Link to home
Start Free TrialLog in
Avatar of lhrslsshahi
lhrslsshahi

asked on

Linux MD5 Hash

I am trying to generate an encryption key and its MD5 hash on a Centos 7

https://sprightlysoft.com/blog/?p=209 

The following is an example of the S3 Sync RequestHeaders parameter for using SSE-C.
-RequestHeaders “x-amz-server-side-encryption-customer-algorithm:AES256|x-amz-server-side-encryption-customer-key:abcdefghijklmnopqrstuvwxyz0123456789ABCDEFG=|x-amz-server-side-encryption-customer-key-MD5:abcdefghijklmnopqrstuv==”
The x-amz-server-side-encryption-customer-algorithm section says you will be using the AES 256 encryption method on S3. The x-amz-server-side-encryption-customer-key section is the encryption key. The x-amz-server-side-encryption-customer-key-MD5 section is the MD5 hash of the encryption key. Amazon will store the x-amz-server-side-encryption-customer-key-MD5 value with the file but not the x-amz-server-side-encryption-customer-key value.
Avatar of lhrslsshahi
lhrslsshahi

ASKER

Just give you a background I am trying to use s3 sync with sse-c.


--sse-c (string) Specifies server-side encryption using customer provided keys of the the object in S3. AES256 is the only valid value. If the parameter is specified but no value is provided, AES256 is used. If you provide this value, --sse-c-key must be specified as well.

--sse-c-key (string) The customer-provided encryption key to use to server-side encrypt the object in S3. If you provide this value, --sse-c must be specified as well. The key provided should not be base64 encoded.
/usr/bin/aws s3 sync /da03/live/ s3://blob-portal-data/ --sse-c AES256 --sse-c-key ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789

upload failed: ../da03/live/5/test-aes256 to s3://blob-portal-data/5/test-aes256 An error occurred (InvalidArgument) when calling the PutObject operation: The secret key was invalid for the specified algorithm.

I have used the following command to generate AES256 32bit code

openssl enc -d -a -md sha1 -aes-256-cbc -nosalt -p 
SOLUTION
Avatar of gr8gonzo
gr8gonzo
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks will take on board what you have said.

How do I generate a AES256 32 character encryption key that complies with AWS requirements.

From what I'm reading, it sounds like S3 is just asking for an encryption key/password to use for encryption. Your "--sse-c-key " parameter is 64 characters long - try using a 32-character (256-bit) key instead.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial