Which of the below mentioned statements helps the user understand the S3 encryption functionality?

By:
In: SOA-C01
Tagged:
With: 1 Comment
A sys admin is using server side encryption with AWS S3.

Which of the below mentioned statements helps the user understand the S3 encryption functionality?

The server side encryption with the user supplied key works when versioning is enabled

The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side encryption with the user supplied key

The user must send an AES-128 encrypted key

The user can upload his own encryption key to the S3 console

Explanations:

Server-Side Encryption with User-Supplied Keys (SSE-C) works regardless of whether versioning is enabled or not. Versioning is not a requirement for SSE-C.

The user can use the AWS Console, SDK, and APIs to upload objects encrypted with a user-supplied key (SSE-C), but AWS does not handle decryption automatically.

The user does not have to send an AES-128 encrypted key. The user supplies their own encryption key (e.g., any string), not a pre-encrypted one.

The user cannot upload their encryption key directly to the S3 console. The key must be supplied at the time of the API call, not uploaded.

2025-09-28

1 Comment

  1. Judy
    Author

    From what I’ve seen, the answer is:
    The user can use the AWS console, SDK and APIs to encrypt or decrypt the content for server side encryption with the user supplied key

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × three =