[
https://issues.apache.org/jira/browse/JCLOUDS-533?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14350277#comment-14350277
]
Christian Schröder edited comment on JCLOUDS-533 at 3/6/15 12:37 PM:
---------------------------------------------------------------------
server side encryption interacts not at all with user-provided encryption keys.
The user provided encryption keys feature is only implemented in the AWS client
SDKs. It could even be combined with each other.
User provided encryption keys could even be a blobstore-generic feature which
works for all blobstores (which treat data as opaque).
In short it works by encrypting it locally with a freshly generated key
(derived from a local-key) and adding some pieces of user metadata to recreate
the key later.
UPDATE: i was mistaken... there is a feature called SSE-C where you put the
key, key-md5 and algorithm in the request headers and amazon does it's magic on
the server side and they say they do not store the keys.
http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
was (Author: squiddle):
server side encryption interacts not at all with user-provided encryption keys.
The user provided encryption keys feature is only implemented in the AWS client
SDKs. It could even be combined with each other.
User provided encryption keys could even be a blobstore-generic feature which
works for all blobstores (which treat data as opaque).
In short it works by encrypting it locally with a freshly generated key
(derived from a local-key) and adding some pieces of user metadata to recreate
the key later.
> Add support for S3 server-side encryption
> -----------------------------------------
>
> Key: JCLOUDS-533
> URL: https://issues.apache.org/jira/browse/JCLOUDS-533
> Project: jclouds
> Issue Type: Improvement
> Components: jclouds-blobstore
> Affects Versions: 1.7.1
> Reporter: Andrew Gaul
> Labels: aws-s3
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
