Data integrity checking is what the Java SDS SDK claims to provide by default when either the client can independently calculate the checksum of the object, or add it as the header "Headers.CONTENT_MD5" in the S3 client or if we pass it as null or not installed, the S3 client internally calculates the MD5 checksum on the client itself, which it uses to compare with Etag ((which is nothing more than the MD5 of the created object) obtained from the response to the creation of the object, an error in contacting the client in case of failure integrity OF DATA. Note that in this case the integrity check is performed on the client side rather than on the side of the S3 server, which means that the object will still be created successfully, and the client will need to clear it explicitly.
Therefore, it is recommended that you use a header (where verification takes place at the very end of S3 and is not performed earlier), but since TransferManager uses part loading, the client cannot explicitly set MD5 for a specific part. The transfer manager should take care of calculating the MD5 part and setting the header, but I do not see this happening in the code.
Since we want to use the transfer manager for multiphase downloads, we will need to depend on client-side validation, which is enabled by default. However, there is a warning. When we enable SSE-KMS or SSE-C in an object in S3, this data integrity check is skipped, it seems (as mentioned in one of the comments in the code) that in this case MD5 receives ciphertext from S3, which cannot be verified using MD5, which was computed on the client side.
What should I use to enable data integrity checking with SSE in S3?
Note. Make sure the above understanding is correct.
source share