Cyberduck Mountain Duck CLI

Opened on Oct 7, 2018 at 7:33:28 PM

Closed on Oct 24, 2019 at 10:16:17 AM

#10488 closed defect (fixed)

Ignores upload encryption policy when creating a Cryptomator Vault. User unable to create vault in bucket requiring `s3:x-amz-server-side-encryption": "AES256`

Reported by: a.cyberduc.user Owned by: dkocher
Priority: normal Milestone: 7.1.2
Component: s3 Version: 6.8.0
Severity: normal Keywords:
Cc: Architecture:
Platform: macOS 10.14

Description (last modified by a.cyberduc.user)

Hi there. It took a bit of testing to narrow this one down, but I believe you will be able to reproduce this issue pretty easily.

Me: macOS 10.14 (18A391) Cyberduck 6.7.0 (28613)

The issue:

I have an AWS user with Administrator privileges. This user can create and upload files at will via either the AWS Web UI or CyberDuck. This user is not able to create a new Cryptomator vault, using Cyberduck.

How to reproduce:

  1. make sure the S3 > Encryption setting is set to SS3-S3 (AES 256) in CyberDuck settings
  2. create an IAM user with the Administrator policy (specified below)
  3. create a S3 bucket with the Bucket Policy (also, below)
  4. configure Cyberduck to connect to the bucket with the user key/secret from step 1
  5. attempt to create a folder in bucket; this should work
  6. attempt to create a new encrypted vault; this should fail.

Here's the bucket policy i am using. MY_BUCKET_NAME replaces the actual bucket name. 

{
    "Version": "2012-10-17",
    "Id": "force encrypt at rest for date",
    "Statement": [
        {
            "Sid": "DenyIncorrectEncryptionHeader",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::MY_BUCKET_NAME/*",
            "Condition": {
                "StringNotEquals": {
                    "s3:x-amz-server-side-encryption": "AES256"
                }
            }
        },
        {
            "Sid": "DenyUnEncryptedObjectUploads",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::MY_BUCKET_NAME/*",
            "Condition": {
                "Null": {
                    "s3:x-amz-server-side-encryption": "true"
                }
            }
        }
    ]
}

Here's the User policy I am using; this is akin to root level access 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "*",
            "Resource": "*"
        }
    ]
}

Here's the Log from Cyberduck when connecting to the S3 bookmark with the Admin account detailed above. I am browsing a few directories deep to the location where I would like to create the Cryptomator vault: 

