rclone
b2: Add Server-Side encryption support
What is the purpose of this change?
This commit adds SSE-C (Server-Side Encryption - Customer) support to the B2 native backend. The server uses a customer provided AES-256 key to encrypt the files when you upload them to the bucket, and then it discards your key from the servers RAM after you're done uploading.
The option names and descriptions are based off the S3 backend implementation as the way S3 and B2 does SSE-C is pretty similar.
Was the change discussed in an issue or in the forum before?
I saw it discussed in #6585.
Checklist
- [x] I have read the contribution guidelines.
- [x] I have added tests for all changes in this PR if appropriate.
- [x] I have added documentation for the changes if appropriate.
- [x] All commit messages are in house style.
- [x] I'm done, this Pull Request is ready for review :-)
just a thought: I wonder if the Base64 string getting converted into a Go UTF-8 string changes the data a tiny bit messing up the md5 hash compared to directly decoding the base64 string and hashing from the binary? I used openssl to generate 32 random bytes for an AES-256 key, which isn't exactly a UTF-8 compatible string.
All though thinking about it again, not converting the Base64 string to a Go UTF-8 string internally might break compatibility the rclone S3 backend (even if rclone doesn't officially support B2 as a provider in its s3 backend, it still does work with B2's S3 compatible api if you put the provider as AWS).