Working with Amazon S3 Server Side Encryption (SSE)

• Why you may want to use SSE? What security problems does it solve?
• How to check whether the file is encrypted or not
• How to encrypt or decrypt one or multiple files
• How to encrypt or decrypt an S3 Bucket
• How to enable encryption for a Bucket
• How to automatically encrypt files during uploading

Why you may want to use SSE? What security problems does it solve?

"SSE protects your data in attack scenarios where an attacker has access to the data, but not access to both keys. Thus this protects against stolen/lost disks. You can�t decrypt without having all the 3 elements: encrypted data, encryption key and the master key.

AWS will decrypt the object for valid requests from AWS customers who are allowed access to the data. Thus, customers still would be required to securely maintain and manage their access id and secret keys. Also, you can control who will have access to your data through ACLs and bucket policies."  Jeff Barr, AWS Evangelist.

To check whether the file is encrypted or not

Select the file and click Files->Properties.

Select the file and click Files->Properties.

Properties tab will open

Use File Properties to check encryption status for a particular file

The Encrypted row indicates whether the file is encrypted or not.

To encrypt or decrypt a file or a group of files

1. Select the file(s) you want to encrypt or decrypt and click Files -> Server Side Encryption

Select the files and click Files -> Server Side Encryption

2. Click Encrypt to encrypt selected file(s) or Decrypt to decrypt them.

To encrypt or decrypt Amazon S3 Bucket

1. Select the bucket you want to encrypt or decrypt and click Buckets -> Server Side Encryption

Select the Bucket and click Files -> Server Side Encryption

2. Click Encrypt to encrypt all files inside the bucket or Decrypt to decrypt them.

S3 Browser will enumerate all objects inside the bucket and enable Server Side Encryption for an each file.

If your Amazon S3 Bucket contains a lot of files, this operation may take a while.

You can significantly increase performance using S3 Browser Pro. It allows you to increase the number of concurrent working threads and thereby process your files much more faster.

To automatically apply Server Side Encryption during uploading

1. Click Tools -> Options -> Global

Select the file and click Files->Properties.

2. Turn on Enable Server Side Encryption

How to enable Server Side Encryption for all buckets and files

S3 Browser will automatically enable Server Side Encryption for new files.

Please note, this setting is stored locally, another tools will not apply Server Side Encryption automatically.

How to enable encryption for a Bucket.

You can also enable Server Side Encryption for a particular bucket only.

1. Select the bucket and Click Bucket->Properties

Bicket Propetis tab will open.

Select the bucket and click Buckets->Properties.

2. Find Server Side Encryption row and click the Enabled/Disabled link to switch encryption status for a bucket.