Opened on Oct 7, 2018 at 7:33:28 PM
#10488 closed defect (fixed)
Ignores upload encryption policy when creating a Cryptomator Vault. User unable to create vault in bucket requiring `s3:x-amz-server-side-encryption": "AES256`
Reported by: | a.cyberduc.user | Owned by: | dkocher |
---|---|---|---|
Priority: | normal | Milestone: | 7.1.2 |
Component: | s3 | Version: | 6.8.0 |
Severity: | normal | Keywords: | |
Cc: | Architecture: | ||
Platform: | macOS 10.14 |
Description (last modified by a.cyberduc.user)
Hi there. It took a bit of testing to narrow this one down, but I believe you will be able to reproduce this issue pretty easily.
Me: macOS 10.14 (18A391) Cyberduck 6.7.0 (28613)
The issue:
I have an AWS user with Administrator privileges. This user can create and upload files at will via either the AWS Web UI or CyberDuck. This user is not able to create a new Cryptomator vault, using Cyberduck.
How to reproduce:
- make sure the S3 > Encryption setting is set to SS3-S3 (AES 256) in CyberDuck settings
- create an IAM user with the Administrator policy (specified below)
- create a S3 bucket with the Bucket Policy (also, below)
- configure Cyberduck to connect to the bucket with the user key/secret from step 1
- attempt to create a folder in bucket; this should work
- attempt to create a new encrypted vault; this should fail.
Here's the bucket policy i am using. MY_BUCKET_NAME replaces the actual bucket name.
{ "Version": "2012-10-17", "Id": "force encrypt at rest for date", "Statement": [ { "Sid": "DenyIncorrectEncryptionHeader", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::MY_BUCKET_NAME/*", "Condition": { "StringNotEquals": { "s3:x-amz-server-side-encryption": "AES256" } } }, { "Sid": "DenyUnEncryptedObjectUploads", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::MY_BUCKET_NAME/*", "Condition": { "Null": { "s3:x-amz-server-side-encryption": "true" } } } ] }
Here's the User policy I am using; this is akin to root level access
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "*", "Resource": "*" } ] }
Here's the Log from Cyberduck when connecting to the S3 bookmark with the Admin account detailed above. I am browsing a few directories deep to the location where I would like to create the Cryptomator vault:
GET / HTTP/1.1 Date: Sun, 07 Oct 2018 19:17:08 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: s3.amazonaws.com x-amz-date: 20181007T191708Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: 97ExqV0ZxTT3738rfjrj11aao9WfkncVQHeeplQ+dIjXKi0T7lEld0TMynLnmiivt0GV6ljAwwc= x-amz-request-id: 21444FBD145A6CEF Date: Sun, 07 Oct 2018 19:17:09 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET / HTTP/1.1 Date: Sun, 07 Oct 2018 19:17:08 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: s3.amazonaws.com x-amz-date: 20181007T191708Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: JnA/A9g9exOhYkmcaUXZ9KvSF1KkLqw7yYTjyetrv3R/uONMSF2pC4Hx2HpCXf4N5yDOBXA1no4= x-amz-request-id: 3ECF6D6D85C38D47 Date: Sun, 07 Oct 2018 19:17:09 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET / HTTP/1.1 Date: Sun, 07 Oct 2018 19:17:08 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: s3.amazonaws.com x-amz-date: 20181007T191708Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: VC8tDFXQmPoePQ8mqJGd8HEg8IYT81qEJ/Wbi8yZRfM/r3yAJN1j1XKUe4wXKniFJ53YBjYX8JE= x-amz-request-id: EFC47358A535E5C9 Date: Sun, 07 Oct 2018 19:17:09 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?location HTTP/1.1 Date: Sun, 07 Oct 2018 19:17:09 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T191709Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 400 Bad Request x-amz-request-id: 52BB6CC9CE3AC892 x-amz-id-2: vYqxkFHosnfruN2rgqueimgCRGJa6kbqWujJms4SAWPlKGVLx3zSORRnU/3njjU9xOkmyjD6Wzk= Content-Type: application/xml Transfer-Encoding: chunked Date: Sun, 07 Oct 2018 19:17:08 GMT Connection: close Server: AmazonS3 GET /?location HTTP/1.1 Date: Sun, 07 Oct 2018 19:17:09 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T191709Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: cpVbjy2IVm0bBBpE6f0kBdSd5rZICREAINp4q1h6Xe0KYpRrirdiyuJanbhwCBnebAUDBdwU5ck= x-amz-request-id: 0D441CA5B15F5A06 Date: Sun, 07 Oct 2018 19:17:10 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?versioning HTTP/1.1 Date: Sun, 07 Oct 2018 19:17:39 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T191739Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: NgI8pq3aIfcB8E9J/uYQB7b7s/ShEpN5vCtxqNRVxxknCtY5J/DhlgxYCiHrmLwWhXSy70TOhQ0= x-amz-request-id: 3E745C0AA14E068C Date: Sun, 07 Oct 2018 19:17:40 GMT Transfer-Encoding: chunked Server: AmazonS3 GET /?max-keys=1000&versions&prefix&delimiter=%2F HTTP/1.1 Date: Sun, 07 Oct 2018 19:17:39 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T191739Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: LDOQYBUQ6Sf0upXWEw50XjGajrxBp9P8WhnK06A3rwjYpxQjoonA9/8zBbh1wc2ARpzmJ6nAbB0= x-amz-request-id: 1013309AC1494B4A Date: Sun, 07 Oct 2018 19:17:40 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?uploads HTTP/1.1 Date: Sun, 07 Oct 2018 19:17:39 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T191739Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: 25hm9HLudZxuLsQa7TYRQvudTQ7jfBpyJhdozM7elEa7Z5DSrB2A1nvGTH1DuJgc+7mV0xR3MAg= x-amz-request-id: 8FE7B857AF907F57 Date: Sun, 07 Oct 2018 19:17:40 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?max-keys=1000&versions&prefix=MY_BUCKET_PREFIX%2F&delimiter=%2F HTTP/1.1 Date: Sun, 07 Oct 2018 19:17:42 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T191742Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: EqKTKvsUoGrGyMblZblrP+J1e4Hwyb4D+2ranblNBXpXXGTUTQNMvJMCKe00/P9q2Umiu6ZB3Mk= x-amz-request-id: DE75085D8F1512AC Date: Sun, 07 Oct 2018 19:17:43 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?prefix=MY_BUCKET_PREFIX%2F&uploads HTTP/1.1 Date: Sun, 07 Oct 2018 19:17:42 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T191742Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: Ukr6HK9nJb0XB0Axc/q0FwqvXipt1RA7d7HvR9vneairun8UTBoZI1UiUp2VFL9hDYGCIlA9meA= x-amz-request-id: 7DED0B45902B7187 Date: Sun, 07 Oct 2018 19:17:43 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3
And here's me trying to create a test-folder. This action susceeds.
PUT /MY_BUCKET_PREFIX/test-folder/ HTTP/1.1 Date: Sun, 07 Oct 2018 19:18:54 GMT Expect: 100-continue Content-Type: application/x-directory x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-server-side-encryption: AES256 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T191854Z Authorization: ******** Content-Length: 0 Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: r61qLybeBa7YE1IVtwaTTha5af6zK2NVhQXF/pB1fTJ47VALfz5SK5LTEID8qm7lh9Pom3usfVI= x-amz-request-id: B95A0EB56F13EE9C Date: Sun, 07 Oct 2018 19:18:55 GMT x-amz-server-side-encryption: AES256 ETag: "d41d8cd98f00b204e9800998ecf8427e" Content-Length: 0 Server: AmazonS3 GET /?max-keys=1000&versions&prefix=MY_BUCKET_PREFIX%2F&delimiter=%2F HTTP/1.1 Date: Sun, 07 Oct 2018 19:18:55 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T191855Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: TzzkuOrStHg1L7L/GA7z6ASRbcGTyuDnlgYm4Xn31tQIBZweIGlPNyZDnS1RfC5PZ9e6Zrzy6E4= x-amz-request-id: 8671AE55F534C81C Date: Sun, 07 Oct 2018 19:18:56 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?prefix=MY_BUCKET_PREFIX%2F&uploads HTTP/1.1 Date: Sun, 07 Oct 2018 19:18:55 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T191855Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: cQM2bEUrwyxpDe4/F0Br5I9iCoHVaiKt9uwTIvB6VPioIQO2O58ZRBPuhIDaDq/ScoJNkWtPn/0= x-amz-request-id: B9B127003293E008 Date: Sun, 07 Oct 2018 19:18:56 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3
And here's the log from trying to create a test-vault. I get this error in Cyberduck:
Upload test-vault failed. Access Denied. Please contact your web hosting service provider for assistance.
And here's the connection log. I clicked try again once before clicking cancel:
PUT /MY_BUCKET_PREFIX/test-vault/ HTTP/1.1 Date: Sun, 07 Oct 2018 19:19:38 GMT Expect: 100-continue Content-Type: application/x-directory x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T191938Z Authorization: ******** Content-Length: 0 Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) PUT /MY_BUCKET_PREFIX/test-vault/ HTTP/1.1 Date: Sun, 07 Oct 2018 19:20:18 GMT Expect: 100-continue Content-Type: application/x-directory x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T192018Z Authorization: ******** Content-Length: 0 Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) GET /?max-keys=1000&versions&prefix=MY_BUCKET_PREFIX%2F&delimiter=%2F HTTP/1.1 Date: Sun, 07 Oct 2018 19:20:20 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T192020Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: MkFr74BriPUXzjLVe9jwyyAJ+02odaOLCiUbCGPIYrjiU89rZCZBAwJB157vp462bUVWQo4/l+M= x-amz-request-id: 9A3EBDB60F0255CB Date: Sun, 07 Oct 2018 19:20:21 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?prefix=MY_BUCKET_PREFIX%2F&uploads HTTP/1.1 Date: Sun, 07 Oct 2018 19:20:20 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: MY_BUCKET_NAME.s3.amazonaws.com x-amz-date: 20181007T192020Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.7.0.28613 (Mac OS X/10.14) (x86_64) HTTP/1.1 200 OK x-amz-id-2: IsBWnSdi/uuzk/UNzZWM0iGLOWOv1OPSho2l9fRLb8NOzPuToba253FgK9CibO/ST0Hp3f6MFT4= x-amz-request-id: 76375E460D298CED Date: Sun, 07 Oct 2018 19:20:21 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3
There is nothing particurally useful in console.app even after turning Cyberduck debugging mode on:
default 12:19:28.792415 -0700 Cyberduck 27366555: RECEIVED OUT-OF-SEQUENCE NOTIFICATION: 307 vs 532, 512, <private> default 12:20:09.333915 -0700 Cyberduck 27366555: RECEIVED OUT-OF-SEQUENCE NOTIFICATION: 309 vs 536, 512, <private> default 12:20:15.921380 -0700 Cyberduck 27366555: RECEIVED OUT-OF-SEQUENCE NOTIFICATION: 311 vs 540, 512, <private> default 12:20:22.104317 -0700 Cyberduck Requesting sharingServicesForItems:<private> mask:6 default 12:20:22.104550 -0700 Cyberduck filteredItemsFromItems:<private> [2057]--> <private> default 12:20:22.105861 -0700 Cyberduck Discover <private> default 12:20:22.123759 -0700 Cyberduck discovery complete: 3 plugins default 12:20:22.124437 -0700 Cyberduck Discover done default 12:20:22.124644 -0700 Cyberduck Discover <private> default 12:20:22.144425 -0700 Cyberduck discovery complete: 4 plugins default 12:20:22.144500 -0700 Cyberduck Discover done default 12:20:22.144642 -0700 Cyberduck services: <private> default 12:20:22.145180 -0700 Cyberduck Requesting sharingServicesForItems:<private> mask:6 default 12:20:22.145425 -0700 Cyberduck filteredItemsFromItems:<private> [2057]--> <private> default 12:20:22.145947 -0700 Cyberduck Discover <private> default 12:20:22.153916 -0700 Cyberduck discovery complete: 3 plugins default 12:20:22.154574 -0700 Cyberduck Discover done default 12:20:22.154618 -0700 Cyberduck Discover <private> default 12:20:22.164258 -0700 Cyberduck discovery complete: 4 plugins default 12:20:22.164372 -0700 Cyberduck Discover done default 12:20:22.164552 -0700 Cyberduck services: <private> default 12:20:22.164968 -0700 Cyberduck Requesting sharingServicesForItems:<private> mask:6 default 12:20:22.165115 -0700 Cyberduck filteredItemsFromItems:<private> [2057]--> <private> default 12:20:22.165515 -0700 Cyberduck Discover <private> default 12:20:22.173573 -0700 Cyberduck discovery complete: 3 plugins default 12:20:22.174238 -0700 Cyberduck Discover done default 12:20:22.174298 -0700 Cyberduck Discover <private> default 12:20:22.184411 -0700 Cyberduck discovery complete: 4 plugins default 12:20:22.184491 -0700 Cyberduck Discover done default 12:20:22.184633 -0700 Cyberduck services: <private> default 12:20:22.185144 -0700 Cyberduck Requesting sharingServicesForItems:<private> mask:6 default 12:20:22.185333 -0700 Cyberduck filteredItemsFromItems:<private> [2057]--> <private> default 12:20:22.185877 -0700 Cyberduck Discover <private> default 12:20:22.193870 -0700 Cyberduck discovery complete: 3 plugins default 12:20:22.194551 -0700 Cyberduck Discover done default 12:20:22.194606 -0700 Cyberduck Discover <private> default 12:20:22.205383 -0700 Cyberduck discovery complete: 4 plugins default 12:20:22.205486 -0700 Cyberduck Discover done default 12:20:22.205676 -0700 Cyberduck services: <private>
As soon as i remove the bucket policy, i have no issues creating the vault.
It appears that Cyberduck is ignoring my settings for S3 uploads, under the Encryption heading.
Please let me know what else you need from me in order to reproduce & fix.
Thank you
Change History (11)
comment:1 Changed on Oct 7, 2018 at 7:34:22 PM by a.cyberduc.user
- Description modified (diff)
comment:2 Changed on Oct 7, 2018 at 7:38:56 PM by a.cyberduc.user
- Description modified (diff)
comment:3 Changed on Oct 11, 2018 at 1:40:26 PM by dkocher
- Milestone set to 6.8.1
- Owner set to dkocher
- Status changed from new to assigned
comment:4 Changed on Oct 11, 2018 at 1:40:59 PM by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
comment:5 Changed on Oct 11, 2018 at 1:41:19 PM by dkocher
- Summary changed from Cyberduck ignores S3 upload encryption policy when creating a Cryptomator Vault. User unable to create vault in bucket requiring `s3:x-amz-server-side-encryption": "AES256` to Ignores upload encryption policy when creating a Cryptomator Vault. User unable to create vault in bucket requiring `s3:x-amz-server-side-encryption": "AES256`
comment:6 Changed on Feb 13, 2019 at 7:48:50 PM by a.cyberduc.user
- Resolution fixed deleted
- Status changed from closed to reopened
Hi. This is not solved, yet. When using Cyberduck to create a vault, the encryption header is missing. The expected header is present in PUT requests for ordinary files / folders, though.
I am using version Version 6.9.0 (29768)
Here is a log
## Create a new folder, test-folder - OK PUT /test-folder/ HTTP/1.1 Date: Wed, 13 Feb 2019 19:43:47 GMT Expect: 100-continue Content-Type: application/x-directory x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-server-side-encryption: AES256 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194347Z Authorization: ******** Content-Length: 0 Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: 6iZZwctjRVLnk1+8LhS1M9UGFou2prhH1t5TVM8lwW13my31iETkB9RK6rvWsuVmSThdUPXzddg= x-amz-request-id: 54FC4BD7AF01F90A Date: Wed, 13 Feb 2019 19:43:48 GMT x-amz-server-side-encryption: AES256 ETag: "d41d8cd98f00b204e9800998ecf8427e" Content-Length: 0 Server: AmazonS3 GET /?max-keys=1000&prefix&delimiter=%2F HTTP/1.1 Date: Wed, 13 Feb 2019 19:43:48 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194348Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: Cc2Ve72aMN7GJDwE/0ZPzrv2qTis2J8HmjBU86Cpw4d7rF50oyz/5HpgByJ/XnWI/XLgo+F5Wkc= x-amz-request-id: 7C2914CCF580048D Date: Wed, 13 Feb 2019 19:43:49 GMT x-amz-bucket-region: us-west-1 Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?uploads HTTP/1.1 Date: Wed, 13 Feb 2019 19:43:48 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194348Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: Erk46ThMjSirJfpXjsUEUypOL7zYq8fuuuvI3/VnYIULhFEbGH4L8par0yywfJvP7npBekLt6M4= x-amz-request-id: C975A0C117E61FFB Date: Wed, 13 Feb 2019 19:43:49 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?max-keys=1000&prefix=test-folder%2F&delimiter=%2F HTTP/1.1 Date: Wed, 13 Feb 2019 19:43:49 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194349Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: dtqfpSLacBiZGL0bKpduE9GCsCbhPXE3loKJ9Z0Qs04E8eRRoT/aJ6xLS2fgBFTrgvf1njaoGCM= x-amz-request-id: 4E898610C9B07094 Date: Wed, 13 Feb 2019 19:43:50 GMT x-amz-bucket-region: us-west-1 Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?prefix=test-folder%2F&uploads HTTP/1.1 Date: Wed, 13 Feb 2019 19:43:49 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194349Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: C+bZyDxdzrAYmFu3o9OHZQexvoG3Q6TyqBLBCZxsVoUk4AeqZQ10PIcx+bYFFOibEz0spQb+yvw= x-amz-request-id: C2E06D84FDD32E26 Date: Wed, 13 Feb 2019 19:43:50 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 ## Create a new file in test folder - OK PUT /test-folder/test-file HTTP/1.1 Date: Wed, 13 Feb 2019 19:43:56 GMT Expect: 100-continue Content-Type: application/octet-stream x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-server-side-encryption: AES256 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194356Z Authorization: ******** Content-Length: 0 Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: iDNn60IvqqagnMYEpaqkOGAHpxXLD5voXTfJhi5Y9yvY8hUfYcDZTOQmC3tQ4cXAMbRW4rIz31Q= x-amz-request-id: AF426F1BD32A9446 Date: Wed, 13 Feb 2019 19:43:57 GMT x-amz-server-side-encryption: AES256 ETag: "d41d8cd98f00b204e9800998ecf8427e" Content-Length: 0 Server: AmazonS3 GET /?max-keys=1000&prefix=test-folder%2F&delimiter=%2F HTTP/1.1 Date: Wed, 13 Feb 2019 19:43:56 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194356Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: hNNVi3rW3imRBdKV5C6WNUXVDYBPbWWAlezPxrkfHXDdUCE/OaTgzblh8FwXAeIkg82fN7WbJpE= x-amz-request-id: 90C2B486AE8A5BD3 Date: Wed, 13 Feb 2019 19:43:57 GMT x-amz-bucket-region: us-west-1 Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?prefix=test-folder%2F&uploads HTTP/1.1 Date: Wed, 13 Feb 2019 19:43:56 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194356Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: B41MA4MoqiMTMCxAi4IvOYYssarfAHsKEQSevEnHw7oVOP0SSoXm1aO7GHEUO8C58skB1gt3EkI= x-amz-request-id: BB8A031644C024A1 Date: Wed, 13 Feb 2019 19:43:57 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 ## Create a new vault called test-vault in test folder - OK PUT /test-folder/test-vault/ HTTP/1.1 Date: Wed, 13 Feb 2019 19:44:08 GMT Expect: 100-continue Content-Type: application/x-directory x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-server-side-encryption: AES256 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194408Z Authorization: ******** Content-Length: 0 Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: B6j8C357isrN0vlndXzWSlI6YIaeVsbztzkHhNWas+a2IuE5vseX4hNGYV2RXKLNA19VrFqubxo= x-amz-request-id: 072913ADCA4A3A86 Date: Wed, 13 Feb 2019 19:44:09 GMT x-amz-server-side-encryption: AES256 ETag: "d41d8cd98f00b204e9800998ecf8427e" Content-Length: 0 Server: AmazonS3 ## Attempt to PUT file - fails, as there is no x-amz-server-side-encryption: AES256 header present PUT /test-folder/test-vault/masterkey.cryptomator HTTP/1.1 Date: Wed, 13 Feb 2019 19:44:08 GMT Expect: 100-continue Content-Type: application/octet-stream x-amz-content-sha256: 9708e5c71dc4e777e9122c96a8dc6b57128a42a79f4cea37db272104ff275488 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194408Z Authorization: ******** Content-Length: 327 Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) GET /?max-keys=1000&prefix=test-folder%2F&delimiter=%2F HTTP/1.1 Date: Wed, 13 Feb 2019 19:44:10 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194410Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: 71Hw8puhYHWuT+EOxxPjGyNWcGM8mUtrxO+cdTgpElMub4H6iHupW9e62euvHZSS8tEEUbCzxAU= x-amz-request-id: 92C2863BE11FCD6B Date: Wed, 13 Feb 2019 19:44:11 GMT x-amz-bucket-region: us-west-1 Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?prefix=test-folder%2F&uploads HTTP/1.1 Date: Wed, 13 Feb 2019 19:44:10 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194410Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: 5NFOClAvBd28YWdsOmPVFsi/q3eE6sVSBzjb/9EgTMAlvJYl7i8BdgVtgftO6G0VbcBG/EZgyU8= x-amz-request-id: A8F8B340967412C1 Date: Wed, 13 Feb 2019 19:44:11 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?max-keys=1000&prefix=test-folder%2Ftest-vault%2F&delimiter=%2F HTTP/1.1 Date: Wed, 13 Feb 2019 19:44:13 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194413Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: IsVqsdX1U+99Av/NBPcmCaCSGrHMR2bOPfPgboWdAyrdxKLjkp+KTdL982WDmIF26MLKarUiwiw= x-amz-request-id: F0493B49F46F20B2 Date: Wed, 13 Feb 2019 19:44:14 GMT x-amz-bucket-region: us-west-1 Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3 GET /?prefix=test-folder%2Ftest-vault%2F&uploads HTTP/1.1 Date: Wed, 13 Feb 2019 19:44:14 GMT x-amz-request-payer: requester x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: my-storage-bucket.s3.amazonaws.com x-amz-date: 20190213T194414Z Authorization: ******** Connection: Keep-Alive User-Agent: Cyberduck/6.9.0.29768 (Mac OS X/10.14.3) (x86_64) HTTP/1.1 200 OK x-amz-id-2: AVhhFYoS7TM4HHW5UpiFcSxuHwElf9GqMXxKlRxGWVtx6shU5+ITa8bnf/WI0sTos892yknVkXU= x-amz-request-id: C1B7A6F1D5D0B6A2 Date: Wed, 13 Feb 2019 19:44:15 GMT Content-Type: application/xml Transfer-Encoding: chunked Server: AmazonS3
comment:7 Changed on Feb 14, 2019 at 9:56:50 AM by dkocher
- Milestone changed from 6.8.1 to 6.9.3
- Status changed from reopened to new
Thanks for the detailed log.
comment:8 Changed on Feb 14, 2019 at 10:06:17 AM by dkocher
- Resolution set to fixed
- Status changed from new to closed
Fix in r46357 for missing header when creating masterkey.cryptomator.
comment:9 follow-up: ↓ 11 Changed on Apr 14, 2019 at 3:29:18 PM by a.cyberduc.user
- Resolution fixed deleted
- Status changed from closed to reopened
Still not fixed. The required header is missing from subsequent/sub-directories, still:
Here's the creation of the *root* folder test-vault:
PUT /Takeout/test-vault/ HTTP/1.1 Date: Sun, 14 Apr 2019 15:21:53 GMT Expect: 100-continue Content-Type: application/x-directory x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 x-amz-server-side-encryption: AES256 Host: my-bucket-name-here.s3.amazonaws.com x-amz-date: 20190414T152153Z Authorization: ******** Content-Length: 0 Connection: Keep-Alive User-Agent: Cyberduck/6.9.4.30164 (Mac OS X/10.14.4) (x86_64) HTTP/1.1 200 OK
And here's the /d/ dir that belongs inside the vault folder
PUT /Takeout/test-vault/d/ HTTP/1.1 Date: Sun, 14 Apr 2019 15:21:53 GMT Expect: 100-continue Content-Type: application/x-directory x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Host: my-bucket-name-here.s3.amazonaws.com x-amz-date: 20190414T152153Z Authorization: ******** Content-Length: 0 Connection: Keep-Alive User-Agent: Cyberduck/6.9.4.30164 (Mac OS X/10.14.4) (x86_64) HTTP/1.1 403 Forbidden
The x-amz-server-side-encryption: AES256 header is present on the root folder creation and not present on the sub-folder creation.
comment:10 Changed on Oct 24, 2019 at 10:15:06 AM by dkocher
- Milestone changed from 6.9.3 to 7.1.2
- Status changed from reopened to new
comment:11 in reply to: ↑ 9 Changed on Oct 24, 2019 at 10:16:17 AM by dkocher
- Resolution set to fixed
- Status changed from new to closed
Replying to a.cyberduc.user:
Still not fixed. The required header is missing from subsequent/sub-directories, still:
In r47950.
In r45238.