Incorrectly assumes ETag and MD5 are equivalent #10371
Comments
What makes you think that we make this false assumption? |
See the attached screenshots. Cyberduck displays a warning saying there is a mismatch. I also calculate the MD5 of the file via the command line and am attaching a screenshot of the ETag shown in the S3 console. |
Milestone renamed |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Cyberduck assumes that the ETag returned by S3 is equivalent to the MD5 checksum of the file's content. This is not a valid assumption. The ETag will only be the MD5 of the object data when the object is stored as plaintext or encrypted using SSE-S3. If the object is encrypted using another method (such as SSE-C or SSE-KMS) the ETag is not the MD5 of the object data. If the object was created via a multipart upload, the ETag is not the MD5 of the object data.
Attachments
Screen Shot 2018-06-25 at 11.25.58 AM.png(101.2 KiB)Screen Shot 2018-06-25 at 11.26.54 AM.png(26.0 KiB)Screen Shot 2018-06-25 at 11.27.23 AM.png(16.8 KiB)The text was updated successfully, but these errors were encountered: