Release Notes and Announcements
- Release Notes
- Announcements
Product Introduction
Billing
- Billing Overview
- Billing Method
- Billable Items
- Free Tier
- Billing Examples
- Viewing and Downloading Bill
- Payment Overdue
- FAQs
Getting Started
- Console
- Getting Started with COSBrowser
User Guide
- Creating Request
- Bucket
- Object
- Data Management
- Batch Operation
- Global Acceleration
- Monitoring and Alarms
- Operations Center
- Data Processing
- Content Moderation
- Smart Toolbox
- Data Processing Workflow
- Application Integration
User Tools
- Tool Overview
- Installation and Configuration of Environment
- COSBrowser
- COSCLI (Beta)
- COSCMD
- COS Migration
- FTP Server
- Hadoop
- COSDistCp
- HDFS TO COS
- GooseFS-Lite Tool
- Online Tools
- Diagnostic Tool
Use Cases
- Overview
- Access Control and Permission Management
- Performance Optimization
- Accessing COS with AWS S3 SDK
- Data Disaster Recovery and Backup
- Domain Name Management Practice
- Image Processing
- Audio/Video Practices
- Workflow
- Direct Data Upload
- Content Moderation
- Data Security
- Data Verification
- Big Data Practice
- COS Cost Optimization Solutions
- Using COS in the Third-party Applications
Migration Guide
Data Lake Storage
- Cloud Native Datalake Storage
- Metadata Accelerator
- GooseFS
Data Processing
- Data Processing Overview
- Image Processing
- Media Processing
- Content Moderation
- File Processing Service
- File Preview
Troubleshooting
- Obtaining RequestId
- Slow Upload over Public Network
- 403 Error for COS Access
- Resource Access Error
- POST Object Common Exceptions
API Documentation
- Introduction
- Common Request Headers
- Common Response Headers
- Error Codes
- Request Signature
- Action List
- Service APIs
- Bucket APIs
- Object APIs
- Batch Operation APIs
- Data Processing APIs
- Job and Workflow
- Content Moderation APIs
- Cloud Antivirus API
SDK Documentation
- SDK Overview
- Preparations
- Android SDK
- C SDK
- C++ SDK
- .NET(C#) SDK
- Flutter SDK
- Go SDK
- iOS SDK
- Java SDK
- JavaScript SDK
- Node.js SDK
- PHP SDK
- Python SDK
- React Native SDK
- Mini Program SDK
- Harmony SDK
- Endpoint SDK Quality Optimization
- Error Codes
Security and Compliance
- Data Disaster Recovery
- Data Security
- Cloud Access Management
FAQs
- Popular Questions
- General
- Billing
- Domain Name Compliance Issues
- Bucket Configuration
- Domain Names and CDN
- Object Operations
- Logging and Monitoring
- Permission Management
- Data Processing
- Data Security
- Pre-signed URL Issues
- SDKs
- Tools
- APIs
Agreements
Contact Us
Glossary

