Documentation

Fields

• _v1Key :: !ByteString

  x-amz-key: Content encrypting key (cek) in encrypted form, base64 encoded. The cek is randomly generated per S3 object, and is always an AES 256-bit key. The corresponding cipher is always AESCBCPKCS5Padding.

• _v1IV :: !(IV AES256)

  x-amz-iv: Randomly generated IV (per S3 object), base64 encoded.

• _v1Description :: !Description

  x-amz-matdesc: Customer provided material description in JSON (UTF8) format.

Fields

• _v2Key :: !ByteString

  x-amz-key-v2: CEK in key wrapped form. This is necessary so that the S3 encryption client that doesn't recognize the v2 format will not mistakenly decrypt S3 object encrypted in v2 format.

• _v2IV :: !(IV AES256)

  x-amz-iv: Randomly generated IV (per S3 object), base64 encoded.

• _v2CEKAlgorithm :: !ContentAlgorithm

  x-amz-cek-alg: Content encryption algorithm used. Supported values: AESGCMNoPadding, AESCBCPKCS5Padding Default to AESCBCPKCS5Padding if this key is absent.

  Supported values: AESWrap, RSAECBOAEPWithSHA-256AndMGF1Padding, kms No standard key wrapping is used if this meta information is absent Always set to kms if KMS is used for client-side encryption

• _v2WrapAlgorithm :: !WrappingAlgorithm

  x-amz-wrap-alg: Key wrapping algorithm used.

• _v2Description :: !Description

  x-amz-matdesc: Customer provided material description in JSON format. Used to identify the client-side master key. For KMS client side encryption, the KMS Customer Master Key ID is stored as part of the material description, x-amz-matdesc, under the key-name kms_cmk_id@.