Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Incorrectly assumes ETag and MD5 are equivalent #10371

Closed
cyberduck opened this issue Jun 20, 2018 · 4 comments
Closed

Incorrectly assumes ETag and MD5 are equivalent #10371

cyberduck opened this issue Jun 20, 2018 · 4 comments

Comments

@cyberduck
Copy link
Collaborator

@cyberduck cyberduck commented Jun 20, 2018

48ab3a7 created the issue

Cyberduck assumes that the ETag returned by S3 is equivalent to the MD5 checksum of the file's content. This is not a valid assumption. The ETag will only be the MD5 of the object data when the object is stored as plaintext or encrypted using SSE-S3. If the object is encrypted using another method (such as SSE-C or SSE-KMS) the ETag is not the MD5 of the object data. If the object was created via a multipart upload, the ETag is not the MD5 of the object data.


Attachments

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jun 25, 2018

@dkocher commented

What makes you think that we make this false assumption?

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jun 25, 2018

48ab3a7 commented

See the attached screenshots. Cyberduck displays a warning saying there is a mismatch. I also calculate the MD5 of the file via the command line and am attaching a screenshot of the ETag shown in the S3 console.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jun 26, 2018

@dkocher commented

In 75c0595. Revised fix in 3727bd2 retaining checksum check for files not encrypted with SSE-KMS. For multipart uploads we will fail parsing the ETag as it has a suffix appended to the MD5.

Loading

@cyberduck cyberduck closed this Jun 26, 2018
@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jul 6, 2018

@dkocher commented

Milestone renamed

Loading

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants