sObject - SSE (Server Side Encryption) Guide
Publisher: Psychz Networks, August 06,2024Server-Side Encryption with Customer-Provided Keys on Psychz Object Storage Server-side encryption (SSE) ensures that data stored on Psychz Object Storage is secured by encrypting it at the object level before storing it on disk. When using your encryption key (SSE-C), Psychz will encrypt your data before storing it and only decrypt it when the same encryption key is provided with the retrieval request. Example of Encryption and Decryption of Files with Customer-Provided Keys
Prerequisites
- An active Psychz Object Storage account.
- AWS CLI is installed and configured on your system.
- OpenSSL is installed on your system.
Generate an Encryption Key
First, you need to generate a 32-character hexadecimal encryption key. You can use OpenSSL to do this:
openssl rand -hex 16 > ssec.keyThis command generates a random 32-character key and saves it to a file named ssec.key.
Verify the Generated Key
You can verify the generated key by displaying its contents:
cat ssec.keyExample output:
Encrypt and Upload Your File
To encrypt and upload your file to Psychz Object Storage using the customer-provided encryption key, use the following command:
aws s3 --endpoint-url https://sobject.uswest1.psychz.net cp /path/to/your/file s3://<bucket_name>/your_file --sse-c AES256 --sse-c-key $(cat ssec.key)Replace /path/to/your/file with the path to your file and <bucket_name>/your_file with your bucket name and desired file name in the bucket.
Example:
aws s3 --endpoint-url https://sobject.uswest1.psychz.net cp /home/example/test.file s3://my-bucket/test.file --sse-c AES256 --sse-c-key 40e212e376600be7c3b6ba1d28060af4Decrypt and Download Your File
To decrypt and download your file from Psychz Object Storage, use the following command:
aws s3 --endpoint-url https://sobject.uswest1.psychz.net cp s3://<bucket_name>/your_file /path/to/download/your_file --sse-c AES256 --sse-c-key $(cat ssec.key)Replace <bucket_name>/your_file with your bucket name and file name, and /path/to/download/your_file with the path where you want to save the downloaded file.
Example:
aws s3 --endpoint-url https://sobject.uswest1.psychz.net cp s3://my-bucket/test.file/home/example/test.file --sse-c AES256 --sse-c-key 40e212e376600be7c3b6ba1d28060af4Conclusion
Following these steps, you can securely encrypt your data on Psychz Object Storage using your encryption key. This ensures your sensitive data remains protected and can only be accessed with the correct encryption key.