c# - Client side public key encryption
问题描述
We are building a mobile app that has the following functions
- Capture user information (text, audio) while not connected to the internet
- Store the information on the device, encrypted using a server-side public key
- When internet connectivity is available, upload to s3 using pre-signed URL
- Once the file is available in s3 another background process(?) decrypts it using the server-side private of the above public-key and copy to another bucket
Due to regulatory requirements, files on the device need to be encrypted at rest while not connected to the internet. Otherwise s3 encryption client (AmazonS3EncryptionClient
) could be used for this purpose to encrypt on the fly when uploading to.
My question is on step 4. Is it possible to use an s3 trigger lambda function for this step? I imagine the limit of available disk size for lambda will mean copying file from s3 to lambda local directory will not work for large files (the files can be few gigabytes large). What other options are available (preferably serverless)? What about streaming s3 object and decrypt in-memory?
解决方案
是否可以在此步骤中使用 s3 触发器 lambda 函数?.. 流式传输 s3 对象并在内存中解密呢?
您可以在 s3 上作为流读取-解密-写入,然后 lambda 限制将在执行时间(900 秒 = 15 分钟)。如果您可以在 15 分钟内处理该文件,那么使用 lamba 可能是个好主意。恕我直言,您可以在 15 分钟内处理大量 GB,但总有 15 分钟。限制(前段时间是 5 分钟)。
还有哪些其他选项可用
如果您想在没有任何处理时间限制的情况下处理文件,我建议让 s3 lambda 向AWS 作业队列发送消息
推荐阅读
- python - 在 Flask 后端导入请求模块时出错
- javascript - 数据库保存日期没有时间,postgres
- sql-server - 如何在 Visual Studio 2019 中将 SQL 数据库和水晶报表添加到部署项目(安装项目)?
- java - Maven:强制在运行时存在类路径资源
- node.js - 如何从 Node/Express JS 的父文件夹中获取模块?
- python - 如何找到javascript链接并点击它?
- winforms - JAWS 未读取按钮的 AccessibilityDescription
- python - 在字段中为 rest API 端点序列化字典 django rest 框架
- akka.net - 在 Akka TestKit 中捕获演员构造的错误
- c++ - c++模板,如何将模板参数映射到其他模板参数