Module Encryption.Customer_key

type t

SSE-C customer key material rendered as AES256 headers.

Values store only the base64-encoded key and its base64-encoded MD5 digest as required by S3 request headers.

val of_bytes : bytes -> (t, Awskit.Error.t) Stdlib.result

Build an AES256 SSE-C customer key from raw key bytes. The input must be exactly 32 bytes.

val of_bytes_exn : bytes -> t

Like of_bytes, but raises Awskit.Error.Awskit_error carrying the structured validation error on validation failure.

val of_base64 : string -> (t, Awskit.Error.t) Stdlib.result

Build an AES256 SSE-C customer key from a base64-encoded raw key. The decoded input must be exactly 32 bytes. Empty and invalid base64 values are rejected.

val of_base64_exn : string -> t

Like of_base64, but raises Awskit.Error.Awskit_error carrying the structured validation error on validation failure.

val algorithm : t -> string

Return the SSE-C algorithm header value, always "AES256".

val key_base64 : t -> string

Return the base64-encoded raw key.

This value is sensitive; it is exposed so callers can inspect or forward the exact request headers they must send.

val key_md5_base64 : t -> string

Return the base64-encoded MD5 digest of the raw key bytes.