JetS3t and Server Side Encryption with Customer-Provided Keys

Question

I'm exploring an option to store encrypted data to S3. My backend is build with Java and I'm already using JetS3t library for some simple S3 storage manipulations. So, my question is: How to use JetS3t with S3's Server Side Encryption with customer-provided keys (SSE-C) to store files in encrypted format on S3?

I tried to look through the Programmer's Guid for JetS3t but didn't find anything concrete in that regards.

Answer 1

According to the docs here http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html, you need to add the following headers in your request:

• x-amz-server-side​-encryption​-customer-algorithm Use this header to specify the encryption algorithm. The header value must be "AES256".
• x-amz-server-side​-encryption​-customer-key Use this header to provide the 256-bit, base64-encoded encryption key for Amazon S3 to use to encrypt or decrypt your data.
• x-amz-server-side​-encryption​-customer-key-MD5 Use this header to provide the base64-encoded 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure the encryption key was transmitted without error.

If you use the Amazon Java SDK, doing this is easy and examples are provided in their documentation. But to do so using JetS3t, you can do the following:

Assuming s3Object is the object you are trying to put on S3, call the following for each of the above mentioned headers with appropriate values.

• s3Object.addMetadata("<header>", "<header_value>")