Overview of Server-Side Encryption APIs
You can use APIs to configure encryption for existing buckets, as well as obtain and delete encryption configuration of existing buckets. For details, see Configuring Bucket Encryption, Obtaining Bucket Encryption Configuration, and Deleting the Encryption Configuration of a Bucket.
You can also configure encryption in the APIs for creating a bucket, uploading, downloading, and copying an object, as well as uploading an object in a multipart upload. The following table lists these APIs and parameters involved.
Type |
Header |
Description |
||||
---|---|---|---|---|---|---|
Request header |
x-obs-server-side-encryption |
Specifies the encryption method. |
kms: SSE-KMS is used for encryption. obs: SSE-OBS is used for encryption. |
kms: SSE-KMS is used for encryption. AES256: SSE-OBS and the AES-256 algorithm are used. |
- |
|
x-obs-server-side-data-encryption |
Specifies the algorithm for SSE-KMS. |
AES256: The AES-256 algorithm is used. SM4: The SM4 algorithm is used. |
If this header is not included, the AES-256 algorithm is used. SM4: The SM4 algorithm is used. |
- |
||
x-obs-server-side-encryption-kms-key-id |
Specifies the ID of the KMS CMK when SSE-KMS is used. |
Key ID |
Key ID |
Key ID |
- |
|
x-obs-sse-kms-key-project-id |
Specifies the ID of the project to which the KMS CMK belongs when SSE-KMS is used. |
Project ID |
- |
- |
- |
|
x-obs-server-side-encryption-customer-algorithm |
Specifies the algorithm for SSE-C. |
- |
AES256: SSE-C and the AES-256 algorithm are used. |
|||
x-obs-server-side-encryption-customer-key |
Specifies the plaintext key encoded in Base64 when SSE-C is used. |
- |
The plaintext key encoded in Base64 |
|||
x-obs-server-side-encryption-customer-key-MD5 |
Specifies the MD5 value of the key when SSE-C is used. |
- |
The Base64-encoded MD5 value of the key |
|||
x-obs-copy-source-server-side-encryption-customer-algorithm |
Specifies the algorithm for object copies when SSE-C is used. |
- |
- |
- |
- |
|
x-obs-copy-source-server-side-encryption-customer-key |
Specifies the Base64-encoded key for object copies when SSE-C is used. |
- |
- |
- |
- |
|
x-obs-copy-source-server-side-encryption-customer-key-MD5 |
Specifies the MD5 value of the key used for object copies when SSE-C is used. |
- |
- |
- |
- |
|
Response header |
x-obs-server-side-encryption |
Specifies the encryption method. |
kms: SSE-KMS is used for encryption. obs: SSE-OBS is used for encryption. |
kms: SSE-KMS is used for encryption. AES256: SSE-OBS and the AES-256 algorithm are used. |
||
x-obs-server-side-data-encryption |
Specifies the algorithm for SSE-KMS. |
AES256: The AES-256 algorithm is used. SM4: The SM4 algorithm is used. |
If this header is not included, the AES-256 algorithm is used. SM4: The SM4 algorithm is used. |
|||
x-obs-server-side-encryption-kms-key-id |
Specifies the ID of the KMS CMK when SSE-KMS is used. |
The key ID is returned only for custom keys. |
The key ID is returned for both default keys and custom keys. |
|||
x-obs-sse-kms-key-project-id |
Specifies the ID of the project to which the KMS CMK belongs when SSE-KMS is used. |
The project ID is returned only for custom keys. |
||||
x-obs-server-side-encryption-customer-algorithm |
Specifies the algorithm for SSE-C. |
- |
AES256: SSE-C and the AES-256 algorithm are used. |
|||
x-obs-server-side-encryption-customer-key-MD5 |
Specifies the Base64-encoded MD5 value of the key when SSE-C is used. |
- |
The Base64-encoded MD5 value of the key |
Type |
Header |
Description |
|||||
---|---|---|---|---|---|---|---|
Request header |
x-obs-server-side-encryption |
Specifies the encryption method. |
kms: SSE-KMS is used for encryption. AES256: SSE-OBS and the AES-256 algorithm are used. |
- |
- |
- |
|
x-obs-server-side-data-encryption |
Specifies the algorithm for SSE-KMS. |
AES256: The AES-256 algorithm is used. SM4: The SM4 algorithm is used. |
- |
- |
- |
||
x-obs-server-side-encryption-kms-key-id |
Specifies the ID of the KMS CMK when SSE-KMS is used. |
Key ID |
- |
- |
- |
||
x-obs-sse-kms-key-project-id |
Specifies the ID of the project to which the KMS CMK belongs when SSE-KMS is used. |
- |
- |
- |
- |
- |
|
x-obs-server-side-encryption-customer-algorithm |
Specifies the algorithm for SSE-C. |
AES256: SSE-C and the AES-256 algorithm are used. |
- |
||||
x-obs-server-side-encryption-customer-key |
Specifies the plaintext key encoded in Base64 when SSE-C is used. |
The plaintext key encoded in Base64 |
- |
||||
x-obs-server-side-encryption-customer-key-MD5 |
Specifies the MD5 value of the key when SSE-C is used. |
The Base64-encoded MD5 value of the key |
- |
||||
x-obs-copy-source-server-side-encryption-customer-algorithm |
Specifies the algorithm for object copies when SSE-C is used. |
AES256: The target object copy is encrypted using SSE-C and the AES-256 algorithm. |
- |
- |
AES256: The target object copy is encrypted using SSE-C and the AES-256 algorithm. |
- |
|
x-obs-copy-source-server-side-encryption-customer-key |
Specifies the Base64-encoded key for object copies when SSE-C is used. |
The plaintext key encoded in Base64 |
- |
- |
The plaintext key encoded in Base64 |
- |
|
x-obs-copy-source-server-side-encryption-customer-key-MD5 |
Specifies the Base64-encoded MD5 value of the key used for object copies when SSE-C is used. |
The Base64-encoded MD5 value of the key |
- |
- |
The Base64-encoded MD5 value of the key |
- |
|
Response header |
x-obs-server-side-encryption |
Specifies the encryption method. |
kms: SSE-KMS is used for encryption. AES256: SSE-OBS and the AES-256 algorithm are used. |
||||
x-obs-server-side-data-encryption |
Specifies the algorithm for SSE-KMS. |
- |
- |
- |
- |
- |
|
x-obs-server-side-encryption-kms-key-id |
Specifies the ID of the KMS CMK when SSE-KMS is used. |
Key ID |
|||||
x-obs-sse-kms-key-project-id |
Specifies the ID of the project to which the KMS CMK belongs when SSE-KMS is used. |
The project ID is returned only for custom keys. |
|||||
x-obs-server-side-encryption-customer-algorithm |
Specifies the algorithm for SSE-C. |
AES256: SSE-C and the AES-256 algorithm are used. |
|||||
x-obs-server-side-encryption-customer-key-MD5 |
Specifies the Base64-encoded MD5 value of the key when SSE-C is used. |
The Base64-encoded MD5 value of the key |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot