检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Server-Side Encryption (SDK for Python) Function This API configures server-side encryption for objects, so that they will be encrypted or decrypted when you upload them to or download them from a bucket. The encryption and decryption happen on the server side.
Server-Side Encryption (SDK for Go) Function This API configures server-side encryption for objects, so that they will be encrypted or decrypted when you upload them to or download them from a bucket. The encryption and decryption happen on the server side.
that a file needs to be read and encrypted twice during a common upload, but in a resumable upload, a file needs to be read and encrypted three times.
Server-Side Encryption How Do I Access or Download an Encrypted Object? Why Cannot an Authorized Account or User Upload or Download KMS Encrypted Objects? Are Additional Permissions Required When I Share an Object with SSE-OBS Encrypted? Does OBS Support Encrypted Upload?
The following table lists three headers that are added for CopyObject and UploadPart-Copy operations to support source objects encrypted using SSE-C.
After that, the SDK uploads the encrypted object to OBS and then uses the RSA key to encrypt the data key. The encrypted data key and initial value are stored in the object metadata.
If you use code to download the encrypted object, configure the header by referring to Code Example: Downloading an Object Encrypted Using SSE-C. Accessing a server-side encrypted object requires the HTTPS protocol. Parent topic: FAQs (SDK for Java)
After that, the SDK uploads the encrypted object to OBS and then uses the provided RSA key to encrypt the data key. The encrypted data key and initial value are stored in the object metadata. To download this object, you need to provide the corresponding RSA private key.
OBS provides server-side encryption for objects, so that they will be encrypted or decrypted when you upload them to or download them from a bucket. The encryption and decryption happen on the server side. There are different encryption methods for you to choose from.
When you later download these encrypted objects, OBS decrypts them first and then returns them to you. This API returns the encryption configuration of a bucket.
When you later download these encrypted objects, OBS decrypts them first and then returns them to you. This API deletes the encryption configuration of a bucket.
Precautions When server-side encryption is disabled for a bucket, the encrypted objects must be accessed over HTTPS. How to Use You can use OBS Console, APIs, SDKs, or OBS Browser+ to configure server-side encryption.
Are Additional Permissions Required When I Share an Object with SSE-OBS Encrypted? No. SSE-OBS uses a data key derived from the OBS root key to encrypt or decrypt an object. OBS does not need to interact with KMS.
Default value: None SSEAlgorithm string Yes Explanation: Objects are encrypted using server-side SSE-KMS.
Server-Side Encryption Overview You can configure server-side encryption for objects, so that they will be encrypted or decrypted when you upload them to or download them from a bucket. The encryption and decryption happen on the server side.
Why Cannot an Authorized Account or User Upload or Download KMS Encrypted Objects? Before using the server-side encryption of OBS, ensure that the OBS OperateAccess and KMS-related permissions have been granted to the account or user on IAM.
using SSE-KMS Object encrypted using SSE-KMS HTTPS Object encrypted using SSE-OBS Object encrypted using SSE-KMS HTTPS Object encrypted using SSE-C Object encrypted using SSE-KMS HTTPS Non-encrypted object Object encrypted using SSE-C HTTPS Object encrypted using SSE-KMS Object encrypted
Does OBS Support Encrypted Upload? OBS provides server-side encryption function. You can encrypt objects while uploading. Data is encrypted on the server and then stored in OBS.
To access or download an encrypted object, use either of the following methods: Method 1: Access the encrypted object as a user with the KMS CMKFullAccess permission.
The objects to be uploaded can be encrypted using SSE-KMS. You need to create a key using KMS or use the default key provided by KMS. Then you can use the KMS key to perform server-side encryption when uploading objects to OBS.