|
|
|
|
|
|
by llarsson
1638 days ago
|
|
|
> SSE-C (where AWS don't store your keys, you send them in every bucket API request) Since this is symmetrical encryption we're talking about, let's just be completely aware that the technical possibility to also store the encryption key definitely exists. It would violate the terms of service, of course. For those who don't know how SSE-C works, it's that you send both the unencrypted data and a key in a request. AWS will encrypt the data with the key, and store it encrypted. To get your data back, you supply the same key in your subsequent request. AWS will decrypt the data using the key, and send the unencrypted data back to you. During both those times when you gave AWS your key, you entirely trust that they will not also happen to store it for their own use. |
|
|