namespace S3EncryptionClientV4Example +{ + class Program + { + static async Task Main(string[] args) + { + if (args.Length != 4) + { + Console.WriteLine("Usage: dotnet run "); + Environment.Exit(1); + } + + var (bucketName, objectKey, kmsKeyId, region) = (args[0], args[1], args[2], args[3]); + var testData = "Hello, World! This is a test message for S3 encryption client v4 in .NET."; + + Console.WriteLine("=== S3 Encryption Client v4 Example (.NET) ==="); + + try + { + var s3Client = CreateS3ECWithKms(kmsKeyId, region); + + await s3Client.PutObjectAsync(new PutObjectRequest + { + BucketName = bucketName, + Key = objectKey, + ContentBody = testData + }); + + var getResponse = await s3Client.GetObjectAsync(bucketName, objectKey); + using var reader = new StreamReader(getResponse.ResponseStream); + var decryptedData = await reader.ReadToEndAsync(); + + if (decryptedData != testData) + { + Console.WriteLine("ERROR: Roundtrip failed - data mismatch"); + Environment.Exit(1); + } + + Console.WriteLine("SUCCESS: Roundtrip encryption/decryption completed successfully!"); + } + catch (Exception ex) + { + Console.WriteLine($"Error: {ex.Message}"); + Environment.Exit(1); + } + } + + private static AmazonS3Client CreateS3ECWithKms(string kmsKeyId, string region) + { + var encryptionContextPerClient = new Dictionary + { + ["purpose"] = "example", + ["version"] = "v4", + ["language"] = "dotnet" + }; + + var encryptionMaterial = new EncryptionMaterialsV4(kmsKeyId, KmsType.KmsContext, encryptionContextPerClient); + var configuration = new AmazonS3CryptoConfigurationV4(SecurityProfile.V4, CommitmentPolicy.RequireEncryptRequireDecrypt, ContentEncryptionAlgorithm.AesGcmWithCommitment) + { + RegionEndpoint = RegionEndpoint.GetBySystemName(region) + }; + return new AmazonS3EncryptionClientV4(configuration, encryptionMaterial); + } + } +} diff --git a/all-examples/net/v4/s3ec-v4-local b/all-examples/net/v4/s3ec-v4-local new file mode 160000 index 00000000..691d22a5 --- /dev/null +++ b/all-examples/net/v4/s3ec-v4-local @@ -0,0 +1 @@ +Subproject commit 691d22a504184fd71f2dae7fd354bd669b58cc07 diff --git a/all-examples/net/v4/v4.csproj b/all-examples/net/v4/v4.csproj new file mode 100644 index 00000000..6d223a92 --- /dev/null +++ b/all-examples/net/v4/v4.csproj @@ -0,0 +1,19 @@ + + + + Exe + net8.0 + enable + enable + false + + + + + + + + + + + From 29b956d7035a581b72d1a21001cc82f6cdfc3821 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Tue, 11 Nov 2025 22:17:33 -0800 Subject: [PATCH 09/12] auto commit --- .github/workflows/examples.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml index cecb6989..c4ae10bb 100644 --- a/.github/workflows/examples.yml +++ b/.github/workflows/examples.yml @@ -26,21 +26,21 @@ jobs: ref: fire-egg-dev path: all-examples/cpp/aws-sdk-cpp/ - - name: Checkout .NET V2 code + - name: Checkout .NET V3 code uses: actions/checkout@v5 with: token: ${{ secrets.PAT_FOR_DOTNET }} repository: aws/private-amazon-s3-encryption-client-dotnet-staging - ref: v3sdk-development - path: test-server/net-v2-v3-server/s3ec-net-v2/ + ref: rishav/key-commitment + path: all-examples/net/v3/s3ec-v3-local - - name: Checkout .NET V3 code + - name: Checkout .NET V4 code uses: actions/checkout@v5 with: token: ${{ secrets.PAT_FOR_DOTNET }} repository: aws/private-amazon-s3-encryption-client-dotnet-staging - ref: s3ec-v3 - path: test-server/net-v2-v3-server/s3ec-net-v3 + ref: s3ec-v4-WIP + path: all-examples/net/v4/s3ec-v4-local - name: Set up Python uses: actions/setup-python@v5 From 2de0ef5e0da1fe7a900d28f10cee3db0c2fe94b2 Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Tue, 11 Nov 2025 22:21:14 -0800 Subject: [PATCH 10/12] submodule --- all-examples/net/v3/s3ec-v3-local | 1 + 1 file changed, 1 insertion(+) create mode 160000 all-examples/net/v3/s3ec-v3-local diff --git a/all-examples/net/v3/s3ec-v3-local b/all-examples/net/v3/s3ec-v3-local new file mode 160000 index 00000000..ca1149d9 --- /dev/null +++ b/all-examples/net/v3/s3ec-v3-local @@ -0,0 +1 @@ +Subproject commit ca1149d9b423591c09d35caa649b3f6846e511a6 From f530eb442d8580df6be30989af0bd05a9b6a992f Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Tue, 11 Nov 2025 23:04:44 -0800 Subject: [PATCH 11/12] auto commit --- all-examples/net/v3/Makefile | 18 +++++++++--------- all-examples/net/v3/Program.cs | 8 ++++---- all-examples/net/v4/Makefile | 18 +++++++++--------- all-examples/net/v4/Program.cs | 8 ++++---- 4 files changed, 26 insertions(+), 26 deletions(-) diff --git a/all-examples/net/v3/Makefile b/all-examples/net/v3/Makefile index c27e69cf..c375acc7 100644 --- a/all-examples/net/v3/Makefile +++ b/all-examples/net/v3/Makefile @@ -14,23 +14,23 @@ all: install # Install dependencies using .NET modules install: - @echo "Installing .NET dependencies..." + @echo "[NET V3] Installing .NET dependencies..." dotnet restore - @echo "Dependencies installed successfully!" + @echo "[NET V3] Dependencies installed successfully!" # Clean .NET artifacts clean: - @echo "Cleaning .NET artifacts..." + @echo "[NET V3] Cleaning .NET artifacts..." dotnet clean - @echo "Clean completed!" + @echo "[NET V3] Clean completed!" # Run the example with default arguments run: install - @echo "Running S3 Encryption Client v3 .NET example..." - @echo "Bucket: $(BUCKET_NAME)" - @echo "Object Key: $(OBJECT_KEY)" - @echo "KMS Key ID: $(KMS_KEY_ID)" - @echo "Region: $(AWS_REGION)" + @echo "[NET V3] Running S3 Encryption Client v3 .NET example..." + @echo "[NET V3] Bucket: $(BUCKET_NAME)" + @echo "[NET V3] Object Key: $(OBJECT_KEY)" + @echo "[NET V3] KMS Key ID: $(KMS_KEY_ID)" + @echo "[NET V3] Region: $(AWS_REGION)" @echo "" @dotnet run -- $(BUCKET_NAME) $(OBJECT_KEY) $(KMS_KEY_ID) $(AWS_REGION) diff --git a/all-examples/net/v3/Program.cs b/all-examples/net/v3/Program.cs index e3f7ce81..6c1336f6 100644 --- a/all-examples/net/v3/Program.cs +++ b/all-examples/net/v3/Program.cs @@ -17,7 +17,7 @@ static async Task Main(string[] args) { if (args.Length != 4) { - Console.WriteLine("Usage: dotnet run "); + Console.WriteLine("[NET V3] Usage: dotnet run "); Environment.Exit(1); } @@ -43,15 +43,15 @@ await s3Client.PutObjectAsync(new PutObjectRequest if (decryptedData != testData) { - Console.WriteLine("ERROR: Roundtrip failed - data mismatch"); + Console.WriteLine("[NET V3] ERROR: Roundtrip failed - data mismatch"); Environment.Exit(1); } - Console.WriteLine("SUCCESS: Roundtrip encryption/decryption completed successfully!"); + Console.WriteLine("[NET V3] SUCCESS: Roundtrip encryption/decryption completed successfully!"); } catch (Exception ex) { - Console.WriteLine($"Error: {ex.Message}"); + Console.WriteLine($"[NET V3] Error: {ex.Message}"); Environment.Exit(1); } } diff --git a/all-examples/net/v4/Makefile b/all-examples/net/v4/Makefile index 1c07b188..f45fbdfd 100644 --- a/all-examples/net/v4/Makefile +++ b/all-examples/net/v4/Makefile @@ -14,23 +14,23 @@ all: install # Install dependencies using .NET modules install: - @echo "Installing .NET dependencies..." + @echo "[NET V4] Installing .NET dependencies..." dotnet restore - @echo "Dependencies installed successfully!" + @echo "[NET V4] Dependencies installed successfully!" # Clean .NET artifacts clean: - @echo "Cleaning .NET artifacts..." + @echo "[NET V4] Cleaning .NET artifacts..." dotnet clean - @echo "Clean completed!" + @echo "[NET V4] Clean completed!" # Run the example with default arguments run: install - @echo "Running S3 Encryption Client v4 .NET example..." - @echo "Bucket: $(BUCKET_NAME)" - @echo "Object Key: $(OBJECT_KEY)" - @echo "KMS Key ID: $(KMS_KEY_ID)" - @echo "Region: $(AWS_REGION)" + @echo "[NET V4] Running S3 Encryption Client v4 .NET example..." + @echo "[NET V4] Bucket: $(BUCKET_NAME)" + @echo "[NET V4] Object Key: $(OBJECT_KEY)" + @echo "[NET V4] KMS Key ID: $(KMS_KEY_ID)" + @echo "[NET V4] Region: $(AWS_REGION)" @echo "" @dotnet run -- $(BUCKET_NAME) $(OBJECT_KEY) $(KMS_KEY_ID) $(AWS_REGION) diff --git a/all-examples/net/v4/Program.cs b/all-examples/net/v4/Program.cs index 40533c6a..a8c799a6 100644 --- a/all-examples/net/v4/Program.cs +++ b/all-examples/net/v4/Program.cs @@ -17,7 +17,7 @@ static async Task Main(string[] args) { if (args.Length != 4) { - Console.WriteLine("Usage: dotnet run "); + Console.WriteLine("[NET V4] Usage: dotnet run "); Environment.Exit(1); } @@ -43,15 +43,15 @@ await s3Client.PutObjectAsync(new PutObjectRequest if (decryptedData != testData) { - Console.WriteLine("ERROR: Roundtrip failed - data mismatch"); + Console.WriteLine("[NET V4] ERROR: Roundtrip failed - data mismatch"); Environment.Exit(1); } - Console.WriteLine("SUCCESS: Roundtrip encryption/decryption completed successfully!"); + Console.WriteLine("[NET V4] SUCCESS: Roundtrip encryption/decryption completed successfully!"); } catch (Exception ex) { - Console.WriteLine($"Error: {ex.Message}"); + Console.WriteLine($"[NET V4] Error: {ex.Message}"); Environment.Exit(1); } } From 69afc3d90892d229437334ea52947e5e62adce9f Mon Sep 17 00:00:00 2001 From: rishav-karanjit Date: Wed, 12 Nov 2025 13:19:35 -0800 Subject: [PATCH 12/12] auto commit --- all-examples/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/all-examples/README.md b/all-examples/README.md index 59bc2d6c..8472de78 100644 --- a/all-examples/README.md +++ b/all-examples/README.md @@ -9,7 +9,7 @@ Each language has subdirectories for different major versions of the S3 Encrypti - `cpp/` - C++ examples - `v2/` - S3EC C++ v2 example (transitional) - `v3/` - S3EC C++ v3 example (improved) -- `dotnet/` - .NET examples +- `net/` - .NET examples - `v3/` - S3EC .NET v3 example (transitional) - `v4/` - S3EC .NET v4 example (improved) - `go/` - Go examples