How to use
- Tran Khanh Ngoc
Using server-side encryption with customer-provided encryption keys (SSE-C - Server-Side Encryption with Customer Keys) allows you to specify your own encryption keys.
When you download an object, HI GIO S3 uses the encryption key provided by the customer to apply AES-256 encryption to the data.
Whilte checking an Object, the client must provide the same encryption key as part of its request. Firstly, HI GIO S3 will check that the encryption key the client provided matches, then decrypt the Object before returning the data to you.
When using SSE-C, you must provide encryption key information using the following request headers:
Name | Description |
|---|---|
--sse​-customer-algorithm | Use this header to specify the encryption algorithm. The header value must be AES256. |
--sse-customer-key | Use this header to provide a 256-bit, base64-encoded encryption key for HI GIO S3 to encrypt and decrypt data |
--sse​-customer-key-md5 (Optional) | Use this header to provide a base64-encoded 128-bit MD5 digest of the encryption key per RFC 1321. S3 uses this header to check the integrity of the message to ensure that the encryption key was transmitted without error. |