S3 API: Add SSE-C (#7143)

* implement sse-c * fix Content-Range * adding tests * Update s3_sse_c_test.go * copy sse-c objects * adding tests * refactor * multi reader * remove extra write header call * refactor * SSE-C encrypted objects do not support HTTP Range requests * robust * fix server starts * Update Makefile * Update Makefile * ci: remove SSE-C integration tests and workflows; delete test/s3/encryption/ * s3: SSE-C MD5 must be base64 (case-sensitive); fix validation, comparisons, metadata storage; update tests * minor * base64 * Update SSE-C_IMPLEMENTATION.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Update weed/s3api/s3api_object_handlers.go Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Update SSE-C_IMPLEMENTATION.md Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * address comments * fix test * fix compilation --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2 months ago · 2714b70955
12 changed files with 1265 additions and 21 deletions
--- a/.github/workflows/s3-go-tests.yml
+++ b/.github/workflows/s3-go-tests.yml
@ -409,4 +409,6 @@ jobs:
        with:
          name: s3-versioning-stress-logs
          path: test/s3/versioning/weed-test*.log
-          retention-days: 7 
+          retention-days: 7
+
+  # Removed SSE-C integration tests and compatibility job
--- a/.gitignore
+++ b/.gitignore
@ -116,3 +116,4 @@ test/s3/versioning/weed-test.log
 docker/agent_pub_record
 docker/admin_integration/weed-local
 /seaweedfs-rdma-sidecar/bin
+/test/s3/encryption/filerldb2
--- a/SSE-C_IMPLEMENTATION.md
+++ b/SSE-C_IMPLEMENTATION.md
@ -0,0 +1,169 @@
+# Server-Side Encryption with Customer-Provided Keys (SSE-C) Implementation
+
+This document describes the implementation of SSE-C support in SeaweedFS, addressing the feature request from [GitHub Discussion #5361](https://github.com/seaweedfs/seaweedfs/discussions/5361).
+
+## Overview
+
+SSE-C allows clients to provide their own encryption keys for server-side encryption of objects stored in SeaweedFS. The server encrypts the data using the customer-provided AES-256 key but does not store the key itself - only an MD5 hash of the key for validation purposes.
+
+## Implementation Details
+
+### Architecture
+
+The SSE-C implementation follows a transparent encryption/decryption pattern:
+
+1. **Upload (PUT/POST)**: Data is encrypted with the customer key before being stored
+2. **Download (GET/HEAD)**: Encrypted data is decrypted on-the-fly using the customer key
+3. **Metadata Storage**: Only the encryption algorithm and key MD5 are stored as metadata
+
+### Key Components
+
+#### 1. Constants and Headers (`weed/s3api/s3_constants/header.go`)
+- Added AWS-compatible SSE-C header constants
+- Support for both regular and copy-source SSE-C headers
+
+#### 2. Core SSE-C Logic (`weed/s3api/s3_sse_c.go`)
+- **SSECustomerKey**: Structure to hold customer encryption key and metadata
+- **SSECEncryptedReader**: Streaming encryption with AES-256-CTR mode
+- **SSECDecryptedReader**: Streaming decryption with IV extraction
+- **validateAndParseSSECHeaders**: Shared validation logic (DRY principle)
+- **ParseSSECHeaders**: Parse regular SSE-C headers
+- **ParseSSECCopySourceHeaders**: Parse copy-source SSE-C headers
+- Header validation and parsing functions
+- Metadata extraction and response handling
+
+#### 3. Error Handling (`weed/s3api/s3err/s3api_errors.go`)
+- New error codes for SSE-C validation failures
+- AWS-compatible error messages and HTTP status codes
+
+#### 4. S3 API Integration
+- **PUT Object Handler**: Encrypts data streams transparently
+- **GET Object Handler**: Decrypts data streams transparently  
+- **HEAD Object Handler**: Validates keys and returns appropriate headers
+- **Metadata Storage**: Integrates with existing `SaveAmzMetaData` function
+
+### Encryption Scheme
+
+- **Algorithm**: AES-256-CTR (Counter mode)
+- **Key Size**: 256 bits (32 bytes)
+- **IV Generation**: Random 16-byte IV per object
+- **Storage Format**: `[IV][EncryptedData]` where IV is prepended to encrypted content
+
+### Metadata Storage
+
+SSE-C metadata is stored in the filer's extended attributes:
+```
+x-amz-server-side-encryption-customer-algorithm: "AES256"
+x-amz-server-side-encryption-customer-key-md5: "<md5-hash-of-key>"
+```
+
+## API Compatibility
+
+### Required Headers for Encryption (PUT/POST)
+```
+x-amz-server-side-encryption-customer-algorithm: AES256
+x-amz-server-side-encryption-customer-key: <base64-encoded-256-bit-key>
+x-amz-server-side-encryption-customer-key-md5: <md5-hash-of-key>
+```
+
+### Required Headers for Decryption (GET/HEAD)
+Same headers as encryption - the server validates the key MD5 matches.
