By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post
/What is S3 object etag in fips enabled AWS S3 endpoints, Are they MD5SUM?/

What is S3 object etag in fips enabled AWS S3 endpoints, Are they MD5SUM?

1

When we enable FIPS, client side libs disables MD5SUM. This page lists condition in which etag is md5sum. My question is in case of FIPS S3 endpoints, what is Etag, is it md5sum ? how client can understand if it is something else (like sha)

Topics
StorageServerlessFront-End Web & MobileNetworking & Content Delivery
Tags
Amazon Simple Storage ServiceAmazon API Gateway
AWS-User-6882354
asked a month ago7 views
1 Answers
0

Hello,

The entity tag is a hash of the object. The ETag reflects changes only to the contents of an object, not its metadata. The ETag may or may not be an MD5 digest of the object data. Whether or not it is depends on how the object was created and how it is encrypted as described below:

Objects created by the PUT Object, POST Object, or Copy operation, or through the AWS Management Console, and are encrypted by SSE-S3 or plaintext, have ETags that are an MD5 digest of their object data.

Objects created by the PUT Object, POST Object, or Copy operation, or through the AWS Management Console, and are encrypted by SSE-C or SSE-KMS, have ETags that are not an MD5 digest of their object data.

If an object is created by either the Multipart Upload or Part Copy operation, the ETag is not an MD5 digest, regardless of the method of encryption. If an object is larger than 16 MB, the AWS Management Console will upload or copy that object as a Multipart Upload, and therefore the ETag will not be an MD5 digest.

I hope this answers your question.

SUPPORT ENGINEER
Ajinkya B-AWS
answered a month ago
  • AWS-User-6882354 a month ago

    This is just description of etag from link, My question is in case of FIPS, MD5SUM algo is not allowed in openssl. FIPS dont let you use md5sum. it gives error "Error setting digest 139996545238848:error:060800C8:digital envelope routines:EVP_DigestInit_ex:disabled for FIPS:crypto/evp/digest.c:135:"

    Now if md5sum is not allowed, How aws FIPS endpoint uses MD5SUM in FIPS enabled server/clients? Is that etag md5sum in fips enabled endpoints ?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant questions