How does R2 encrypt data

Hello, I have been unable to find whether and how precisely R2 encrypts data. I found out that GetBucketEncryption function returns AES256 which is aligned with the change-log ( ); however, I have not been able to find it anywhere written officially and it also does not mention which mode of operation of AES is used.

We were intentionally vague because we weren’t sure we’d settle on it at first, but it’s AES-GCM. Some earlier files are AES-CBC+HMAC encrypted. Obviously we don’t buffer the entire file in memory and we support random seeks so it’s probably not encrypted quite the way you’re thinking. Hopefully at some point we’ll get some blog posts diving into the technical design.

I’m curious if you can elaborate why the specific mode is important, since it’s overall a very small part of the encryption story and the mode doesn’t tell you much.

:eyes: ​​​​

Thank you for the answer.

Well, ultimately I aim to make our application (that uses R2) compliant with some policies. At this point I’m not entirely familiar with the exact requirements, so I was just trying to gather as many details as possible.

That being said, do you know about some official statement saying that R2 does encrypt data (ideally with mentioning AES)?

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.