+
+### Copy Operations
+Support for copy-source SSE-C headers:
+```
+x-amz-copy-source-server-side-encryption-customer-algorithm
+x-amz-copy-source-server-side-encryption-customer-key  
+x-amz-copy-source-server-side-encryption-customer-key-md5
+```
+
+## Error Handling
+
+The implementation provides AWS-compatible error responses:
+
+- **InvalidEncryptionAlgorithmError**: Non-AES256 algorithm specified
+- **InvalidArgument**: Invalid key format, size, or MD5 mismatch
+- **Missing customer key**: Object encrypted but no key provided
+- **Unnecessary customer key**: Object not encrypted but key provided
+
+## Security Considerations
+
+1. **Key Management**: Customer keys are never stored - only MD5 hashes for validation
+2. **IV Randomness**: Fresh random IV generated for each object
+3. **Transparent Security**: Volume servers never see unencrypted data
+4. **Key Validation**: Strict validation of key format, size, and MD5
+
+## Testing
+
+Comprehensive test suite covers:
+- Header validation and parsing (regular and copy-source)
+- Encryption/decryption round-trip
+- Error condition handling  
+- Metadata extraction
+- Code reuse validation (DRY principle)
+- AWS S3 compatibility
+
+Run tests with:
+```bash
+go test -v ./weed/s3api
+
+## Usage Example
+
+### Upload with SSE-C
+```bash
+# Generate a 256-bit key
+KEY=$(openssl rand -base64 32)
+KEY_MD5=$(echo -n "$KEY" | base64 -d | openssl dgst -md5 -binary | base64)
+
+# Upload object with SSE-C
+curl -X PUT "http://localhost:8333/bucket/object" \
+  -H "x-amz-server-side-encryption-customer-algorithm: AES256" \
+  -H "x-amz-server-side-encryption-customer-key: $KEY" \
+  -H "x-amz-server-side-encryption-customer-key-md5: $KEY_MD5" \
+  --data-binary @file.txt
+```
+
+### Download with SSE-C
+```bash
+# Download object with SSE-C (same key required)
+curl "http://localhost:8333/bucket/object" \
+  -H "x-amz-server-side-encryption-customer-algorithm: AES256" \
+  -H "x-amz-server-side-encryption-customer-key: $KEY" \
+  -H "x-amz-server-side-encryption-customer-key-md5: $KEY_MD5"
+```
+
+## Integration Points
+
+### Existing SeaweedFS Features
+- **Filer Metadata**: Extends existing metadata storage
+- **Volume Servers**: No changes required - store encrypted data transparently
+- **S3 API**: Integrates seamlessly with existing handlers
+- **Versioning**: Compatible with object versioning
+- **Multipart Upload**: Ready for multipart upload integration
+
+### Future Enhancements
+- **SSE-S3**: Server-managed encryption keys
+- **SSE-KMS**: External key management service integration
+- **Performance Optimization**: Hardware acceleration for encryption
+- **Compliance**: Enhanced audit logging for encrypted objects
+
+## File Changes Summary
+
+1. **`weed/s3api/s3_constants/header.go`** - Added SSE-C header constants
+2. **`weed/s3api/s3_sse_c.go`** - Core SSE-C implementation (NEW)
+3. **`weed/s3api/s3_sse_c_test.go`** - Comprehensive test suite (NEW)
+4. **`weed/s3api/s3err/s3api_errors.go`** - Added SSE-C error codes
+5. **`weed/s3api/s3api_object_handlers.go`** - GET/HEAD with SSE-C support
+6. **`weed/s3api/s3api_object_handlers_put.go`** - PUT with SSE-C support
+7. **`weed/server/filer_server_handlers_write_autochunk.go`** - Metadata storage
+
+## Compliance
+
+This implementation follows the [AWS S3 SSE-C specification](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html) for maximum compatibility with existing S3 clients and tools.
