Updated on 2023-03-16 GMT+08:00

Encryption Description

If you have any questions during development, post them on the Issues page of GitHub. For details about parameters and usage of each API, see API Reference.

The following table lists APIs related to server-side encryption:

Method in OBS PHP SDK

Description

Supported Encryption Type

ObsClient->putObject

ObsClient->putObjectAsync

Sets the encryption algorithm and key during object upload to enable server-side encryption.

SSE-KMS

SSE-C

ObsClient->getObject

ObsClient->getObjectAsync

Sets the decryption algorithm and key during object download to decrypt the object.

SSE-C

ObsClient->copyObject

ObsClient->copyObjectAsync

  1. Sets the decryption algorithm and key for decrypting the source object during object copy.
  2. Sets the encryption algorithm and key during object copy to enable the encryption algorithm for the target object.

SSE-KMS

SSE-C

ObsClient->getObjectMetadata

ObsClient->getObjectMetadataAsync

Sets the decryption algorithm and key when obtaining the object metadata to decrypt the object.

SSE-C

ObsClient->initiateMultipartUpload

ObsClient->initiateMultipartUploadAsync

Sets the encryption algorithm and key when initializing a multipart upload to enable server-side encryption for the final object generated.

SSE-KMS

SSE-C

ObsClient->uploadPart

ObsClient->uploadPartAsync

Sets the encryption algorithm and key during multipart upload to enable server-side encryption for parts.

SSE-C

ObsClient->copyPart

ObsClient->copyPartAsync

  1. Sets the decryption algorithm and key for decrypting the source object during multipart copy.
  2. Sets the encryption algorithm and key during multipart copy to enable the encryption algorithm for the target part.

SSE-C

OBS PHP SDK supports the following two types of encryption/decryption mode:

Encryption/Decryption Type

Request Parameter

Description

SSE-KMS

SseKms

Indicates that SSE-KMS mode is used. Currently, only kms is supported.

SseKmsKey

Indicates the master key used in SSE-KMS mode. The value can be null.

SSE-C

SseC

Indicates that SSE-C mode is used. Currently, only AES256 is supported.

SseCKey

Indicates the key in SSE-C mode. It is calculated using the AES256 algorithm. This parameter can be used to encrypt an object to be uploaded and decrypt an object to be downloaded.

CopySourceSseC

Indicates the algorithm used to decrypt the source object in SSE-C mode. Currently, only AES256 is supported. This parameter is applicable to ObsClient->copyObject, ObsClient->copyObjectAsync, ObsClient->copyPart and ObsClient->copyPartAsync.

CopySourceSseCKey

Indicates the key used to decrypt the source object in SSE-C mode. It is calculated using the AES256 algorithm. This parameter is applicable to ObsClient->copyObject, ObsClient->copyObjectAsync, ObsClient->copyPart and ObsClient->copyPartAsync.