s3gof3r icon indicating copy to clipboard operation
s3gof3r copied to clipboard

Published 20 hours ago verified publisher icon rlmcpherson

pass headers to all http requests for encryption

Open FuzzyWuzzyIsABear opened this issue 10 years ago • 4 comments

If I add the necessary headers for SSE-C ( customer side encryption keys) for uploads to S3 I get the error: 400: "The multipart upload initiate requested encryption. Subsequent part requests must include the appropriate encryption parameters."

It doesn't work with either cp or put commands.

Encryption seems to work if you use the SSE-S3 (x-amz-server-side-encryption) but not with SSE-KMS since it depends on signature v4.

FuzzyWuzzyIsABear avatar Jan 06 '15 21:01 FuzzyWuzzyIsABear

Yes, you're correct on all counts. The customer-side encryption does not work as those headers must be sent with each part whereas all other headers are only sent on "Initiate Multipart Upload". Specific handling for these headers would need to be added.

rlmcpherson avatar Jan 06 '15 22:01 rlmcpherson

Do you have any plans to add support for other encryption methods?

FuzzyWuzzyIsABear avatar Jan 08 '15 04:01 FuzzyWuzzyIsABear

I hope to add v4 signing support but not sure when I'll get to that. I'll probably prioritize that over customer-side encryption support, as the signing may impact how that is implemented. If you want to add support for either feature, pull requests are more than welcome!

rlmcpherson avatar Jan 09 '15 01:01 rlmcpherson

+1

kernel164 avatar Jan 06 '16 18:01 kernel164