Amazon S3 Server-Side Encryption Support in iOS

The AWS Mobile SDK for iOS supports server-side encryption of Amazon S3 data. To learn more about server-side encryption, see PUT Object.

The following properties are available to configure the encryption:

To use these properties, import the AWSSS3Model with the following statement.

Swift
import AWSS3
Objective-C
#import <AWSS3/AWSS3.h>

SSECustomerAlgorithm is a property of AWSS3ReplicateObjectOutput. If server-side encryption with a customer-provided encryption key was requested, the response will include this header, which confirms the encryption algorithm that was used. Currently, the only valid option is AES256. You can access SSECustomerAlgorithm as follows.

Swift
let replicateObjectOutput = AWSS3ReplicateObjectOutput()
replicateObjectOutput?.sseCustomerAlgorithm = "mySseCustomerAlgorithm
Objective-C
AWSS3ReplicateObjectOutput *replicateObjectOutput = [AWSS3ReplicateObjectOutput new];
replicateObjectOutput.SSECustomerAlgorithm = @"mySseCustomerAlgorithm";

SSECustomerKey, a property of AWSS3UploadPartRequest, specifies the customer-provided encryption key for Amazon S3 to use to encrypting data. This value is used to store the object, and is then discarded; Amazon doesn't store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header. This must be the same encryption key specified in the request to initiate a multipart upload. You can access SSECustomerKey as follows.

Swift
let uploadPartRequest = AWSS3UploadPartRequest()
uploadPartRequest?.sseCustomerKey = "customerProvidedEncryptionKey"
Objective-C
AWSS3UploadPartRequest *uploadPartRequest = [AWSS3UploadPartRequest new];
uploadPartRequest.SSECustomerKey = @"customerProvidedEncryptionKey";

SSECustomerKeyMD5 is a property of AWSS3PutObjectOutput. If server-side encryption with a customer-provided encryption key is requested, the response will include this header. The response provides round trip message integrity verification of the customer-provided encryption key. You can access SSECustomerKeyMD5 as follows.

Swift
let objectOutput = AWSS3PutObjectOutput()
// Access objectOutput?.sseCustomerKeyMD5 ...
Objective-C
AWSS3PutObjectOutput *objectOutput = [AWSS3PutObjectOutput new];
//Access objectOutput.SSECustomerKeyMD5 ...

AWSS3ServerSideEncryption represents the encryption algorithm for storing an object in Amazon S3. You can access it as follows.

Swift
let objectOutput = AWSS3PutObjectOutput()
// Access objectOutput?.sseCustomerKeyMD5 ...
Objective-C
AWSS3ReplicateObjectOutput *replicateObjectOutput = [AWSS3ReplicateObjectOutput new];
// Access replicateObjectOutput.serverSideEncryption ...