+
+## Performance Impact
+
+- **Encryption Overhead**: Minimal CPU impact with efficient AES-CTR streaming
+- **Memory Usage**: Constant memory usage via streaming encryption/decryption
+- **Storage Overhead**: 16 bytes per object for IV storage
+- **Network**: No additional network overhead
--- a/weed/s3api/s3_constants/header.go
+++ b/weed/s3api/s3_constants/header.go
@ -64,6 +64,17 @@ const (
 	AmzCopySourceIfUnmodifiedSince = "X-Amz-Copy-Source-If-Unmodified-Since"

 	AmzMpPartsCount = "X-Amz-Mp-Parts-Count"
+
+	// S3 Server-Side Encryption with Customer-provided Keys (SSE-C)
+	AmzServerSideEncryptionCustomerAlgorithm = "X-Amz-Server-Side-Encryption-Customer-Algorithm"
+	AmzServerSideEncryptionCustomerKey       = "X-Amz-Server-Side-Encryption-Customer-Key"
+	AmzServerSideEncryptionCustomerKeyMD5    = "X-Amz-Server-Side-Encryption-Customer-Key-MD5"
+	AmzServerSideEncryptionContext           = "X-Amz-Server-Side-Encryption-Context"
+
+	// S3 SSE-C copy source headers
+	AmzCopySourceServerSideEncryptionCustomerAlgorithm = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm"
+	AmzCopySourceServerSideEncryptionCustomerKey       = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key"
+	AmzCopySourceServerSideEncryptionCustomerKeyMD5    = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-MD5"
 )

 // Non-Standard S3 HTTP request constants
--- a/weed/s3api/s3_sse_c.go
+++ b/weed/s3api/s3_sse_c.go
@ -0,0 +1,275 @@
+package s3api
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/md5"
+	"crypto/rand"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+
+	"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
+	"github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
+)
+
+const (
+	// SSE-C constants
+	SSECustomerAlgorithmAES256 = "AES256"
+	SSECustomerKeySize         = 32 // 256 bits
+	AESBlockSize               = 16 // AES block size in bytes
+)
+
+// SSE-C related errors
+var (
+	ErrInvalidRequest             = errors.New("invalid request")
+	ErrInvalidEncryptionAlgorithm = errors.New("invalid encryption algorithm")
+	ErrInvalidEncryptionKey       = errors.New("invalid encryption key")
+	ErrSSECustomerKeyMD5Mismatch  = errors.New("customer key MD5 mismatch")
+	ErrSSECustomerKeyMissing      = errors.New("customer key missing")
+	ErrSSECustomerKeyNotNeeded    = errors.New("customer key not needed")
+)
+
+// SSECustomerKey represents a customer-provided encryption key for SSE-C
+type SSECustomerKey struct {
+	Algorithm string
+	Key       []byte
+	KeyMD5    string
+}
+
+// SSECDecryptedReader wraps an io.Reader to provide SSE-C decryption
+type SSECDecryptedReader struct {
+	reader      io.Reader
+	cipher      cipher.Stream
+	customerKey *SSECustomerKey
+	first       bool
+}
+
+// IsSSECRequest checks if the request contains SSE-C headers
+func IsSSECRequest(r *http.Request) bool {
+	return r.Header.Get(s3_constants.AmzServerSideEncryptionCustomerAlgorithm) != ""
+}
+
+// validateAndParseSSECHeaders does the core validation and parsing logic
+func validateAndParseSSECHeaders(algorithm, key, keyMD5 string) (*SSECustomerKey, error) {
+	if algorithm == "" && key == "" && keyMD5 == "" {
+		return nil, nil // No SSE-C headers
+	}
+
+	if algorithm == "" || key == "" || keyMD5 == "" {
