S3cmd can encrypt your data while uploading to DreamObjects. To use this functionality, you must first configure your .s3cfg file as shown in this article:

• Installing S3cmd

Configuring your .s3cfg file

Open the file in your user's directory.

[server]$ nano ~/.s3cfg

Add the following lines so you can use encryption.  Make sure to create your own password for gpg_passphrase:

check_ssl_certificate = True
check_ssl_hostname = True
gpg_command = /usr/bin/gpg
gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_passphrase = yourpassword

Your configuration is now set up to encrypt data.

Encrypting data while uploading

To encrypt your data while uploading, use the -e flag. In the following example, bucket-name is the name of the bucket you're uploading content in to. textfile.txt is the name of the single file you're uploading:

[server]$  s3cmd -e put testfile.txt s3://bucket-name

upload: '/tmp/tmpfile-zFGwbLHMVEINdHh3615n' -> 's3://bucket-name/testfile.txt'  [1 of 1]
 63 of 63   100% in    0s   129.96 B/s  done

To confirm it is encrypted, navigate to the DreamObjects page. Click the View Objects button under your username. A prompt opens for you to view objects in your bucket.

Click the object, copy the URL, and then paste it into a browser.

You'll see the data in the file is encrypted.

Decrypting a file

When you use s3cmd to download an encrypted file, it's automatically decrypted for you:

[server]$ s3cmd get s3://bucket-name/encrypted-file.txt
download: 's3://bucket-name/encrypted-file.txt' -> './encrypted-file.txt'  [1 of 1]
 70 of 70   100% in    0s   323.19 B/s  done

If you read the contents of the file, you'll see it's no longer encrypted:

[server]$ cat encrypted-file.txt
Testing a file

You can manually set an expiration date for a file to be accessed. To do this, you must first convert the date into a Unix Epoch timestamp.

1. Decide on the date you wish to allow the URL to be signed/accessed until.
2. Visit Epoch Converter to convert your date to an Epoch Timestamp. It will look like a string of numbers. For example: 1540232086
3. Run the following command to sign the URL until this timestamp. (Make sure to change the bucket name and file name to your actual information.)

   [server]$ s3cmd signurl s3://my_bucket/my_file.png 1540232086
   http://my-bucket.objects-us-east-1.dream.io/my_file.png?AWSAccessKeyId=DHDPTCQ3WFGHPSS5FAXG&Expires=1540232086&Signature=9nf8f9kG%2FqDa76rmET4R%2FpbtaGM%3D

4. This outputs the signed URL. You can now share this URL so anyone can access that file until the date you have specified.

You can also sign it for 1 week using this format:

[server]$ s3cmd signurl s3://my_bucket/my_file.png $(echo "`date +%s` + 3600 * 24 * 7" | bc)

Did this article answer your questions?