clokep
commented
11 months ago Can you expand a bit upon what the goal is here? How does it relate to the SSE-C support from #84? (If at all.)
Closed roeltm closed 3 months ago
clokep
commented
11 months ago Can you expand a bit upon what the goal is here? How does it relate to the SSE-C support from #84? (If at all.)
roeltm
commented
11 months ago SSE is is server side, this is client side. Description here. A couple of difference in that:
You could technically use both SSE and CSE, but that seems a bit excessive 😄
clokep
commented
11 months ago Throwing this back on the team's pile as I've had a couple things pop up.
erikjohnston
commented
3 months ago Hi, really sorry for sitting on this for so long. We (empirically) don't have time to really accept large contributions to this project right now, especially as we don't have a good testing infrastructure for it and in general we've had issues with using boto3 and so are quite cautious.
As such I'm going to close this, rather than leaving it in limbo.
This PR extends the encryption options to include client side encryption. Using a static master key defined in the configuration aws-encryption-sdk library generates a key per file, encrypts the file with the generated key
and encrypts both file(edit: wrong description) and encrypts the key using the master key which gets uploaded to S3 together with the encrypted file.Note: I'm not certain about the inclusion of the encryption module, this is a bit new for me so let me know if I can improve this.