Error on AWS S3 SSE-C

jpg · December 15, 2024, 10:40am

What is the problem you are having with rclone?

error occur using aws s3 sse-c ~~with crypt~~

Run the command 'rclone version' and share the full output of the command.

rclone v1.68.2

os/version: Microsoft Windows 10 Pro 22H2 (64 bit)
os/kernel: 10.0.19045.5131 (x86_64)
os/type: windows
os/arch: amd64
go/version: go1.23.3
go/linking: static
go/tags: cmount

Which cloud storage system are you using? (eg Google Drive)

AWS S3 ~~with crypt~~

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone682 copy pssuspend64.exe encs3deep: --s3-sse-customer-algorithm AES256 --s3-sse-customer-key-base64 "DJnr1wZUQPqFUiJaPMTwAavTRUunHcEIV3wbtRTjtYk=" -vv

Please run 'rclone config redacted' and share the full output. If you get command not found, please make sure to update rclone.

[encs3deep]
type = crypt
remote = s3deep:ckubackup/enc
password = XXX
password2 = XXX

[s3deep]
type = s3
provider = AWS
access_key_id = XXX
secret_access_key = XXX
region = us-east-1
server_side_encryption = AES256
storage_class = DEEP_ARCHIVE

A log from the command that you were trying to run with the `-vv` flag

2024/12/15 19:31:40 DEBUG : rclone: Version "v1.68.2" starting with parameters ["rclone682" "copy" "pssuspend64.exe" "encs3deep:" "--s3-sse-customer-algorithm" "AES256" "--s3-sse-customer-key-base64" "DJnr1wZUQPqFUiJaPMTwAavTRUunHcEIV3wbtRTjtYk=" "-vv"]
2024/12/15 19:31:40 DEBUG : Creating backend with remote "pssuspend64.exe"
Enter configuration password:
password:
2024/12/15 19:31:46 DEBUG : Using config file from "C:\\Users\\user\\AppData\\Roaming\\rclone\\rclone.conf"
2024/12/15 19:31:46 DEBUG : fs cache: adding new entry for parent of "pssuspend64.exe", "//?/C:/Users/user/Downloads/rclone"
2024/12/15 19:31:46 DEBUG : Creating backend with remote "encs3deep:"
2024/12/15 19:31:46 DEBUG : Creating backend with remote "s3deep:ckubackup/enc"
2024/12/15 19:31:46 DEBUG : s3deep: detected overridden config - adding "{FcClh}" suffix to name
2024/12/15 19:31:47 DEBUG : fs cache: renaming cache item "s3deep:ckubackup/enc" to be canonical "s3deep{FcClh}:ckubackup/enc"
2024/12/15 19:31:47 DEBUG : pssuspend64.exe: Need to transfer - File not found at Destination
2024/12/15 19:31:47 INFO  : S3 bucket ckubackup path enc: Bucket "ckubackup" created with ACL ""
2024/12/15 19:31:47 DEBUG : pssuspend64.exe: Computing md5 hash of encrypted source
2024/12/15 19:31:49 ERROR : pssuspend64.exe: Failed to copy: operation error S3: PutObject, https response error StatusCode: 400, RequestID: , HostID: , api error InvalidArgument: Server Side Encryption with Customer provided key is incompatible with the encryption method specified
2024/12/15 19:31:49 ERROR : Attempt 1/3 failed with 1 errors and: operation error S3: PutObject, https response error StatusCode: 400, RequestID: , HostID: , api error InvalidArgument: Server Side Encryption with Customer provided key is incompatible with the encryption method specified
2024/12/15 19:31:49 DEBUG : pssuspend64.exe: Need to transfer - File not found at Destination
2024/12/15 19:31:49 DEBUG : pssuspend64.exe: Computing md5 hash of encrypted source
2024/12/15 19:31:50 ERROR : pssuspend64.exe: Failed to copy: operation error S3: PutObject, https response error StatusCode: 400, RequestID: , HostID: , api error InvalidArgument: Server Side Encryption with Customer provided key is incompatible with the encryption method specified
2024/12/15 19:31:50 ERROR : Attempt 2/3 failed with 1 errors and: operation error S3: PutObject, https response error StatusCode: 400, RequestID: , HostID: , api error InvalidArgument: Server Side Encryption with Customer provided key is incompatible with the encryption method specified
2024/12/15 19:31:51 DEBUG : pssuspend64.exe: Need to transfer - File not found at Destination
2024/12/15 19:31:51 DEBUG : pssuspend64.exe: Computing md5 hash of encrypted source
2024/12/15 19:31:52 ERROR : pssuspend64.exe: Failed to copy: operation error S3: PutObject, https response error StatusCode: 400, RequestID: , HostID:, api error InvalidArgument: Server Side Encryption with Customer provided key is incompatible with the encryption method specified
2024/12/15 19:31:52 ERROR : Attempt 3/3 failed with 1 errors and: operation error S3: PutObject, https response error StatusCode: 400, RequestID: , HostID: , api error InvalidArgument: Server Side Encryption with Customer provided key is incompatible with the encryption method specified
2024/12/15 19:31:52 INFO  :
Transferred:        1.374 MiB / 1.374 MiB, 100%, 281.423 KiB/s, ETA 0s
Errors:                 1 (retrying may help)
Elapsed time:        12.6s

2024/12/15 19:31:52 DEBUG : 3 go routines active
2024/12/15 19:31:52 NOTICE: Failed to copy: operation error S3: PutObject, https response error StatusCode: 400, RequestID: , HostID:, api error InvalidArgument: Server Side Encryption with Customer provided key is incompatible with the encryption method specified

jpg · December 15, 2024, 11:16am

I tried directly upload it to s3, Still error. Seems crypt is not related

kapitainsky · December 15, 2024, 12:57pm

How it is supposed to work when you do not provide any key?

kapitainsky · December 15, 2024, 1:22pm

Problem is that you provide both sse and request server side managed keys.

Remove server_side_encryption = AES256 from your config and it should work.

jpg · December 15, 2024, 1:35pm

nice! it works thanks!

kapitainsky · December 15, 2024, 1:36pm

Glad it works:) Initially I got confused myself as have not read carefully your command.

kapitainsky · December 15, 2024, 1:44pm

BTW

Below will work:

but for S3 I would add:

filename-encoding = base64

It will allow longer filenames to be encrypted vs default base32.

With base32 data size (file name length in this case) is increased by 60% vs 33% for base64.

system · December 18, 2024, 1:44pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.