         | Did this page help you? Yes No Tell us about it... |
Specifying Server-Side Encryption Using the AWS SDK for Java
When using the AWS SDK for Java to upload an object, you can use the
ObjectMetadata property of the PutObjectRequest to set the
x-amz-server-side-encryption request header (see Specifying Server-Side Encryption Using REST API). When you call the
PutObject method of the AmazonS3 client as shown in the following Java
code sample Amazon S3 encrypts and saves the data.
File file = new File(uploadFileName);
PutObjectRequest putRequest = new PutObjectRequest(
bucketName, keyName, file);
// Request server-side encryption.
ObjectMetadata objectMetadata = new ObjectMetadata();
objectMetadata.setServerSideEncryption(
ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION);
putRequest.setMetadata(objectMetadata);
PutObjectResult response = s3client.putObject(putRequest);
System.out.println("Uploaded object encryption status is " +
response.getServerSideEncryption());In response, Amazon S3 returns the encryption algorithm used for encrypting your object
data, which you can check using the getServerSideEncryption method.
For a working sample that shows how to upload an object, see Upload an Object Using the AWS SDK for Java. For
server-side encryption, add the ObjectMetadata property to your request.
When uploading large objects using multipart upload API, you can request server-side encryption for the object that you are uploading.
When using the low-level multipart upload API (see Upload a File) to upload a large object, you can specify server-side encryption when you initiate the multipart upload. That is, you add the
ObjectMetadataproperty by calling theInitiateMultipartUploadRequest.setObjectMetadatamethod.When using the high-level multipart upload API (see Using the High-Level Java API for Multipart Upload), the
TransferManagerclass provides methods to upload objects. You can call any of the upload methods that takeObjectMetadataas a parameter.
Determining Encryption Algorithm Used
To determine the encryption state of an existing object you can retrieve the object metadata as shown in the following Java code sample.
GetObjectMetadataRequest request2 =
new GetObjectMetadataRequest(bucketName, keyName);
ObjectMetadata metadata = s3client.getObjectMetadata(request2);
System.out.println("Encryption algorithm used: " +
metadata.getServerSideEncryption());If server-side encryption is not used for the object that is stored in Amazon S3, the method returns a null.
Changing Server-Side Encryption of an Existing Object (Copy Operation)
To change the encryption state of an existing object, you make a copy of the object and
delete the source object. Note that, by default, the copy API will not encrypt the
target, unless you explicitly request server-side encryption. You can request the
encryption of the target object by using the ObjectMetadata property to
specify server-side encryption in the CopyObjectRequest as shown in the
following Java code sample.
CopyObjectRequest copyObjRequest = new CopyObjectRequest(
sourceBucket, sourceKey, targetBucket, targetKey);
// Request server-side encryption.
ObjectMetadata objectMetadata = new ObjectMetadata();
objectMetadata.setServerSideEncryption(
ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION);
copyObjRequest.setNewObjectMetadata(objectMetadata);
CopyObjectResult response = s3client.copyObject(copyObjRequest);
System.out.println("Copied object encryption status is " +
response.getServerSideEncryption());For a working sample of how to copy an object, see Copy an Object Using the AWS SDK for Java. You can specify server-side encryption
in the CopyObjectRequest. object as shown in the preceding code
sample.
