vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/obs/api-ref/obs_04_0107.html
zhangyue d5b1108742 OBS API DOC 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: zhangyue <zhangyue164@huawei.com>
Co-committed-by: zhangyue <zhangyue164@huawei.com>
2023-10-16 12:27:49 +00:00

209 lines
16 KiB
HTML
Raw Blame History

<a name="obs_04_0107"></a><a name="obs_04_0107"></a>
<h1 class="topictitle1">Server-Side Encryption (SSE-C)</h1>
<div id="body5487110"><div class="section" id="obs_04_0107__section104215161210"><h4 class="sectiontitle">Functions</h4><p id="obs_04_0107__p11402161614125">With SSE-C used, OBS uses the keys and MD5 values provided by customers for server-side encryption.</p>
</div>
<div class="section" id="obs_04_0107__section794711344129"><h4 class="sectiontitle">Newly Added Headers</h4><p id="obs_04_0107__p2032793616129">OBS does not store your encryption keys. If you lost them, you lost the objects. Six headers are added to support SSE-C.</p>
</div>
<p class="msonormal" id="obs_04_0107__p55688526">The following table lists headers that are required when you use SSE-C to encrypt objects.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_04_0107__table101231237144214" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Header fields used for encrypting objects in SSE-C mode</caption><thead align="left"><tr id="obs_04_0107__row0125153764211"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.2.3.1.1"><p id="obs_04_0107__p171250379427">Element</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.4.2.3.1.2"><p id="obs_04_0107__p5125193718420">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_04_0107__row1412573764215"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.3.1.1 "><p id="obs_04_0107__p18431172634319"><span style="color:#252B3A;">x-obs-server-side-encryption-customer-algorithm</span></p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.3.1.2 "><p id="obs_04_0107__p1843282614431">Indicates an encryption algorithm. The header is used in SSE-C mode.</p>
<p id="obs_04_0107__p1143292694311">Example: <strong id="obs_04_0107__b42741427172913">x-obs-server-side-encryption-customer-algorithm: AES256</strong></p>
</td>
</tr>
<tr id="obs_04_0107__row1112515375428"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.3.1.1 "><p id="obs_04_0107__p143416261434">x-obs-server-side-encryption-customer-key</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.3.1.2 "><p id="obs_04_0107__p104351326134318">Indicates the key used to encrypt objects in SSE-C mode. The header value is a Base64-encoded 256-bit key.</p>
<p id="obs_04_0107__p16437132617435">Example: <strong id="obs_04_0107__b1979622744312">x-obs-server-side-encryption-customer-key:K7QkYpBkM5+hca27fsNkUnNVaobncnLht/rCB2o/9Cw=</strong></p>
</td>
</tr>
<tr id="obs_04_0107__row151254372427"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.3.1.1 "><p id="obs_04_0107__p1944018267432">x-obs-server-side-encryption-customer-key-MD5</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.4.2.3.1.2 "><p id="obs_04_0107__p144252654312">Indicates the MD5 value of the key used to encrypt an object. The header is used in SSE-C mode. The value of the element is an MD5 Base64-encoded hash. The MD5 value is used to check whether any error occurs during the transmission of the key. </p>
<p id="obs_04_0107__p10442192613436">Example: <strong id="obs_04_0107__b18505193334317">x-obs-server-side-encryption-customer-key-MD5:4XvB3tbNTN+tIEVa0/fGaQ==</strong></p>
</td>
</tr>
</tbody>
</table>
</div>
<p id="obs_04_0107__p6362428134419">APIs where the newly added headers apply:</p>
<ul id="obs_04_0107__ul1563754118444"><li id="obs_04_0107__li46378412449"><a href="obs_04_0080.html">Uploading Objects - PUT</a></li><li id="obs_04_0107__li1646715124417"><a href="obs_04_0081.html">Uploading Objects - POST</a></li><li id="obs_04_0107__li15218125816445"><a href="obs_04_0082.html">Copying Objects</a>: The newly added headers apply to object copies.</li><li id="obs_04_0107__li7792152194516"><a href="obs_04_0084.html">Querying Object Metadata</a></li><li id="obs_04_0107__li837386144510"><a href="obs_04_0083.html">Downloading Objects</a></li><li id="obs_04_0107__li12306141014454"><a href="obs_04_0098.html">Initiating a Multipart Upload</a></li><li id="obs_04_0107__li16197613164519"><a href="obs_04_0099.html">Uploading Parts</a></li><li id="obs_04_0107__li89832195451"><a href="obs_04_0100.html">Copying Parts</a>: The newly added headers apply to target parts.</li></ul>
<p id="obs_04_0107__p8384173917455"></p>
<p class="msonormal" id="obs_04_0107__p63181975">The following table lists three headers that are added for CopyObject and UploadPart-Copy operations to support source objects encrypted using SSE-C.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="obs_04_0107__table2106157194518" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Header fields for source objects encrypted by the SSE-C</caption><thead align="left"><tr id="obs_04_0107__row8106195715458"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.9.2.3.1.1"><p id="obs_04_0107__p20106155754514">Element</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.9.2.3.1.2"><p id="obs_04_0107__p8106135734511">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_04_0107__row1910720576459"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.9.2.3.1.1 "><p id="obs_04_0107__p1569686">x-obs-copy-source-server-side-encryption-customer-algorithm</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.9.2.3.1.2 "><p id="obs_04_0107__p60035769">Indicates the algorithm used to decrypt a source object. The header is used in SSE-C mode. </p>
<p id="obs_04_0107__p3451011">Example: <strong id="obs_04_0107__b15133740114318">x-obs-server-side-encryption-customer-algorithm: AES256</strong></p>
</td>
</tr>
<tr id="obs_04_0107__row510705704518"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.9.2.3.1.1 "><p id="obs_04_0107__p32759143">x-obs-copy-source-server-side-encryption-customer-key</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.9.2.3.1.2 "><p id="obs_04_0107__p36244931">Indicates the key used to decrypt a source object. The header is used in SSE-C mode.</p>
<p id="obs_04_0107__p57768927">Example: <strong id="obs_04_0107__b137501344154318">x-obs-copy-source-server-side-encryption-customer-algorithm: K7QkYpBkM5+hca27fsNkUnNVaobncnLht/rCB2o/9Cw=</strong></p>
</td>
</tr>
<tr id="obs_04_0107__row16107185794515"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.9.2.3.1.1 "><p id="obs_04_0107__p36290124">x-obs-copy-source-server-side-encryption-customer-key-MD5</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.9.2.3.1.2 "><p id="obs_04_0107__p53818954">Indicates the MD5 value of the key used to decrypt a source object. The header is used in SSE-C mode. The MD5 value is used to check whether any error occurs during the transmission of the key. </p>
<p id="obs_04_0107__p14608539">Example: <strong id="obs_04_0107__b15976353124315">x-obs-copy-source-server-side-encryption-customer-key:4XvB3tbNTN+tIEVa0/fGaQ==</strong></p>
</td>
</tr>
</tbody>
</table>
</div>