+		return nil, ErrInvalidRequest
+	}
+
+	if algorithm != SSECustomerAlgorithmAES256 {
+		return nil, ErrInvalidEncryptionAlgorithm
+	}
+
+	// Decode and validate key
+	keyBytes, err := base64.StdEncoding.DecodeString(key)
+	if err != nil {
+		return nil, ErrInvalidEncryptionKey
+	}
+
+	if len(keyBytes) != SSECustomerKeySize {
+		return nil, ErrInvalidEncryptionKey
+	}
+
+	// Validate key MD5 (base64-encoded MD5 of the raw key bytes; case-sensitive)
+	sum := md5.Sum(keyBytes)
+	expectedMD5 := base64.StdEncoding.EncodeToString(sum[:])
+	if keyMD5 != expectedMD5 {
+		return nil, ErrSSECustomerKeyMD5Mismatch
+	}
+
+	return &SSECustomerKey{
+		Algorithm: algorithm,
+		Key:       keyBytes,
+		KeyMD5:    keyMD5,
+	}, nil
+}
+
+// ValidateSSECHeaders validates SSE-C headers in the request
+func ValidateSSECHeaders(r *http.Request) error {
+	algorithm := r.Header.Get(s3_constants.AmzServerSideEncryptionCustomerAlgorithm)
+	key := r.Header.Get(s3_constants.AmzServerSideEncryptionCustomerKey)
+	keyMD5 := r.Header.Get(s3_constants.AmzServerSideEncryptionCustomerKeyMD5)
+
+	_, err := validateAndParseSSECHeaders(algorithm, key, keyMD5)
+	return err
+}
+
+// ParseSSECHeaders parses and validates SSE-C headers from the request
+func ParseSSECHeaders(r *http.Request) (*SSECustomerKey, error) {
+	algorithm := r.Header.Get(s3_constants.AmzServerSideEncryptionCustomerAlgorithm)
+	key := r.Header.Get(s3_constants.AmzServerSideEncryptionCustomerKey)
+	keyMD5 := r.Header.Get(s3_constants.AmzServerSideEncryptionCustomerKeyMD5)
+
+	return validateAndParseSSECHeaders(algorithm, key, keyMD5)
+}
+
+// ParseSSECCopySourceHeaders parses and validates SSE-C copy source headers from the request
+func ParseSSECCopySourceHeaders(r *http.Request) (*SSECustomerKey, error) {
+	algorithm := r.Header.Get(s3_constants.AmzCopySourceServerSideEncryptionCustomerAlgorithm)
+	key := r.Header.Get(s3_constants.AmzCopySourceServerSideEncryptionCustomerKey)
+	keyMD5 := r.Header.Get(s3_constants.AmzCopySourceServerSideEncryptionCustomerKeyMD5)
+
+	return validateAndParseSSECHeaders(algorithm, key, keyMD5)
+}
+
+// CreateSSECEncryptedReader creates a new encrypted reader for SSE-C
+func CreateSSECEncryptedReader(r io.Reader, customerKey *SSECustomerKey) (io.Reader, error) {
+	if customerKey == nil {
+		return r, nil
+	}
+
+	// Create AES cipher
+	block, err := aes.NewCipher(customerKey.Key)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create AES cipher: %v", err)
+	}
+
+	// Generate random IV
+	iv := make([]byte, AESBlockSize)
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		return nil, fmt.Errorf("failed to generate IV: %v", err)
+	}
+
+	// Create CTR mode cipher
+	stream := cipher.NewCTR(block, iv)
+
+	// The encrypted stream is the IV (initialization vector) followed by the encrypted data.
+	// The IV is randomly generated for each encryption operation and must be unique and unpredictable.
+	// This is critical for the security of AES-CTR mode: reusing an IV with the same key breaks confidentiality.
+	// By prepending the IV to the ciphertext, the decryptor can extract the IV to initialize the cipher.
+	// Note: AES-CTR provides confidentiality only; use an additional MAC if integrity is required.
