SSE-C

In SSE-C mode, OBS uses the keys and MD5 values provided by customers for server-side encryption.

OBS does not store your encryption keys. If you lost your encryption keys, you lost the objects. Six headers are added to support SSE-C.

The following table lists headers that are required when you use SSE-C to encrypt objects.

x-amz-server-side-encryption-customer-algorithm

Indicates an encryption algorithm. The header is used in SSE-C mode.

Example: x-amz-server-side-encryption-customer-algorithm:AES256

x-amz-server-side-encryption-customer-key

Indicates the algorithm used to encrypt an object. The header is used in SSE-C mode.

Example:

x-amz-server-side-encryption-customer-key:K7QkYpBkM5+hcs27fsNkUnNVaobncnLht/rCB2o/9Cw=

x-amz-server-side-encryption-customer-key-MD5

Indicates the key used to encrypt an object. The header is used in SSE-C mode. Indicates the MD5 value of the key used to encrypt an object. The MD5 value is used to check whether any error occurs during the transmission of the key.

Example:

x-amz-server-side-encryption-customer-key-MD5:4XvB3tbNTN+tIEVa0/fGaQ==

Table 1 Interfaces to which the newly added headers apply

Interfaces

PUT Object

POST Object

PUT Object - Copy (the newly added headers apply to target objects)

GET Object Metadata

GET Object

Initiate Multipart Upload

Upload Part

Upload Part - Copy (the newly added headers apply to target parts)

The following table lists three headers that are added for PUT Object - Copy and Upload Part - Copy interfaces to support source objects encrypted using SSE-C.

x-amz-copy-source-server-side-encryption-customer-algorithm

Indicates the algorithm used to decrypt a source object. The header is used in SSE-C mode.

Example: x-amz-server-side-encryption-customer-algorithm:AES256

x-amz-copy-source-server-side-encryption-customer-key

Indicates the key used to decrypt a source object. The header is used in SSE-C mode.

Example: x-amz-copy-source-server-side-encryption-customer-algorithm:K7QkYpBkM5+hcs27fsNkUnNVaobncnLht/rCB2o/9Cw=

x-amz-copy-source-server-side-encryption-customer-key-MD5

Indicates the MD5 value of the key used to decrypt a source object. The header is used in SSE-C mode. The MD5 value is used to check whether any error occurs during the transmission of the key.

Example:

x-amz-copy-source-server-side-encryption-customer-key-MD5:4XvB3tbNTN+tIEVa0/fGaQ==

Registration