Which parameter is not required while making a call for SSE-C?

A system admin is planning to encrypt all objects being uploaded to S3 from an application. The system admin does not want to implement his own encryption algorithm; instead he is planning to use server side encryption by supplying his own key (SSE-C).

Which parameter is not required while making a call for SSE-C?
A . x-amz-server-side-encryption-customer-key-AES-256
B . x-amz-server-side-encryption-customer-key
C . x-amz-server-side-encryption-customer-algorithm
D . x-amz-server-side-encryption-customer-key-MD5

View Answer

Answer: A

Explanation:

AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C). When the user is supplying his own encryption key, the user has to send the below mentioned parameters as a part of the API calls: x-amz-server-side-encryption-customer-algorithm: Specifies the encryption algorithm x-amz-server-side-encryption-customer-key: To provide the base64-encoded encryption key x-amz-server-side-encryption-customer-key-MD5: To provide the base64-encoded 128-bit MD5 digest of the encryption key