Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

large file missing key ID #422

Closed
titus8 opened this issue Sep 19, 2023 · 10 comments · Fixed by #423
Closed

large file missing key ID #422

titus8 opened this issue Sep 19, 2023 · 10 comments · Fixed by #423

Comments

@titus8
Copy link

titus8 commented Sep 19, 2023
edited
Loading

In b2sdk-1.24.0/doc/source/server_side_encryption.rst:

In applications requiring enhanced security, using unique key per file is a good strategy. b2sdk follows a convention,
that makes managing such keys easier: EncryptionSetting holds a key identifier, aside from the key itself. This key
identifier is saved in the metadata of all files uploaded, created or copied via b2sdk methods using SSE-C,
under sse_c_key_id in fileInfo. This allows developers to create key managers that map those ids to keys, stored
securely in a file or a database.

However, I’m seeing a problem with some files that B2 designates as large, and that are encrypted with SSE-C. The key ID is missing from file_info

{'src_last_modified_millis': '1645044242000', 'large_file_sha1': '8013b77a3b3f5327c88524bcd3ff20fb79affc42'}

and from the encryption setting

<EncryptionSetting(EncryptionMode.SSE_C, EncryptionAlgorithm.AES256, <EncryptionKey(None, None)>)>

Am I missing something here, or is this a bug?

Thanks in advance for your advice. In the meantime, I will investigate further.
@titus8
Copy link
Author

titus8 commented Sep 20, 2023

Here are two additional observations.

  1. All, not some, of the files that B2 designates as large have key_id None
  2. All of these files can be decrypted correctly if the correct key is supplied.

@ppolewicz
Copy link
Collaborator

The response you are getting from the upload call is based on the response of the server which does not send us the key back, therefore the key value of the response is None, which means "unknown".

sse_c_key_id not being saved in large files sounds like a bug. Will look into it!

@titus8
Copy link
Author

titus8 commented Sep 21, 2023

Excellent, thank you.

@titus8
Copy link
Author

titus8 commented Sep 21, 2023
edited
Loading

For b2sdk.v2.AbstractSyncEncryptionSettingsProvider.get_source_setting_for_copy(),
source_file_version.server_side_encryption.key.key_id must also be set correctly.

The same applies to the file_version argument to b2sdk.v2.AbstractSyncEncryptionSettingsProvider.get_setting_for_download().

Thanks.

This was referenced Sep 26, 2023
Merged
Closed
@titus8
Copy link
Author

titus8 commented Sep 27, 2023

With b2sdk-1.24.1,I still see the issue. In my encryption settings provider, a direct subclass of b2sdk.v2.AbstractSyncEncryptionSettingsProvider, get_setting_for_download() is still getting None for file_version.server_side_encryption.key.key_id, and the key sse_c_key_id is not present in file_version.file_info.

@jsuchan-reef
Copy link
Collaborator

@titus8 I cant replicate it. Can you please provide steps how to reproduce it? Thanks.

@titus8
Copy link
Author

titus8 commented Sep 28, 2023

I will provide code later today.

@titus8
Copy link
Author

titus8 commented Sep 28, 2023

Did the fix in b2sdk-1.24.1 fix an issue with key_id missing from a large file upload?

I re-encrypted my large files, and the problem is gone.

@jsuchan-reef
Copy link
Collaborator

Did the fix in b2sdk-1.24.1 fix an issue with key_id missing from a large file upload?

yes

@titus8
Copy link
Author

titus8 commented Sep 29, 2023 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@ppolewicz @titus8 @mjurbanski-reef @jsuchan-reef