com.ibm.cloud.objectstorage.services.s3.model

Class SSECustomerKey

java.lang.Object

com.ibm.cloud.objectstorage.services.s3.model.SSECustomerKey

All Implemented Interfaces:

Serializable

public class SSECustomerKey
extends Object
implements Serializable

Represents a customer provided key for use with Amazon S3 server-side encryption. Server-side encryption is about data encryption at rest, that is, Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it for you when you access it. Amazon S3 manages encryption and decryption for you. This class allows you to specify your own encryption key for Amazon S3 to use when encrypting your data on the server-side, instead of allowing Amazon to automatically generate an encryption key for you. For more information on Amazon S3 server-side encryption, see: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html This encryption is done entirely on the server-side. Your data is transmitted to Amazon S3 over a secure SSL connection and then encrypted when it reaches Amazon's servers. The SDK also offers client-side encryption, where the encryption keys and unencrypted data never leave your machines. For more information on client-side encryption for Amazon S3 data, see: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html

See Also:

Serialized Form

Constructor Summary

Constructors

Constructor and Description
SSECustomerKey(byte[] rawKeyMaterial) Constructs a new customer provided server-side encryption key using the specified raw key material.
SSECustomerKey(SecretKey key) Constructs a new customer provided server-side encryption key using the specified SecretKey.
SSECustomerKey(String base64EncodedKey) Constructs a new customer provided server-side encryption key using the specified base64-encoded key material.

Method Summary

Modifier and Type	Method and Description
static SSECustomerKey	generateSSECustomerKeyForPresignUrl(String algorithm) Constructs a new SSECustomerKey that can be used for generating the presigned URL's.
String	getAlgorithm() Returns the encryption algorithm to use with this customer-provided server-side encryption key.
String	getKey() Returns the base64-encoded server-side encryption key that was provided in this object's constructor.
String	getMd5() Returns the optional base64-encoded MD5 digest of the encryption key to use when validating the integrity of the transmitted server-side encryption key.
void	setAlgorithm(String algorithm) Sets the encryption algorithm to use with this customer-provided server-side encryption key.
void	setMd5(String md5Digest) Sets the optional MD5 digest (base64-encoded) of the encryption key to use when encrypting the object.
SSECustomerKey	withAlgorithm(String algorithm) Sets the encryption algorithm to use with this customer-provided server-side encryption key, and returns this object so that method calls can be chained together.
SSECustomerKey	withMd5(String md5Digest) Sets the optional MD5 digest (base64-encoded) of the encryption key to use when encrypting the object, and returns the updated object so that additional method calls can be chained together.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SSECustomerKey

public SSECustomerKey(String base64EncodedKey)

Constructs a new customer provided server-side encryption key using the specified base64-encoded key material. By default, this is assumed to be an AES-256 key, but the key algorithm can be set through the SSECustomerKey.setAlgorithm(String) method. Currently, Amazon S3 only supports AES-256 encryption keys.

Parameters:

base64EncodedKey - The base 64 encoded encryption key material.

SSECustomerKey

public SSECustomerKey(byte[] rawKeyMaterial)

Constructs a new customer provided server-side encryption key using the specified raw key material. By default, this is assumed to be an AES-256 key, but the key algorithm can be set through the SSECustomerKey.setAlgorithm(String) method. Currently, Amazon S3 only supports AES-256 encryption keys.

Parameters:

rawKeyMaterial - The raw bytes of the customer provided encryption key.

SSECustomerKey

public SSECustomerKey(SecretKey key)

Constructs a new customer provided server-side encryption key using the specified SecretKey. By default, this is assumed to be an AES-256 key, but the key algorithm can be set through the SSECustomerKey.setAlgorithm(String) method. Currently, Amazon S3 only supports AES-256 encryption keys.

Parameters:

key - The customer provided server-side encryption key.

Method Detail

getKey

public String getKey()

Returns the base64-encoded server-side encryption key that was provided in this object's constructor.

Returns:

The base64-encoded server-side encryption key.

getAlgorithm

public String getAlgorithm()

Returns the encryption algorithm to use with this customer-provided server-side encryption key. Currently, "AES256" is the only supported algorithm.

Returns:

The encryption algorithm to use with this customer-provided server-side encryption key.

setAlgorithm

public void setAlgorithm(String algorithm)

Sets the encryption algorithm to use with this customer-provided server-side encryption key. Currently, "AES256" is the only supported algorithm.

Parameters:

algorithm - The server-side encryption algorithm to use with this customer-provided server-side encryption key.

See Also:

SSEAlgorithm.AES256

withAlgorithm

public SSECustomerKey withAlgorithm(String algorithm)

Sets the encryption algorithm to use with this customer-provided server-side encryption key, and returns this object so that method calls can be chained together. Currently, "AES256" is the only supported algorithm.

Parameters:

algorithm - The server-side encryption algorithm to use with this customer-provided server-side encryption key.

Returns:

The updated ServerSideEncryptionKey object, so that method calls may be chained together.

See Also:

SSEAlgorithm.AES256

getMd5

public String getMd5()

Returns the optional base64-encoded MD5 digest of the encryption key to use when validating the integrity of the transmitted server-side encryption key. If a MD5 digest is not explicitly specified, then it will be automatically calculated.

Returns:

The base64-encoded MD5 digest of this customer-provided server-side encryption key.

setMd5

public void setMd5(String md5Digest)

Sets the optional MD5 digest (base64-encoded) of the encryption key to use when encrypting the object. This will be used as a message integrity check that the key was transmitted without error. If not set, the SDK will fill in this value by calculating the MD5 digest of the secret key, before sending the request.

Parameters:

md5Digest - The MD5 digest (base64-encoded) of the encryption key to use when encrypting the object.

withMd5

public SSECustomerKey withMd5(String md5Digest)

Sets the optional MD5 digest (base64-encoded) of the encryption key to use when encrypting the object, and returns the updated object so that additional method calls can be chained together. This will be used as a message integrity check that the key was transmitted without error. If not set, the SDK will fill in this value by calculating the MD5 digest of the secret key, before sending the request.

Parameters:

md5Digest - The MD5 digest (base64-encoded) of the encryption key to use when encrypting the object.

Returns:

The updated object, so that additional method calls can be chained together.

generateSSECustomerKeyForPresignUrl

public static SSECustomerKey generateSSECustomerKeyForPresignUrl(String algorithm)

Constructs a new SSECustomerKey that can be used for generating the presigned URL's. Currently, "AES256" is the only supported algorithm.

Parameters:

algorithm - The server-side encryption algorithm to use with this customer-provided server-side encryption key; must not be null.

Throws:

IllegalArgumentException - if the input parameter is null.

See Also:

SSEAlgorithm.AES256