yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/obs/api-ref/obs_04_0173.html
weihongmin1 285f8e4a64 OBS API 0826 Version 
Reviewed-by: Sabelnikov, Dmitriy <dmitriy.sabelnikov@t-systems.com>
Co-authored-by: weihongmin1 <weihongmin1@huawei.com>
Co-committed-by: weihongmin1 <weihongmin1@huawei.com>
2025-10-28 10:02:29 +00:00

107 lines
7.2 KiB
HTML
Raw Blame History

<a name="obs_04_0173"></a><a name="obs_04_0173"></a>
<h1 class="topictitle1">SSE-OBS</h1>
<div id="body0000001718790709"><div class="section" id="obs_04_0173__section052314617525"><h4 class="sectiontitle">Functions</h4><p id="obs_04_0173__p958883165413">With SSE-OBS, OBS uses the keys provided by itself for server-side encryption. Unlike SSE-KMS where KMS manages keys, in SSE-OBS, OBS manages keys.</p>
</div>
<div class="section" id="obs_04_0173__section13281481530"><h4 class="sectiontitle">Newly Added Headers</h4><p id="obs_04_0173__p156482914535">Use the headers listed in <a href="#obs_04_0173__table9548129165313">Table 1</a> to implement SSE-OBS.</p>
<p id="obs_04_0173__p1356472965314">You can also configure the default encryption for a bucket to encrypt objects you upload to the bucket. After the default encryption is configured for a bucket, if upload requests for that bucket do not contain encryption headers, the default encryption applies to the uploaded objects. For more information about configuring bucket encryption, see <a href="obs_04_0062.html">Configuring Bucket Encryption</a>.</p>
<div class="tablenoborder"><a name="obs_04_0173__table9548129165313"></a><a name="table9548129165313"></a><table cellpadding="4" cellspacing="0" summary="" id="obs_04_0173__table9548129165313" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Header used in SSE-OBS</caption><thead align="left"><tr id="obs_04_0173__row75641729135310"><th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.2.4.2.3.1.1"><p id="obs_04_0173__p556412914537">Header</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="50%" id="mcps1.3.2.4.2.3.1.2"><p id="obs_04_0173__p1756422916533">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="obs_04_0173__row556472935310"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.2.4.2.3.1.1 "><p id="obs_04_0173__p1256442914531">x-obs-server-side-encryption</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.2.4.2.3.1.2 "><p id="obs_04_0173__p2056492925310">Indicates that SSE-OBS is used for encrypting objects.</p>
<p id="obs_04_0173__p1556442913535">Type: string</p>
<p id="obs_04_0173__p6564152917538">Example: <strong id="obs_04_0173__b154127545459">x-obs-server-side-encryption:AES256</strong></p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="section" id="obs_04_0173__section15481741145315"><h4 class="sectiontitle">APIs Where SSE-OBS Headers Apply</h4><p id="obs_04_0173__p133748205413">You can configure headers about SSE-OBS in the APIs below:</p>
<ul id="obs_04_0173__ul1089312894017"><li id="obs_04_0173__li11893828124011"><a href="obs_04_0080.html">Uploading Objects - PUT</a></li><li id="obs_04_0173__li199153364018"><a href="obs_04_0081.html">Uploading Objects - POST</a> (<strong id="obs_04_0173__b1080144445218">x-obs-server-side-encryption</strong> should be put in the form, instead of the header.)</li><li id="obs_04_0173__li346584174016"><a href="obs_04_0082.html">Copying Objects</a> (The newly added headers apply to object copies.)</li><li id="obs_04_0173__li14715452407"><a href="obs_04_0098.html">Initiating a Multipart Upload</a></li></ul>
</div>
<p id="obs_04_0173__p561550195411">You can configure a bucket policy to restrict the request headers for a specified bucket. For example, if you require that object upload requests do not contain header <strong id="obs_04_0173__b1372793905519">x-obs-server-side-encryption:"AES256"</strong>, you can use the following bucket policy:</p>
<pre class="screen" id="obs_04_0173__screen86155017549">{
"Statement": [
{
"Sid": "DenyUnEncryptedObjectUploads",
"Effect": "Deny",
"Principal": "*",
"Action": "PutObject",
"Resource": "YourBucket/*",
"Condition": {
"StringNotEquals": {
"x-obs-server-side-encryption": "AES256"
}
}
}
]
}</pre>
<div class="section" id="obs_04_0173__section145877075410"><h4 class="sectiontitle">Sample Request: Using the Default Key to Encrypt an Object</h4><pre class="screen" id="obs_04_0173__screen186151209544">PUT /encryp1 HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.<em id="obs_04_0173__i12367117502">region</em>.example.com
Accept: */*
Date: Wed, 06 Jun 2018 09:08:21 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:f3/7eS6MFbW3JO4+7I5AtyAQENU=
x-obs-server-side-encryption:AES256
Content-Length: 5242
Expect: 100-continue
[5242 Byte object contents]</pre>
</div>
<div class="section" id="obs_04_0173__section35918055420"><h4 class="sectiontitle">Sample Response: Using the Default Key to Encrypt an Object</h4><pre class="screen" id="obs_04_0173__screen1761613035415">HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: 8DF400000163D45AA81D038B6AE4C482
ETag: "d8bffdfbab5345d91ac05141789d2477"
x-obs-server-side-encryption: AES256
x-obs-id-2: 32AAAUJAIAABAAAQAAEAABAAAQAAEAABCTv7cHmAnGfBAGXUHeibUsiETTNqlCqC
Date: Wed, 06 Jun 2018 09:08:21 GMT
Content-Length: 0</pre>
</div>
<div class="section" id="obs_04_0173__section359216075411"><h4 class="sectiontitle">Sample Request: Copying an Object as an Encrypted Object</h4><pre class="screen" id="obs_04_0173__screen15616908546">PUT /destobject HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.<em id="obs_04_0173__i921014106216">region</em>.example.com
x-obs-server-side-encryption:AES256
Accept: */*
Date: Wed, 06 Jun 2018 09:10:29 GMT
Authorization: OBS H4IPJX0TQTHTHEBQQCEC:SH3uTrElaGWarVI1uTq325kTVCI=
x-obs-copy-source: /bucket/srcobject1</pre>
</div>
<div class="section" id="obs_04_0173__section12592140165415"><h4 class="sectiontitle">Sample Response: Copying an Object as an Encrypted Object</h4><pre class="screen" id="obs_04_0173__screen166169011544">HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BB78000001648480AF3900CED7F15155
ETag: "d8bffdfbab5345d91ac05141789d2477"
x-obs-server-side-encryption: AES256
x-obs-id-2: oRAXhgwdaLc9wKVHqTLSmQB7I35D+32AAAUJAIAABAAAQAAEAABAAAQAAEAABCS
Date: Wed, 06 Jun 2018 09:10:29 GMT
Content-Length: 0</pre>
</div>
<div class="section" id="obs_04_0173__section1859330175419"><h4 class="sectiontitle">Sample Request: Uploading an Encrypted Object Using a Signed URL</h4><pre class="screen" id="obs_04_0173__screen1461611017549">PUT /destobject?AccessKeyId=UI3SN1SRUQE14OYBKTZB&amp;Expires=1534152518&amp;x-obs-server-side-encryption=AES256&amp;Signature=chvmG7%2FDA%2FDCQmTRJu3xngldJpg%3D HTTP/1.1
User-Agent: curl/7.29.0
Host: examplebucket.obs.<em id="obs_04_0173__i19155134214218">region</em>.example.com
Accept: */*
Date: Wed, 06 Jun 2018 09:10:29 GMT</pre>
</div>
<div class="section" id="obs_04_0173__section55941808545"><h4 class="sectiontitle">Sample Response: Uploading an Encrypted Object Using a Signed URL</h4><pre class="screen" id="obs_04_0173__screen206165025413">HTTP/1.1 200 OK
Server: OBS
x-obs-request-id: BB78000001648480AF3900CED7F15155
ETag: "d8bffdfbab5345d91ac05141789d2477"
x-obs-server-side-encryption: AES256
x-obs-id-2: oRAXhgwdaLc9wKVHqTLSmQB7I35D+32AAAUJAIAABAAAQAAEAABAAAQAAEAABCS
Date: Wed, 06 Jun 2018 09:10:29 GMT
Content-Length: 0</pre>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="obs_04_0104.html">Server-Side Encryption</a></div>
</div>
</div>
View Git Blame Copy Permalink