This diagram shows the three-step encryption process when using SSE-S3:
Let's understand the process:
- The client selects their object(s) to upload to S3 and indicates the encryption mechanism of SSE-S3 during this process.
- S3 then takes control of the object and encrypts it with a plaintext data key generated by S3. The result is an encrypted version of the object, which is then stored in your chosen S3 bucket.
- The plaintext data key that is used to encrypt the object is then encrypted with an S3 master key, resulting in an encrypted version of the key. This now-encrypted key is also stored in S3 and is associated with the encrypted data object. Finally, the plaintext data key is removed from memory in S3.
This diagram shows the four-step decryption process when using SSE-S3:
Let's understand the process:
- A user requests access to the encrypted object via a client.
- S3 is aware that the requested object is encrypted...