User Guide - StorageGRID SSE / SSE-C
2 minute read
These instructions describe how you as a plusserver customer can use and test SSE-C and SSE on our StorageGRID. SSE-C means: Server-side encryption with the keys provided by you (SSE-C).
SSE allows you to store an object and encrypt it with a unique key that you provide along with the object. When the object is requested, the same key must be provided to decrypt and return the object
Note for SSE-C
Objects that were uploaded with SSE-C cannot be downloaded via the web interface. This is because the key cannot be specified there. This is therefore returned with a 400 error. However, the file can be retrieved via the S3 client in combination with the encryption key.Note for SSE-C
Meta information is NEVER encrypted. One of the reasons for this is that the object information must be retrievable in terms of encryption etc. This cannot be changed. The encryption of the file is not affected by this. (The meta information can be viewed in Step 3, for example.How to SSE-C
Step 1: Creat a Encryption Key
Example:
Step 2: Store an object with the generated key
Parameter --bucket
is the bucket name to which the PUT action was initiated.
Parameter --key
Object key for which the PUT action was initiated.
Parameter --body
stands for the path to a file.
Example:
Step 3: Display metadata of the object
If the customer key is not supplied, a 404 error warning is returned instead of the object.
Example:
Step 4: Download object again
Example:
How to SSE
Of course, you can do the same without generating a key. StorageGrid can generate this key and import it after correct authentication. Please follow these instructions.
Step 1: Upload an object
Example:
Step 2: display the meta information
Example: