Common SSE-C headers
Common headers are available for buckets using Server Side Encryption with Customer-Provided Keys (SSE-C) enabled.
Any request using SSE-C headers must be sent using SSL. Note that ETag values in
response headers are not the MD5 hash of the object, but a randomly generated 32-byte
hexadecimal string. Each version of an object can have a unique customer key. For more information
on how to enable SSE-C, see the Manager Administration Guide.
| Header | Type | Description |
|---|---|---|
x-amz-server-side-encryption-customer-algorithm
|
string | This header is used to specify the algorithm and key size to use with the encryption key
stored in x-amz-server-side-encryption-customer-key header. This value must be set
to the string AES256. |
x-amz-server-side-encryption-customer-key
|
string | This header is used to transport the base 64 encoded byte string representation of the AES 256 key used in the server side encryption process. |
x-amz-server-side-encryption-customer-key-MD5
|
string | This header is used to transport the base64-encoded 128-bit MD5 digest of the encryption key
according to RFC 1321. The object store will use this value to validate the key passes in the
x-amz-server-side-encryption-customer-key has not been corrupted during transport
and encoding process. The digest must be calculated on the key BEFORE the key is base 64
encoded. |