Skip to content

Instantly share code, notes, and snippets.

Andreas Auernhammer aead

Block or report user

Report or block aead

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View KMS-details.md

Client

The S3 client can specify two headers for SSE-KMS:

  • X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id: arn:aws:kms:region:111122223333:key/<32-char keyId>
  • X-Amz-Server-Side-Encryption-Context:
AWS doc Confirmed
key ID is 32 byte string [x]
The encryption context is not stored on S3 [ ]
View mc-sse-cli-interface.md

mc SSE interface

SSE-S3

SSE-S3 requires just setting the header X-Amz-Server-Side-Encryption: AES256. So mc can implement SSE-S3 by just providing a CLI flag: --sse-s3: mc cp your-file S3/bucket/object --sse-s3

SSE-C

SSE-C requires three headers:

@aead
aead / S3-SSE.md
Last active Mar 16, 2018
AWS S3 server side encryption
View S3-SSE.md

Server-Side-Encryption

AWS S3 offers three different types of server-side encryption (SSE):

  • Server-Side-Encryption (at rest) a.k.a SSE-S3
  • Server-Side-Encryption using a KMS a.k.a SSE-KMS
  • Server-Side-Encryption with customer keys a.k.a SSE-C

1. Server-Side-Encryption (SSE-S3)

You can’t perform that action at this time.