Server-Side Encryption

Download

Modo Foco

Tamanho da Fonte

Última atualização: 2026-05-15 15:29:47

Introduction
This document provides information on how to enable server-side encryption when objects are uploaded. Server-side encryption keys are classified into three types:
COS-managed encryption keys
KMS-managed encryption keys
Customer-provided encryption keys
Related Examples
Feature Name
Description
Example code
Server-Side Encryption
Provides the feature to enable server-side encryption when objects are uploaded.
Complete GitHub Example
Preliminary Preparation
Before you start, you must first create a TransferManager instance. Before creating a TransferManager instance, you need to create a CosXmlService instance. For detailed code, see Creating CosXmlService.
// Initialize TransferConfig. The default configuration is used here. If you need to customize it, see the SDK API documentation.
// By default, files larger than or equal to 2 MB are automatically uploaded in parts, with a part size of -1 MB. You can modify the part size threshold using the following code.
TransferConfig transferConfig = new TransferConfig.Builder()
        // Set the minimum object size to enable multipart upload. The default is 2 MB.
        .setDivisionForUpload(2097152)
        // Set the part size for multipart upload. The default is 1 MB.
        .setSliceSizeForUpload(1048576)
        // Set whether to force simple upload and disable multipart upload.
        .setForceSimpleUpload(false)
        .build();
// Initialize TransferManager
TransferManager transferManager = new TransferManager(cosXmlService,
        transferConfig);
Use Case
Protecting Data with Server-Side Encryption Using COS-Managed Keys (SSE-COS)
Tencent Cloud COS hosts the master keys and manages the data. COS automatically encrypts your data when it is written to the data center and decrypts it when you access the data. Currently, AES-256 encryption is supported for data using the COS master key.
PutObjectRequest putObjectRequest = new PutObjectRequest(bucket, cosPath, srcPath);
// Configure server-side encryption (SSE-COS) using COS-managed encryption keys to protect data.
putObjectRequest.setCOSServerSideEncryption();
﻿
// Upload documents.
COSXMLUploadTask cosxmlUploadTask = transferManager.upload(putObjectRequest, uploadId);
Protecting Data with Server-Side Encryption Using KMS-Managed Keys (SSE-KMS)
SSE-KMS encryption is server-side encryption that uses KMS-managed keys. KMS is a security management service launched by Tencent Cloud. It uses third-party-certified Hardware security modules (HSMs) to generate and protect keys. KMS helps users easily create and manage keys, meeting their multi-application and multi-business key management needs as well as regulatory and compliance requirements. For information on how to activate the KMS service, see Server-Side Encryption Overview.
// Server-side encryption keys
String customKey = "Customer Master Key (CMK)";
String encryptContext = "Encryption Context";
PutObjectRequest putObjectRequest = new PutObjectRequest(bucket, cosPath, srcPath);
﻿
// Configure server-side encryption (SSE-KMS) using a customer-provided Customer Master Key (CMK) to protect data.
try {
    putObjectRequest.setCOSServerSideEncryptionWithKMS(customKey, encryptContext);
} catch (CosXmlClientException e) {
    e.printStackTrace();
}
// Upload documents.
COSXMLUploadTask cosxmlUploadTask = transferManager.upload(putObjectRequest, uploadId);
Protecting Data with Server-Side Encryption Using Customer-Provided Keys (SSE-C)
The encryption keys are provided by the user. When a user uploads an object, COS uses the user-provided encryption key to encrypt the user's data with AES-256.
Note:
The service running this encryption requires HTTPS requests.
The user must provide a 32-byte string as the key. Combinations of numbers, letters, and characters are supported, while Chinese characters are not.
If a file is uploaded with key encryption, you must include the same key in the request when you use GET (download) or HEAD (query) operations on the source object to receive a normal response.
// Server-side encryption keys
String customKey = "Server-side encryption key";
PutObjectRequest putObjectRequest = new PutObjectRequest(bucket, cosPath, srcPath);
// Configure server-side encryption (SSE-C) using a customer-provided encryption key to protect data.
try {
    putObjectRequest.setCOSServerSideEncryptionWithCustomerKey(customKey);
} catch (CosXmlClientException e) {
    e.printStackTrace();
}
﻿
// Upload documents.
COSXMLUploadTask cosxmlUploadTask = transferManager.upload(putObjectRequest, uploadId);
SDK API Reference
For detailed parameters and method descriptions of all SDK interfaces, see SDK API.

Ajuda e Suporte

Esta página foi útil?

Você também pode entrar em contato com a Equipe de vendas ou Enviar um tíquete em caso de ajuda.

comentários

tencent cloud

Cloud Object Storage

Server-Side Encryption

Introduction

Related Examples

Preliminary Preparation

Use Case

Protecting Data with Server-Side Encryption Using COS-Managed Keys (SSE-COS)

Protecting Data with Server-Side Encryption Using KMS-Managed Keys (SSE-KMS)

Protecting Data with Server-Side Encryption Using Customer-Provided Keys (SSE-C)

SDK API Reference

Ajuda e Suporte

Feature Name	Description	Example code
Server-Side Encryption	Provides the feature to enable server-side encryption when objects are uploaded.	Complete GitHub Example