+	// We model this with an io.MultiReader (IV first) and a cipher.StreamReader (encrypted payload).
+	return io.MultiReader(bytes.NewReader(iv), &cipher.StreamReader{S: stream, R: r}), nil
+}
+
+// CreateSSECDecryptedReader creates a new decrypted reader for SSE-C
+func CreateSSECDecryptedReader(r io.Reader, customerKey *SSECustomerKey) (io.Reader, error) {
+	if customerKey == nil {
+		return r, nil
+	}
+
+	return &SSECDecryptedReader{
+		reader:      r,
+		customerKey: customerKey,
+		cipher:      nil, // Will be initialized when we read the IV
+		first:       true,
+	}, nil
+}
+
+// Read implements io.Reader for SSECDecryptedReader
+func (r *SSECDecryptedReader) Read(p []byte) (n int, err error) {
+	if r.first {
+		// First read: extract IV and initialize cipher
+		r.first = false
+		iv := make([]byte, AESBlockSize)
+
+		// Read IV from the beginning of the data
+		_, err = io.ReadFull(r.reader, iv)
+		if err != nil {
+			return 0, fmt.Errorf("failed to read IV: %v", err)
+		}
+
+		// Create cipher with the extracted IV
+		block, err := aes.NewCipher(r.customerKey.Key)
+		if err != nil {
+			return 0, fmt.Errorf("failed to create AES cipher: %v", err)
+		}
+		r.cipher = cipher.NewCTR(block, iv)
+	}
+
+	// Decrypt data
+	n, err = r.reader.Read(p)
+	if n > 0 {
+		r.cipher.XORKeyStream(p[:n], p[:n])
+	}
+	return n, err
+}
+
+// GetSourceSSECInfo extracts SSE-C information from source object metadata
+func GetSourceSSECInfo(metadata map[string][]byte) (algorithm string, keyMD5 string, isEncrypted bool) {
+	if alg, exists := metadata[s3_constants.AmzServerSideEncryptionCustomerAlgorithm]; exists {
+		algorithm = string(alg)
+	}
+	if md5, exists := metadata[s3_constants.AmzServerSideEncryptionCustomerKeyMD5]; exists {
+		keyMD5 = string(md5)
+	}
+	isEncrypted = algorithm != "" && keyMD5 != ""
+	return
+}
+
+// CanDirectCopySSEC determines if we can directly copy chunks without decrypt/re-encrypt
+func CanDirectCopySSEC(srcMetadata map[string][]byte, copySourceKey *SSECustomerKey, destKey *SSECustomerKey) bool {
+	_, srcKeyMD5, srcEncrypted := GetSourceSSECInfo(srcMetadata)
+
+	// Case 1: Source unencrypted, destination unencrypted -> Direct copy
+	if !srcEncrypted && destKey == nil {
+		return true
+	}
+
+	// Case 2: Source encrypted, same key for decryption and destination -> Direct copy
+	if srcEncrypted && copySourceKey != nil && destKey != nil {
+		// Same key if MD5 matches exactly (base64 encoding is case-sensitive)
+		return copySourceKey.KeyMD5 == srcKeyMD5 &&
+			destKey.KeyMD5 == srcKeyMD5
+	}
+
+	// All other cases require decrypt/re-encrypt
+	return false
+}
+
+// SSECCopyStrategy represents the strategy for copying SSE-C objects
+type SSECCopyStrategy int
+
+const (
+	SSECCopyDirect    SSECCopyStrategy = iota // Direct chunk copy (fast)
+	SSECCopyReencrypt                         // Decrypt and re-encrypt (slow)
+)
+
+// DetermineSSECCopyStrategy determines the optimal copy strategy
+func DetermineSSECCopyStrategy(srcMetadata map[string][]byte, copySourceKey *SSECustomerKey, destKey *SSECustomerKey) (SSECCopyStrategy, error) {
+	_, srcKeyMD5, srcEncrypted := GetSourceSSECInfo(srcMetadata)
+
+	// Validate source key if source is encrypted
+	if srcEncrypted {
+		if copySourceKey == nil {
+			return SSECCopyReencrypt, ErrSSECustomerKeyMissing
+		}
+		if copySourceKey.KeyMD5 != srcKeyMD5 {
+			return SSECCopyReencrypt, ErrSSECustomerKeyMD5Mismatch
+		}
+	} else if copySourceKey != nil {
+		// Source not encrypted but copy source key provided
+		return SSECCopyReencrypt, ErrSSECustomerKeyNotNeeded
+	}
+
+	if CanDirectCopySSEC(srcMetadata, copySourceKey, destKey) {
+		return SSECCopyDirect, nil
+	}
+
+	return SSECCopyReencrypt, nil
+}
+
+// MapSSECErrorToS3Error maps SSE-C custom errors to S3 API error codes
+func MapSSECErrorToS3Error(err error) s3err.ErrorCode {
+	switch err {
+	case ErrInvalidEncryptionAlgorithm:
+		return s3err.ErrInvalidEncryptionAlgorithm
+	case ErrInvalidEncryptionKey:
+		return s3err.ErrInvalidEncryptionKey
+	case ErrSSECustomerKeyMD5Mismatch:
+		return s3err.ErrSSECustomerKeyMD5Mismatch
+	case ErrSSECustomerKeyMissing:
+		return s3err.ErrSSECustomerKeyMissing
+	case ErrSSECustomerKeyNotNeeded:
+		return s3err.ErrSSECustomerKeyNotNeeded
+	default:
+		return s3err.ErrInvalidRequest
+	}
+}
--- a/weed/s3api/s3_sse_c_range_test.go
+++ b/weed/s3api/s3_sse_c_range_test.go
@ -0,0 +1,63 @@
+package s3api
+
+import (
+	"bytes"
+	"crypto/md5"
+	"encoding/base64"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gorilla/mux"
+	"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
+)
+
+// ResponseRecorder that also implements http.Flusher
+type recorderFlusher struct{ *httptest.ResponseRecorder }
+
+func (r recorderFlusher) Flush() {}
+
+// TestSSECRangeRequestsNotSupported verifies that HTTP Range requests are rejected
+// for SSE-C encrypted objects because the IV is required at the beginning of the stream
+func TestSSECRangeRequestsNotSupported(t *testing.T) {
+	// Create a request with Range header and valid SSE-C headers
+	req := httptest.NewRequest(http.MethodGet, "/b/o", nil)
+	req.Header.Set("Range", "bytes=10-20")
+	req.Header.Set(s3_constants.AmzServerSideEncryptionCustomerAlgorithm, "AES256")
+
+	key := make([]byte, 32)
+	for i := range key {
+		key[i] = byte(i)
+	}
+	s := md5.Sum(key)
+	keyMD5 := base64.StdEncoding.EncodeToString(s[:])
+
+	req.Header.Set(s3_constants.AmzServerSideEncryptionCustomerKey, base64.StdEncoding.EncodeToString(key))
+	req.Header.Set(s3_constants.AmzServerSideEncryptionCustomerKeyMD5, keyMD5)
+
+	// Attach mux vars to avoid panic in error writer
+	req = mux.SetURLVars(req, map[string]string{"bucket": "b", "object": "o"})
+
+	// Create a mock HTTP response that simulates SSE-C encrypted object metadata
+	proxyResponse := &http.Response{
+		StatusCode: 200,
+		Header:     make(http.Header),
+		Body:       io.NopCloser(bytes.NewReader([]byte("mock encrypted data"))),
+	}
+	proxyResponse.Header.Set(s3_constants.AmzServerSideEncryptionCustomerAlgorithm, "AES256")
+	proxyResponse.Header.Set(s3_constants.AmzServerSideEncryptionCustomerKeyMD5, keyMD5)
+
+	// Call the function under test
+	s3a := &S3ApiServer{}
+	rec := httptest.NewRecorder()
+	w := recorderFlusher{rec}
+	statusCode, _ := s3a.handleSSECResponse(req, proxyResponse, w)
+
+	if statusCode != http.StatusRequestedRangeNotSatisfiable {
+		t.Fatalf("expected status %d, got %d", http.StatusRequestedRangeNotSatisfiable, statusCode)
