我想提供presigned网址到我的S3桶与失效日期。 在.NET SDK很好地产生这些URL，但看着他们让我有点担心：

https://s3.amazonaws.com/upload_youtipit/myfile?AWSAccessKeyId=**MYACCESSKEY**&Expires=1317924047&response-content-disposition=attachment;filename=feedback.jpg&response-content-type=image/jpeg&Signature=podKJSrNeFel6%2B0aOneb342H5GA%3D

为什么它需要把我（公）AWSAccessKey的网址是什么？如果不是这个保持一点秘密？我知道它不是秘密，但我还是不放心将其暴露在公众..

如何可能性有，人谁拥有我的公钥，可以猜到/暴力破解我的私人密钥？

解决方案

的访问密钥ID已经不是什么秘密，也不需要保护。

其实，你可以给到期的URL随机的陌生人，如果你想让他们访问的S3对象。他们可以看到在该网址的访问键，但重要的是你有没有授权不能做任何事情。

参考：http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#AccessKeys

I want to offer presigned urls to my s3 buckets with an expiry date. The .net sdk nicely generates these urls, but looking at them makes me worry a little:

https://s3.amazonaws.com/upload_youtipit/myfile?AWSAccessKeyId=**MYACCESSKEY**&Expires=1317924047&response-content-disposition=attachment;filename=feedback.jpg&response-content-type=image/jpeg&Signature=podKJSrNeFel6%2B0aOneb342H5GA%3D

Why does it need to put my (public) AWSAccessKey in the Url? Shouldn't this be kept a bit more confidential? I know its not the secret, but I still don't feel comfortable exposing it in public..

How likely is it that, somebody who has my public key, can guess/bruteforce my private key?

解决方案

The Access Key ID is not a secret and does not need protecting.

In fact, you can give expiring URLs to random strangers if you want them to access an S3 object. They can see the access key in that URL, but can't do anything with it that you have not authorized.

reference: http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#AccessKeys