Updated on 2022-06-08 GMT+08:00

Encryption Description

If you have any questions during development, post them on the Issues page of GitHub.

The following table lists APIs related to server-side encryption:

API Method in OBS C SDK

Description

Supported Encryption Type

Transmission Protocol

put_object

Sets the encryption algorithm and key during object upload to enable server-side encryption.

SSE-KMS

SSE-C

HTTPS

get_object

Sets the decryption algorithm and key during object download to decrypt the object.

SSE-KMS

SSE-C

HTTPS

copy_object

  1. Sets the decryption algorithm and key for decrypting the source object during object copy.
  2. Sets the encryption algorithm and key during object copy to enable the encryption algorithm for the target object.

SSE-KMS

SSE-C

When the target object is a non-encrypted object: HTTP or HTTPS.

HTTPS in other cases.

get_object_metadata

Sets the decryption algorithm and key when obtaining the object metadata to decrypt the object.

SSE-KMS

SSE-C

When the encryption type is SSE-KMS: HTTP or HTTPS.

HTTPS in other cases.

initiate_multi_part_upload

Sets the encryption algorithm and key when initializing a multipart upload to enable server-side encryption for the final object generated.

SSE-KMS

SSE-C

HTTPS

upload_part

Sets the encryption algorithm and key during multipart upload to enable server-side encryption for parts.

SSE-KMS

SSE-C

HTTPS

complete_multi_part_upload

Sets the encryption algorithm and key during part combination to enable server-side encryption after it.

SSE-KMS

SSE-C

HTTP or HTTPS

copy_part

  1. Sets the decryption algorithm and key for decrypting the source object during multipart copy.
  2. Sets the encryption algorithm and key during multipart copy to enable the encryption algorithm for the target part.

SSE-KMS

SSE-C

HTTPS

Parameter Description

The following table describes the encryption and decryption parameters for server_side_encryption_params.

Field

Type

Description

encryption_type

obs_encryption_type

Encryption mode:

OBS_ENCRYPTION_KMS: SE-KMS;

OBS_ENCRYPTION_SSEC: SSE-C

kms_server_side_encryption

char *

Indicates that SSE-KMS is used. Objects are encrypted using SSE-KMS.

kms_key_id

char *

Indicates the master key ID of an encrypted object. This parameter is used in SSE-KMS mode. If the customer does not provide the master key ID, the default master key ID will be used.

ssec_customer_algorithm

char *

Indicates the algorithm used to encrypt an object. The parameter is used in SSE-C mode.

ssec_customer_key

char *

Indicates the key used to encrypt an object. The parameter is used in SSE-C mode.

des_ssec_customer_algorithm

char *

Indicates the algorithm used to decrypt a source object. The parameter is used in SSE-C mode.

des_ssec_customer_key

char *

Indicates the key used to decrypt a source object. The parameter is used in SSE-C mode.