Server-Side Encryption Overview
You can configure server-side encryption for objects, so that they will be encrypted or decrypted when you upload them to or download them from a bucket.
The encryption and decryption happen on the server side.
The encryption methods provided include SSE-KMS, SSE-OBS, and SSE-C. All of them use the AES-256 algorithm.
With SSE-KMS, OBS uses the keys provided by KMS for server-side encryption. You can create custom keys on KMS to encrypt your objects.
With SSE-OBS, OBS uses the keys provided by itself for server-side encryption. Unlike SSE-KMS where KMS manages keys, in SSE-OBS, OBS manages keys.
With SSE-C, OBS uses the keys and MD5 values provided by customers for server-side encryption.
When server-side encryption is used, the returned ETag value is not the object's MD5 value. OBS will verify the object's MD5 value as long as the upload request includes the Content-MD5 header, no matter whether server-side encryption is used or not.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