<div class="section" id="obs_04_0107__section151461344181918"><h4 class="sectiontitle">Sample Request: Uploading an Object Encrypted with SSE-C</h4><div class="codecoloring" codetype="Xml" id="obs_04_0107__screen645110482196"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span></pre></div></td><td class="code"><div><pre><span></span>PUT<span class="w"> </span>/encryp2<span class="w"> </span>HTTP/1.1
User-Agent:<span class="w"> </span>curl/7.29.0
Host:<span class="w"> </span>examplebucket.obs.region.example.com
Accept:<span class="w"> </span>*/*
Date:<span class="w"> </span>Wed,<span class="w"> </span>06<span class="w"> </span>Jun<span class="w"> </span>2018<span class="w"> </span>09:12:00<span class="w"> </span>GMT
Authorization:<span class="w"> </span>OBS<span class="w"> </span>H4IPJX0TQTHTHEBQQCEC:mZSfafoM+llApk0HGOThlqeccu0=
x-obs-server-side-encryption-customer-algorithm:AES256
x-obs-server-side-encryption-customer-key:K7QkYpBkM5+hca27fsNkUnNVaobncnLht/rCB2o/9Cw=
x-obs-server-side-encryption-customer-key-MD5:4XvB3tbNTN+tIEVa0/fGaQ==
Content-Length:<span class="w"> </span>5242
[5242<span class="w"> </span>Byte<span class="w"> </span>object<span class="w"> </span>contents]
</pre></div></td></tr></table></div>
</div>
</div>
<div class="section" id="obs_04_0107__section039121783514"><h4 class="sectiontitle">Sample Response: Uploading an Object Encrypted with SSE-C</h4><div class="codecoloring" codetype="Xml" id="obs_04_0107__screen152782032153511"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span>
<span class="normal">8</span>
<span class="normal">9</span></pre></div></td><td class="code"><div><pre><span></span>HTTP/1.1<span class="w"> </span>200<span class="w"> </span>OK
Server:<span class="w"> </span>OBS
x-obs-request-id:<span class="w"> </span>8DF400000163D45E0017055619BD02B8
ETag:<span class="w"> </span>&quot;0f91242c7f3d86f98ae572a686d0696e&quot;
x-obs-server-side-encryption-customer-algorithm:<span class="w"> </span>AES256
x-obs-server-side-encryption-customer-key-MD5:<span class="w"> </span>4XvB3tbNTN+tIEVa0/fGaQ==
x-obs-id-2:<span class="w"> </span>32AAAUgAIAABAAAQAAEAABAAAQAAEAABCSSAJ8bTNJV0X+Ote1PtuWecqyMh6zBJ
Date:<span class="w"> </span>Wed,<span class="w"> </span>06<span class="w"> </span>Jun<span class="w"> </span>2018<span class="w"> </span>09:12:00<span class="w"> </span>GMT
Content-Length:<span class="w"> </span>0
</pre></div></td></tr></table></div>
</div>
</div>
<div class="section" id="obs_04_0107__section3959940113518"><h4 class="sectiontitle">Sample Request: Copying an SSE-C Encrypted Object and Saving It as a KMS Encrypted Object</h4><div class="codecoloring" codetype="Xml" id="obs_04_0107__screen1272175813510"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span></pre></div></td><td class="code"><div><pre><span></span>PUT<span class="w"> </span>/kmsobject<span class="w"> </span>HTTP/1.1
User-Agent:<span class="w"> </span>curl/7.29.0
Host:<span class="w"> </span>examplebucket.obs.region.example.com
Accept:<span class="w"> </span>*/*
Date:<span class="w"> </span>Wed,<span class="w"> </span>06<span class="w"> </span>Jun<span class="w"> </span>2018<span class="w"> </span>09:20:10<span class="w"> </span>GMT
Authorization:<span class="w"> </span>OBS<span class="w"> </span>H4IPJX0TQTHTHEBQQCEC:mZSfafoM+llApk0HGOThlqeccu0=
x-obs-copy-source-server-side-encryption-customer-algorithm:AES256
x-obs-copy-source-server-side-encryption-customer-key:K7QkYpBkM5+hca27fsNkUnNVaobncnLht/rCB2o/9Cw=
x-obs-copy-source-server-side-encryption-customer-key-MD5:4XvB3tbNTN+tIEVa0/fGaQ==
x-obs-server-side-encryption:<span class="w"> </span>kms
x-obs-copy-source:<span class="w"> </span>/examplebucket/encryp2
Content-Length:<span class="w"> </span>5242
[5242<span class="w"> </span>Byte<span class="w"> </span>object<span class="w"> </span>contents]
</pre></div></td></tr></table></div>
</div>
</div>
<div class="section" id="obs_04_0107__section1589193223912"><h4 class="sectiontitle">Sample Response: Copying an SSE-C Encrypted Object and Saving It as a KMS Encrypted Object</h4><div class="codecoloring" codetype="Xml" id="obs_04_0107__screen155121223417"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span>
<span class="normal">8</span>
<span class="normal">9</span></pre></div></td><td class="code"><div><pre><span></span>HTTP/1.1<span class="w"> </span>200<span class="w"> </span>OK
Server:<span class="w"> </span>OBS
x-obs-request-id:<span class="w"> </span>BB7800000164848E0FC70528B9D92C41
ETag:<span class="w"> </span>&quot;1072e1b96b47d7ec859710068aa70d57&quot;
x-obs-server-side-encryption:<span class="w"> </span>kms
x-obs-server-side-encryption-kms-key-id:<span class="w"> </span>region:783fc6652cf246c096ea836694f71855:key/522d6070-5ad3-4765-9737-9312ddc72cdb
x-obs-id-2:<span class="w"> </span>32AAAUJAIAABAAAQAAEAABAAAQAAEAABCTkkRzQXs9ECzZcavVRncBqqYNkoAEsr
Date:<span class="w"> </span>Wed,<span class="w"> </span>06<span class="w"> </span>Jun<span class="w"> </span>2018<span class="w"> </span>09:20:10<span class="w"> </span>GMT
Content-Length:<span class="w"> </span>0
</pre></div></td></tr></table></div>
</div>
</div>
<div class="section" id="obs_04_0107__section13241145493917"><h4 class="sectiontitle">Sample Request: Uploading an SSE-C Encrypted Object Using a Signed URL</h4><pre class="screen" id="obs_04_0107__screen28009915407">PUT /encrypobject?AccessKeyId=H4IPJX0TQTHTHEBQQCEC&amp;Expires=1532688887&amp;Signature=EQmDuOhaLUrzrzRNZxwS72CXeXM%3D HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.<em id="obs_04_0107__i883312340299">region</em>.example.com
Accept: */*
x-obs-server-side-encryption-customer-algorithm: AES256
x-obs-server-side-encryption-customer-key:K7QkYpBkM5+hca27fsNkUnNVaobncnLht/rCB2o/9Cw=
x-obs-server-side-encryption-customer-key-MD5:4XvB3tbNTN+tIEVa0/fGaQ==
Content-Length: 5242
Expect: 100-continue
<em id="obs_04_0107__i3949109132311">[5242 Byte object contents]</em></pre>
</div>
<div class="section" id="obs_04_0107__section1990581416405"><h4 class="sectiontitle">Sample Response: Uploading an SSE-C Encrypted Object Using a Signed URL</h4><div class="codecoloring" codetype="Xml" id="obs_04_0107__screen13874591790"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span>
<span class="normal">4</span>
<span class="normal">5</span>
<span class="normal">6</span>
<span class="normal">7</span>
<span class="normal">8</span>
<span class="normal">9</span></pre></div></td><td class="code"><div><pre><span></span>HTTP/1.1<span class="w"> </span>100<span class="w"> </span>Continue
HTTP/1.1<span class="w"> </span>200<span class="w"> </span>OK
Server:<span class="w"> </span>OBS
x-obs-request-id:<span class="w"> </span>804F00000164DB5E5B7FB908D3BA8E00
ETag:<span class="w"> </span>&quot;1072e1b96b47d7ec859710068aa70d57&quot;
x-obs-server-side-encryption-customer-algorithm:<span class="w"> </span>AES256
x-obs-server-side-encryption-customer-key-MD5:<span class="w"> </span>4XvB3tbNTN+tIEVa0/fGaQ==
x-obs-id-2:<span class="w"> </span>32AAAUJAIAABAAAQAAEAABAAAQAAEAABCTlpxILjhVK/heKOWIP8Wn2IWmQoerfw
Content-Length:<span class="w"> </span>0
</pre></div></td></tr></table></div>
</div>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_04_0104.html">Server-Side Encryption</a></div>
</div>
</div>
View Git Blame Copy Permalink