GET / HTTP/1.1
Date: Sun, 07 Oct 2018 19:17:08 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: s3.amazonaws.com
x-amz-date: 20181007T191708Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: 97ExqV0ZxTT3738rfjrj11aao9WfkncVQHeeplQ+dIjXKi0T7lEld0TMynLnmiivt0GV6ljAwwc=
x-amz-request-id: 21444FBD145A6CEF
Date: Sun, 07 Oct 2018 19:17:09 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3
GET / HTTP/1.1
Date: Sun, 07 Oct 2018 19:17:08 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: s3.amazonaws.com
x-amz-date: 20181007T191708Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: JnA/A9g9exOhYkmcaUXZ9KvSF1KkLqw7yYTjyetrv3R/uONMSF2pC4Hx2HpCXf4N5yDOBXA1no4=
x-amz-request-id: 3ECF6D6D85C38D47
Date: Sun, 07 Oct 2018 19:17:09 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3
GET / HTTP/1.1
Date: Sun, 07 Oct 2018 19:17:08 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: s3.amazonaws.com
x-amz-date: 20181007T191708Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: VC8tDFXQmPoePQ8mqJGd8HEg8IYT81qEJ/Wbi8yZRfM/r3yAJN1j1XKUe4wXKniFJ53YBjYX8JE=
x-amz-request-id: EFC47358A535E5C9
Date: Sun, 07 Oct 2018 19:17:09 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3
GET /?location HTTP/1.1
Date: Sun, 07 Oct 2018 19:17:09 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T191709Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 400 Bad Request
x-amz-request-id: 52BB6CC9CE3AC892
x-amz-id-2: vYqxkFHosnfruN2rgqueimgCRGJa6kbqWujJms4SAWPlKGVLx3zSORRnU/3njjU9xOkmyjD6Wzk=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Sun, 07 Oct 2018 19:17:08 GMT
Connection: close
Server: AmazonS3
GET /?location HTTP/1.1
Date: Sun, 07 Oct 2018 19:17:09 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T191709Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: cpVbjy2IVm0bBBpE6f0kBdSd5rZICREAINp4q1h6Xe0KYpRrirdiyuJanbhwCBnebAUDBdwU5ck=
x-amz-request-id: 0D441CA5B15F5A06
Date: Sun, 07 Oct 2018 19:17:10 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3
GET /?versioning HTTP/1.1
Date: Sun, 07 Oct 2018 19:17:39 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T191739Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: NgI8pq3aIfcB8E9J/uYQB7b7s/ShEpN5vCtxqNRVxxknCtY5J/DhlgxYCiHrmLwWhXSy70TOhQ0=
x-amz-request-id: 3E745C0AA14E068C
Date: Sun, 07 Oct 2018 19:17:40 GMT
Transfer-Encoding: chunked
Server: AmazonS3
GET /?max-keys=1000&versions&prefix&delimiter=%2F HTTP/1.1
Date: Sun, 07 Oct 2018 19:17:39 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T191739Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: LDOQYBUQ6Sf0upXWEw50XjGajrxBp9P8WhnK06A3rwjYpxQjoonA9/8zBbh1wc2ARpzmJ6nAbB0=
x-amz-request-id: 1013309AC1494B4A
Date: Sun, 07 Oct 2018 19:17:40 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3
GET /?uploads HTTP/1.1
Date: Sun, 07 Oct 2018 19:17:39 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T191739Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: 25hm9HLudZxuLsQa7TYRQvudTQ7jfBpyJhdozM7elEa7Z5DSrB2A1nvGTH1DuJgc+7mV0xR3MAg=
x-amz-request-id: 8FE7B857AF907F57
Date: Sun, 07 Oct 2018 19:17:40 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3
GET /?max-keys=1000&versions&prefix=MY_BUCKET_PREFIX%2F&delimiter=%2F HTTP/1.1
Date: Sun, 07 Oct 2018 19:17:42 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T191742Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: EqKTKvsUoGrGyMblZblrP+J1e4Hwyb4D+2ranblNBXpXXGTUTQNMvJMCKe00/P9q2Umiu6ZB3Mk=
x-amz-request-id: DE75085D8F1512AC
Date: Sun, 07 Oct 2018 19:17:43 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3
GET /?prefix=MY_BUCKET_PREFIX%2F&uploads HTTP/1.1
Date: Sun, 07 Oct 2018 19:17:42 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T191742Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: Ukr6HK9nJb0XB0Axc/q0FwqvXipt1RA7d7HvR9vneairun8UTBoZI1UiUp2VFL9hDYGCIlA9meA=
x-amz-request-id: 7DED0B45902B7187
Date: Sun, 07 Oct 2018 19:17:43 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3

And here's me trying to create a test-folder. This action susceeds. 

PUT /MY_BUCKET_PREFIX/test-folder/ HTTP/1.1
Date: Sun, 07 Oct 2018 19:18:54 GMT
Expect: 100-continue
Content-Type: application/x-directory
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-server-side-encryption: AES256
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T191854Z
Authorization: ********
Content-Length: 0
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: r61qLybeBa7YE1IVtwaTTha5af6zK2NVhQXF/pB1fTJ47VALfz5SK5LTEID8qm7lh9Pom3usfVI=
x-amz-request-id: B95A0EB56F13EE9C
Date: Sun, 07 Oct 2018 19:18:55 GMT
x-amz-server-side-encryption: AES256
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Content-Length: 0
Server: AmazonS3
GET /?max-keys=1000&versions&prefix=MY_BUCKET_PREFIX%2F&delimiter=%2F HTTP/1.1
Date: Sun, 07 Oct 2018 19:18:55 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T191855Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: TzzkuOrStHg1L7L/GA7z6ASRbcGTyuDnlgYm4Xn31tQIBZweIGlPNyZDnS1RfC5PZ9e6Zrzy6E4=
x-amz-request-id: 8671AE55F534C81C
Date: Sun, 07 Oct 2018 19:18:56 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3
GET /?prefix=MY_BUCKET_PREFIX%2F&uploads HTTP/1.1
Date: Sun, 07 Oct 2018 19:18:55 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T191855Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: cQM2bEUrwyxpDe4/F0Br5I9iCoHVaiKt9uwTIvB6VPioIQO2O58ZRBPuhIDaDq/ScoJNkWtPn/0=
x-amz-request-id: B9B127003293E008
Date: Sun, 07 Oct 2018 19:18:56 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3

And here's the log from trying to create a test-vault. I get this error in Cyberduck: 

Upload test-vault failed.
Access Denied. Please contact your web hosting service provider for assistance.

And here's the connection log. I clicked try again once before clicking cancel: 

PUT /MY_BUCKET_PREFIX/test-vault/ HTTP/1.1
Date: Sun, 07 Oct 2018 19:19:38 GMT
Expect: 100-continue
Content-Type: application/x-directory
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T191938Z
Authorization: ********
Content-Length: 0
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
PUT /MY_BUCKET_PREFIX/test-vault/ HTTP/1.1
Date: Sun, 07 Oct 2018 19:20:18 GMT
Expect: 100-continue
Content-Type: application/x-directory
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T192018Z
Authorization: ********
Content-Length: 0
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
GET /?max-keys=1000&versions&prefix=MY_BUCKET_PREFIX%2F&delimiter=%2F HTTP/1.1
Date: Sun, 07 Oct 2018 19:20:20 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T192020Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: MkFr74BriPUXzjLVe9jwyyAJ+02odaOLCiUbCGPIYrjiU89rZCZBAwJB157vp462bUVWQo4/l+M=
x-amz-request-id: 9A3EBDB60F0255CB
Date: Sun, 07 Oct 2018 19:20:21 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3
GET /?prefix=MY_BUCKET_PREFIX%2F&uploads HTTP/1.1
Date: Sun, 07 Oct 2018 19:20:20 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: MY_BUCKET_NAME.s3.amazonaws.com
x-amz-date: 20181007T192020Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: IsBWnSdi/uuzk/UNzZWM0iGLOWOv1OPSho2l9fRLb8NOzPuToba253FgK9CibO/ST0Hp3f6MFT4=
x-amz-request-id: 76375E460D298CED
Date: Sun, 07 Oct 2018 19:20:21 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3

There is nothing particurally useful in console.app even after turning Cyberduck debugging mode on: 

default	12:19:28.792415 -0700	Cyberduck	27366555: RECEIVED OUT-OF-SEQUENCE NOTIFICATION: 307 vs 532, 512, <private>
default	12:20:09.333915 -0700	Cyberduck	27366555: RECEIVED OUT-OF-SEQUENCE NOTIFICATION: 309 vs 536, 512, <private>
default	12:20:15.921380 -0700	Cyberduck	27366555: RECEIVED OUT-OF-SEQUENCE NOTIFICATION: 311 vs 540, 512, <private>
default	12:20:22.104317 -0700	Cyberduck	Requesting sharingServicesForItems:<private> mask:6
default	12:20:22.104550 -0700	Cyberduck	filteredItemsFromItems:<private> [2057]--> <private>
default	12:20:22.105861 -0700	Cyberduck	Discover <private>
default	12:20:22.123759 -0700	Cyberduck	discovery complete: 3 plugins
default	12:20:22.124437 -0700	Cyberduck	Discover done
default	12:20:22.124644 -0700	Cyberduck	Discover <private>
default	12:20:22.144425 -0700	Cyberduck	discovery complete: 4 plugins
default	12:20:22.144500 -0700	Cyberduck	Discover done
default	12:20:22.144642 -0700	Cyberduck	services: <private>
default	12:20:22.145180 -0700	Cyberduck	Requesting sharingServicesForItems:<private> mask:6
default	12:20:22.145425 -0700	Cyberduck	filteredItemsFromItems:<private> [2057]--> <private>
default	12:20:22.145947 -0700	Cyberduck	Discover <private>
default	12:20:22.153916 -0700	Cyberduck	discovery complete: 3 plugins
default	12:20:22.154574 -0700	Cyberduck	Discover done
default	12:20:22.154618 -0700	Cyberduck	Discover <private>
default	12:20:22.164258 -0700	Cyberduck	discovery complete: 4 plugins
default	12:20:22.164372 -0700	Cyberduck	Discover done
default	12:20:22.164552 -0700	Cyberduck	services: <private>
default	12:20:22.164968 -0700	Cyberduck	Requesting sharingServicesForItems:<private> mask:6
default	12:20:22.165115 -0700	Cyberduck	filteredItemsFromItems:<private> [2057]--> <private>
default	12:20:22.165515 -0700	Cyberduck	Discover <private>
default	12:20:22.173573 -0700	Cyberduck	discovery complete: 3 plugins
default	12:20:22.174238 -0700	Cyberduck	Discover done
default	12:20:22.174298 -0700	Cyberduck	Discover <private>
default	12:20:22.184411 -0700	Cyberduck	discovery complete: 4 plugins
default	12:20:22.184491 -0700	Cyberduck	Discover done
default	12:20:22.184633 -0700	Cyberduck	services: <private>
default	12:20:22.185144 -0700	Cyberduck	Requesting sharingServicesForItems:<private> mask:6
default	12:20:22.185333 -0700	Cyberduck	filteredItemsFromItems:<private> [2057]--> <private>
default	12:20:22.185877 -0700	Cyberduck	Discover <private>
default	12:20:22.193870 -0700	Cyberduck	discovery complete: 3 plugins
default	12:20:22.194551 -0700	Cyberduck	Discover done
default	12:20:22.194606 -0700	Cyberduck	Discover <private>
default	12:20:22.205383 -0700	Cyberduck	discovery complete: 4 plugins
default	12:20:22.205486 -0700	Cyberduck	Discover done
default	12:20:22.205676 -0700	Cyberduck	services: <private>

As soon as i remove the bucket policy, i have no issues creating the vault.

It appears that Cyberduck is ignoring my settings for S3 uploads, under the Encryption heading.

Please let me know what else you need from me in order to reproduce & fix.

Thank you

Change History (11)

comment:1 Changed on Oct 7, 2018 at 7:34:22 PM by a.cyberduc.user

  • Description modified (diff)

comment:2 Changed on Oct 7, 2018 at 7:38:56 PM by a.cyberduc.user

  • Description modified (diff)

comment:3 Changed on Oct 11, 2018 at 1:40:26 PM by dkocher

  • Milestone set to 6.8.1
  • Owner set to dkocher
  • Status changed from new to assigned

comment:4 Changed on Oct 11, 2018 at 1:40:59 PM by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

In r45238.

comment:5 Changed on Oct 11, 2018 at 1:41:19 PM by dkocher

  • Summary changed from Cyberduck ignores S3 upload encryption policy when creating a Cryptomator Vault. User unable to create vault in bucket requiring `s3:x-amz-server-side-encryption": "AES256` to Ignores upload encryption policy when creating a Cryptomator Vault. User unable to create vault in bucket requiring `s3:x-amz-server-side-encryption": "AES256`

comment:6 Changed on Feb 13, 2019 at 7:48:50 PM by a.cyberduc.user

  • Resolution fixed deleted
  • Status changed from closed to reopened

Hi. This is not solved, yet. When using Cyberduck to create a vault, the encryption header is missing. The expected header is present in PUT requests for ordinary files / folders, though.

I am using version Version 6.9.0 (29768)

Here is a log 

## Create a new folder, test-folder - OK

PUT /test-folder/ HTTP/1.1
Date: Wed, 13 Feb 2019 19:43:47 GMT
Expect: 100-continue
Content-Type: application/x-directory
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-server-side-encryption: AES256
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194347Z
Authorization: ********
Content-Length: 0
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: 6iZZwctjRVLnk1+8LhS1M9UGFou2prhH1t5TVM8lwW13my31iETkB9RK6rvWsuVmSThdUPXzddg=
x-amz-request-id: 54FC4BD7AF01F90A
Date: Wed, 13 Feb 2019 19:43:48 GMT
x-amz-server-side-encryption: AES256
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Content-Length: 0
Server: AmazonS3


GET /?max-keys=1000&prefix&delimiter=%2F HTTP/1.1
Date: Wed, 13 Feb 2019 19:43:48 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194348Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: Cc2Ve72aMN7GJDwE/0ZPzrv2qTis2J8HmjBU86Cpw4d7rF50oyz/5HpgByJ/XnWI/XLgo+F5Wkc=
x-amz-request-id: 7C2914CCF580048D
Date: Wed, 13 Feb 2019 19:43:49 GMT
x-amz-bucket-region: us-west-1
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3


GET /?uploads HTTP/1.1
Date: Wed, 13 Feb 2019 19:43:48 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194348Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: Erk46ThMjSirJfpXjsUEUypOL7zYq8fuuuvI3/VnYIULhFEbGH4L8par0yywfJvP7npBekLt6M4=
x-amz-request-id: C975A0C117E61FFB
Date: Wed, 13 Feb 2019 19:43:49 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3


GET /?max-keys=1000&prefix=test-folder%2F&delimiter=%2F HTTP/1.1
Date: Wed, 13 Feb 2019 19:43:49 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194349Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: dtqfpSLacBiZGL0bKpduE9GCsCbhPXE3loKJ9Z0Qs04E8eRRoT/aJ6xLS2fgBFTrgvf1njaoGCM=
x-amz-request-id: 4E898610C9B07094
Date: Wed, 13 Feb 2019 19:43:50 GMT
x-amz-bucket-region: us-west-1
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3


GET /?prefix=test-folder%2F&uploads HTTP/1.1
Date: Wed, 13 Feb 2019 19:43:49 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194349Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: C+bZyDxdzrAYmFu3o9OHZQexvoG3Q6TyqBLBCZxsVoUk4AeqZQ10PIcx+bYFFOibEz0spQb+yvw=
x-amz-request-id: C2E06D84FDD32E26
Date: Wed, 13 Feb 2019 19:43:50 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3

## Create a new file in test folder - OK
PUT /test-folder/test-file HTTP/1.1
Date: Wed, 13 Feb 2019 19:43:56 GMT
Expect: 100-continue
Content-Type: application/octet-stream
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-server-side-encryption: AES256
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194356Z
Authorization: ********
Content-Length: 0
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: iDNn60IvqqagnMYEpaqkOGAHpxXLD5voXTfJhi5Y9yvY8hUfYcDZTOQmC3tQ4cXAMbRW4rIz31Q=
x-amz-request-id: AF426F1BD32A9446
Date: Wed, 13 Feb 2019 19:43:57 GMT
x-amz-server-side-encryption: AES256
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Content-Length: 0
Server: AmazonS3


GET /?max-keys=1000&prefix=test-folder%2F&delimiter=%2F HTTP/1.1
Date: Wed, 13 Feb 2019 19:43:56 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194356Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: hNNVi3rW3imRBdKV5C6WNUXVDYBPbWWAlezPxrkfHXDdUCE/OaTgzblh8FwXAeIkg82fN7WbJpE=
x-amz-request-id: 90C2B486AE8A5BD3
Date: Wed, 13 Feb 2019 19:43:57 GMT
x-amz-bucket-region: us-west-1
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3


GET /?prefix=test-folder%2F&uploads HTTP/1.1
Date: Wed, 13 Feb 2019 19:43:56 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194356Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: B41MA4MoqiMTMCxAi4IvOYYssarfAHsKEQSevEnHw7oVOP0SSoXm1aO7GHEUO8C58skB1gt3EkI=
x-amz-request-id: BB8A031644C024A1
Date: Wed, 13 Feb 2019 19:43:57 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3

## Create a new vault called test-vault in test folder - OK
PUT /test-folder/test-vault/ HTTP/1.1
Date: Wed, 13 Feb 2019 19:44:08 GMT
Expect: 100-continue
Content-Type: application/x-directory
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-server-side-encryption: AES256
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194408Z
Authorization: ********
Content-Length: 0
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: B6j8C357isrN0vlndXzWSlI6YIaeVsbztzkHhNWas+a2IuE5vseX4hNGYV2RXKLNA19VrFqubxo=
x-amz-request-id: 072913ADCA4A3A86
Date: Wed, 13 Feb 2019 19:44:09 GMT
x-amz-server-side-encryption: AES256
ETag: "d41d8cd98f00b204e9800998ecf8427e"
Content-Length: 0
Server: AmazonS3

## Attempt to PUT file - fails, as there is no x-amz-server-side-encryption: AES256 header present
PUT /test-folder/test-vault/masterkey.cryptomator HTTP/1.1
Date: Wed, 13 Feb 2019 19:44:08 GMT
Expect: 100-continue
Content-Type: application/octet-stream
x-amz-content-sha256: 9708e5c71dc4e777e9122c96a8dc6b57128a42a79f4cea37db272104ff275488
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194408Z
Authorization: ********
Content-Length: 327
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)


GET /?max-keys=1000&prefix=test-folder%2F&delimiter=%2F HTTP/1.1
Date: Wed, 13 Feb 2019 19:44:10 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194410Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: 71Hw8puhYHWuT+EOxxPjGyNWcGM8mUtrxO+cdTgpElMub4H6iHupW9e62euvHZSS8tEEUbCzxAU=
x-amz-request-id: 92C2863BE11FCD6B
Date: Wed, 13 Feb 2019 19:44:11 GMT
x-amz-bucket-region: us-west-1
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3


GET /?prefix=test-folder%2F&uploads HTTP/1.1
Date: Wed, 13 Feb 2019 19:44:10 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194410Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: 5NFOClAvBd28YWdsOmPVFsi/q3eE6sVSBzjb/9EgTMAlvJYl7i8BdgVtgftO6G0VbcBG/EZgyU8=
x-amz-request-id: A8F8B340967412C1
Date: Wed, 13 Feb 2019 19:44:11 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3


GET /?max-keys=1000&prefix=test-folder%2Ftest-vault%2F&delimiter=%2F HTTP/1.1
Date: Wed, 13 Feb 2019 19:44:13 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194413Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: IsVqsdX1U+99Av/NBPcmCaCSGrHMR2bOPfPgboWdAyrdxKLjkp+KTdL982WDmIF26MLKarUiwiw=
x-amz-request-id: F0493B49F46F20B2
Date: Wed, 13 Feb 2019 19:44:14 GMT
x-amz-bucket-region: us-west-1
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3


GET /?prefix=test-folder%2Ftest-vault%2F&uploads HTTP/1.1
Date: Wed, 13 Feb 2019 19:44:14 GMT
x-amz-request-payer: requester
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: my-storage-bucket.s3.amazonaws.com
x-amz-date: 20190213T194414Z
Authorization: ********
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64)
HTTP/1.1 200 OK
x-amz-id-2: AVhhFYoS7TM4HHW5UpiFcSxuHwElf9GqMXxKlRxGWVtx6shU5+ITa8bnf/WI0sTos892yknVkXU=
x-amz-request-id: C1B7A6F1D5D0B6A2
Date: Wed, 13 Feb 2019 19:44:15 GMT
Content-Type: application/xml
Transfer-Encoding: chunked
Server: AmazonS3

comment:7 Changed on Feb 14, 2019 at 9:56:50 AM by dkocher

  • Milestone changed from 6.8.1 to 6.9.3
  • Status changed from reopened to new

Thanks for the detailed log.

comment:8 Changed on Feb 14, 2019 at 10:06:17 AM by dkocher

  • Resolution set to fixed
  • Status changed from new to closed

Fix in r46357 for missing header when creating masterkey.cryptomator.

comment:9 follow-up: Changed on Apr 14, 2019 at 3:29:18 PM by a.cyberduc.user

  • Resolution fixed deleted
  • Status changed from closed to reopened

Still not fixed. The required header is missing from subsequent/sub-directories, still:

Here's the creation of the *root* folder test-vault: 

PUT /Takeout/test-vault/ HTTP/1.1
Date: Sun, 14 Apr 2019 15:21:53 GMT
Expect: 100-continue
Content-Type: application/x-directory
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
x-amz-server-side-encryption: AES256
Host: my-bucket-name-here.s3.amazonaws.com
x-amz-date: 20190414T152153Z
Authorization: ********
Content-Length: 0
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.4.30164 (Mac OS X/10.14.4) (x86_64)
HTTP/1.1 200 OK

And here's the /d/ dir that belongs inside the vault folder 

PUT /Takeout/test-vault/d/ HTTP/1.1
Date: Sun, 14 Apr 2019 15:21:53 GMT
Expect: 100-continue
Content-Type: application/x-directory
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Host: my-bucket-name-here.s3.amazonaws.com
x-amz-date: 20190414T152153Z
Authorization: ********
Content-Length: 0
Connection: Keep-Alive
User-Agent: Cyberduck/6.9.4.30164 (Mac OS X/10.14.4) (x86_64)
HTTP/1.1 403 Forbidden

The x-amz-server-side-encryption: AES256 header is present on the root folder creation and not present on the sub-folder creation.

Version 0, edited on Apr 14, 2019 at 3:29:18 PM by a.cyberduc.user (next)

comment:10 Changed on Oct 24, 2019 at 10:15:06 AM by dkocher

  • Milestone changed from 6.9.3 to 7.1.2
  • Status changed from reopened to new

comment:11 in reply to: ↑ 9 Changed on Oct 24, 2019 at 10:16:17 AM by dkocher

  • Resolution set to fixed
  • Status changed from new to closed

Replying to a.cyberduc.user:

Still not fixed. The required header is missing from subsequent/sub-directories, still:

In r47950.

Note: See TracTickets for help on using tickets.
swiss made software