Last updated：2020-08-21 18:14:29
During client-side data encryption, the client provides and maintains the encryption keys, and data encryption and decryption are completed on the client.
During server-side data encryption, KS3 or the client provides and maintains the encryption keys, and data encryption and decryption are completed on KS3.
If the keys for server-side data encryption are escrowed on KS3 (SSE-S3), KS3 employs multi-factor strong encryption to encrypt all objects with the same key. To ensure the security of the key, KS3 encrypts the key by using a periodically rotated primary key. The algorithm used for data encryption is 256-bit Advanced Encryption Standard (AES-256).
If the keys for server-side data encryption are provided by the client, it is up to you to manage data encryption and decryption, data encryption keys, and the tools.
KS3 employs a multi-replica policy to store users’ basic data. The data persistence is equal to or greater than 99.999999999%. In other words, among 100,000,000,000 user instances, only one user instance might have a data loss issue within a month.
When you use the PUT method to upload a file, set the Content-MD5 header. KS3 will calculate the MD5 value of the uploaded file and compare the calculated value with MD5 value that you provides. For more information see PUT Object API.
Yes. For more information, see Door chain.
Currently, KS3 supports TLSv1.0, TLSv1.1, and TLSv1.2. For information security, you are recommended to replace TLSv1.0 as soon as possible and use the up-to-date TLS version. Kingsoft Cloud will no longer be compatible with protocols supporting TLS1.0 after December 31, 2020. After that time, you might not be able to connect to KS3 if your terminal is too old. If you cannot connect to KS3, it is recommended that you upgrade TLS and try again.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.