使用 .NET 创建内容密钥Create ContentKeys with .NET

媒体服务允许创建资产和传送加密的资产。Media Services enables you to create and deliver encrypted assets. ContentKey 提供对资产的安全访问。A ContentKey provides secure access to your Assets.

创建新资产时(例如,上传文件之前),可以指定以下加密选项:StorageEncryptedCommonEncryptionProtectedEnvelopeEncryptionProtectedWhen you create a new asset (for example, before you upload files), you can specify the following encryption options: StorageEncrypted, CommonEncryptionProtected, or EnvelopeEncryptionProtected.

将资产传送到客户端时,可以使用以下两个加密选项之一将资产配置为动态加密DynamicEnvelopeEncryptionDynamicCommonEncryptionWhen you deliver assets to your clients, you can configure for assets to be dynamically encrypted with one of the following two encryptions: DynamicEnvelopeEncryption or DynamicCommonEncryption.

加密的资产必须与 ContentKey 关联。Encrypted assets have to be associated with ContentKeys. 本文介绍如何创建内容密钥。This article describes how to create a content key.

备注

使用媒体服务 .NET SDK 创建新的 StorageEncrypted 资产时,会自动创建 ContentKey 并将其链接到资产。When creating a new StorageEncrypted asset using the Media Services .NET SDK , the ContentKey is automatically created and linked with the asset.

ContentKeyTypeContentKeyType

创建内容密钥时必须设置的值之一是内容密钥类型。One of the values that you must set when create a content key is the content key type. 选择以下值之一。Choose from one of the following values.

    public enum ContentKeyType
    {
        /// <summary>
        /// Specifies a content key for common encryption.
        /// </summary>
        /// <remarks>This is the default value.</remarks>
        CommonEncryption = 0,

        /// <summary>
        /// Specifies a content key for storage encryption.
        /// </summary>
        StorageEncryption = 1,

        /// <summary>
        /// Specifies a content key for configuration encryption.
        /// </summary>
        ConfigurationEncryption = 2,

        /// <summary>
        /// Specifies a content key for Envelope encryption.  Only used internally.
        /// </summary>
        EnvelopeEncryption = 4
    }

创建信封类型 ContentKeyCreate envelope type ContentKey

以下代码段创建信封加密类型的内容密钥。The following code snippet creates a content key of the envelope encryption type. 然后,它将密钥与指定的资产关联。It then associates the key with the specified asset.

    static public IContentKey CreateEnvelopeTypeContentKey(IAsset asset)
    {
        // Create envelope encryption content key
        Guid keyId = Guid.NewGuid();
        byte[] contentKey = GetRandomBuffer(16);

        IContentKey key = _context.ContentKeys.Create(
                                keyId,
                                contentKey,
                                "ContentKey",
                                ContentKeyType.EnvelopeEncryption);

        asset.ContentKeys.Add(key);

        return key;
    }

    static private byte[] GetRandomBuffer(int size)
    {
        byte[] randomBytes = new byte[size];
        using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
        {
            rng.GetBytes(randomBytes);
        }

        return randomBytes;
    }

call

    IContentKey key = CreateEnvelopeTypeContentKey(encryptedsset);

创建通用类型 ContentKeyCreate common type ContentKey

以下代码段创建公共加密类型的内容密钥。The following code snippet creates a content key of the common encryption type. 然后,它将密钥与指定的资产关联。It then associates the key with the specified asset.

    static public IContentKey CreateCommonTypeContentKey(IAsset asset)
    {
        // Create common encryption content key
        Guid keyId = Guid.NewGuid();
        byte[] contentKey = GetRandomBuffer(16);

        IContentKey key = _context.ContentKeys.Create(
                                keyId,
                                contentKey,
                                "ContentKey",
                                ContentKeyType.CommonEncryption);

        // Associate the key with the asset.
        asset.ContentKeys.Add(key);

        return key;
    }

    static private byte[] GetRandomBuffer(int length)
    {
        var returnValue = new byte[length];

        using (var rng =
            new System.Security.Cryptography.RNGCryptoServiceProvider())
        {
            rng.GetBytes(returnValue);
        }

        return returnValue;
    }
call

    IContentKey key = CreateCommonTypeContentKey(encryptedsset); 

媒体服务学习路径Media Services learning paths

媒体服务 v3(最新版本)Media Services v3 (latest)

查看最新版本的 Azure 媒体服务!Check out the latest version of Azure Media Services!

媒体服务 v2(旧版)Media Services v2 (legacy)