search

confluentinc / kafka-connect-storage-cloud

Kafka Connect suite of connectors for Cloud storage (Amazon S3)
Other
13 stars 329 forks source link

Error while using SSE-C on AWS #389

Open Koisell opened 3 years ago

Koisell commented 3 years ago

Version: 5.5.3 While configuring SSE-C I faced the following error com.amazonaws.services.s3.model.AmazonS3Exception: Server Side Encryption with Customer provided key is incompatible with the encryption method specified. After some investigation, it appears to reproduce the error described by mcsio in this post (5th message). Here are some DEBUG logs I got:

Jan 26 17:55:04 db1 connect-standalone.sh[27930]: [2021-01-26 17:55:04,563] DEBUG http-outgoing-12 >> "x-amz-server-side-encryption: AES256[\r][\n]" (org.apache.http.wire:73)
Jan 26 17:55:04 db1 connect-standalone.sh[27930]: [2021-01-26 17:55:04,563] DEBUG http-outgoing-12 >> "x-amz-server-side-encryption-customer-algorithm: AES256[\r][\n]" (org.apache.http.wire:73)
Jan 26 17:55:04 db1 connect-standalone.sh[27930]: [2021-01-26 17:55:04,563] DEBUG http-outgoing-12 >> "x-amz-server-side-encryption-customer-key: ****************=[\r][\n]" (org.apache.http.wire:73)
Jan 26 17:55:04 db1 connect-standalone.sh[27930]: [2021-01-26 17:55:04,563] DEBUG http-outgoing-12 >> "x-amz-server-side-encryption-customer-key-MD5: x/F0oeLbYckXF8ksG+dksA==[\r][\n]" (org.apache.http.wire:73)

Followed by

Jan 26 17:55:04 db1 connect-standalone.sh[27930]: [2021-01-26 17:55:04,592] DEBUG http-outgoing-12 << "<Error><Code>InvalidArgument</Code><Message>Server Side Encryption with Customer provided key is incompatible with the encryption method specified</Message><ArgumentName>x-amz-server-side-encryption</ArgumentName><ArgumentValue>AES256</ArgumentValue><RequestId>505A846706B4FE0E</RequestId><HostId>Es+YRbHxnKS6L1jZ2S0k3g3+O79lNq1bPbIgk0totJQlt3mlWaFZgRq1xhaIBpd27b5FNPdke38=</HostId></Error>[\r][\n]" (org.apache.http.wire:73)

So I understand that x-amz-server-side-encryption and x-amz-server-side-encryption-customer-algorithm cannot be set together on an AWS S3. I assume from https://github.com/confluentinc/kafka-connect-storage-cloud/pull/173#issuecomment-396417041 that Minio may have a different handling.

2phost commented 2 years ago

Any news regarding this? I am facing exactly the same problem.