A user has enabled versioning on an S3 bucket. The user is using server side encryption for data at Rest. If the
user is supplying his own keys for encryption (SSE-C., which of the below mentioned statements is true?
A.
The user should use the same encryption key for all versions of the same object
B.
It is possible to have different encryption keys for different versions of the same object
C.
AWS S3 does not allow the user to upload his own keys for server side encryption
D.
The SSE-C does not work when versioning is enabled
Explanation:
AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can
either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to
supply his own encryption key (SSE-C.. If the bucket is versioning-enabled, each object version uploaded by the
user using the SSE-C feature can have its own encryption key. The user is responsible for tracking which
encryption key was used for which object’s version
B
B
“If your bucket is versioning-enabled, each object version you upload using this feature can have its own encryption key.”
http://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
b