Which of the below mentioned statements helps the user understand the S3 encryption functionality?
The server side encryption with the user supplied key works when versioning is enabled
The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side encryption with the user supplied key
The user must send an AES-128 encrypted key
The user can upload his own encryption key to the S3 console
Explanations:
Server-Side Encryption with User-Supplied Keys (SSE-C) works regardless of whether versioning is enabled or not. Versioning is not a requirement for SSE-C.
The user can use the AWS Console, SDK, and APIs to upload objects encrypted with a user-supplied key (SSE-C), but AWS does not handle decryption automatically.
The user does not have to send an AES-128 encrypted key. The user supplies their own encryption key (e.g., any string), not a pre-encrypted one.
The user cannot upload their encryption key directly to the S3 console. The key must be supplied at the time of the API call, not uploaded.