radosgw SSE-C is not working (InvalidRequest)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
I try to evaluate SSE-C (so customer provides keys) for our object storages.
We do not provide a KMS server.

I've added "Access-Control-Allow-Headers" to the haproxy frontend.
rspadd Access-Control-Allow-Headers...
x-amz-server-side-encryption-customer-algorithm,\
x-amz-server-side-encryption-customer-key,\
x-amz-server-side-encryption-customer-key-MD5

I've also enabled "rgw_trust_forwarded_https = true" in the client section
in the ceph.conf and restarted the RGW daemons.

I now try to get it working, but I am not sure if I am doing it correctly.

$ encKey=$(openssl rand -base64 32)
$ md5Key=$(echo $encKey | md5sum | awk '{print $1}' | base64)
$ aws s3api --endpoint=https://radosgw put-object \
  --body ~/Downloads/TESTFILE \
  --bucket test-bb-encryption \
  --key TESTFILE \
  --sse-customer-algorithm AES256 \
  --sse-customer-key $encKey \
  --sse-customer-key-md5 $md5Key

This is what the RGW log gives me:
2023-03-17T10:55:55.465+0000 7f42bbe5f700  1 ====== starting new request
req=0x7f448c185700 =====
2023-03-17T10:55:55.469+0000 7f434df83700  1 ====== req done
req=0x7f448c185700 op status=-2021 http_status=400 latency=3999985ns ======
2023-03-17T10:55:55.469+0000 7f434df83700  1 beast: 0x7f448c185700: IPV6 -
- [2023-03-17T10:55:55.469539+0000] "PUT /test-bb-encryption/TESTFILE
HTTP/1.1" 400 221 - "aws-cli/2.4.18 Python/3.9.10 Darwin/22.3.0
source/x86_64 prompt/off command/s3api.put-object" -

Maybe someone got a wroking example and is willing to share it with me, or
did also encounter this problem and knows what to do?

It's and octopus cluster.

Cheers
 Boris
-- 
Die Selbsthilfegruppe "UTF-8-Probleme" trifft sich diesmal abweichend im
groüen Saal.
_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx




[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]


  Powered by Linux