+	}
+	if rec.Result().StatusCode != http.StatusRequestedRangeNotSatisfiable {
+		t.Fatalf("writer status expected %d, got %d", http.StatusRequestedRangeNotSatisfiable, rec.Result().StatusCode)
+	}
+}
--- a/weed/s3api/s3_sse_c_test.go
+++ b/weed/s3api/s3_sse_c_test.go
@ -0,0 +1,412 @@
+package s3api
+
+import (
+	"bytes"
+	"crypto/md5"
+	"encoding/base64"
+	"fmt"
+	"io"
+	"net/http"
+	"testing"
+
+	"github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
+)
+
+func base64MD5(b []byte) string {
+	s := md5.Sum(b)
+	return base64.StdEncoding.EncodeToString(s[:])
+}
+
+func TestSSECHeaderValidation(t *testing.T) {
+	// Test valid SSE-C headers
+	req := &http.Request{Header: make(http.Header)}
+
+	key := make([]byte, 32) // 256-bit key
+	for i := range key {
+		key[i] = byte(i)
+	}
+
+	keyBase64 := base64.StdEncoding.EncodeToString(key)
+	md5sum := md5.Sum(key)
+	keyMD5 := base64.StdEncoding.EncodeToString(md5sum[:])
+
+	req.Header.Set(s3_constants.AmzServerSideEncryptionCustomerAlgorithm, "AES256")
+	req.Header.Set(s3_constants.AmzServerSideEncryptionCustomerKey, keyBase64)
+	req.Header.Set(s3_constants.AmzServerSideEncryptionCustomerKeyMD5, keyMD5)
+
+	// Test validation
+	err := ValidateSSECHeaders(req)
+	if err != nil {
+		t.Errorf("Expected valid headers, got error: %v", err)
+	}
+
+	// Test parsing
+	customerKey, err := ParseSSECHeaders(req)
+	if err != nil {
+		t.Errorf("Expected successful parsing, got error: %v", err)
+	}
+
+	if customerKey == nil {
+		t.Error("Expected customer key, got nil")
+	}
+
+	if customerKey.Algorithm != "AES256" {
+		t.Errorf("Expected algorithm AES256, got %s", customerKey.Algorithm)
+	}
+
+	if !bytes.Equal(customerKey.Key, key) {
+		t.Error("Key doesn't match original")
+	}
+
+	if customerKey.KeyMD5 != keyMD5 {
+		t.Errorf("Expected key MD5 %s, got %s", keyMD5, customerKey.KeyMD5)
+	}
+}
+
+func TestSSECCopySourceHeaders(t *testing.T) {
+	// Test valid SSE-C copy source headers
+	req := &http.Request{Header: make(http.Header)}
+
+	key := make([]byte, 32) // 256-bit key
+	for i := range key {
+		key[i] = byte(i) + 1 // Different from regular test
+	}
+
+	keyBase64 := base64.StdEncoding.EncodeToString(key)
+	md5sum2 := md5.Sum(key)
+	keyMD5 := base64.StdEncoding.EncodeToString(md5sum2[:])
+
+	req.Header.Set(s3_constants.AmzCopySourceServerSideEncryptionCustomerAlgorithm, "AES256")
+	req.Header.Set(s3_constants.AmzCopySourceServerSideEncryptionCustomerKey, keyBase64)
+	req.Header.Set(s3_constants.AmzCopySourceServerSideEncryptionCustomerKeyMD5, keyMD5)
+
+	// Test parsing copy source headers
+	customerKey, err := ParseSSECCopySourceHeaders(req)
+	if err != nil {
+		t.Errorf("Expected successful copy source parsing, got error: %v", err)
+	}
+
+	if customerKey == nil {
+		t.Error("Expected customer key from copy source headers, got nil")
+	}
+
+	if customerKey.Algorithm != "AES256" {
+		t.Errorf("Expected algorithm AES256, got %s", customerKey.Algorithm)
+	}
+
+	if !bytes.Equal(customerKey.Key, key) {
+		t.Error("Copy source key doesn't match original")
+	}
+
+	// Test that regular headers don't interfere with copy source headers
+	regularKey, err := ParseSSECHeaders(req)
+	if err != nil {
+		t.Errorf("Regular header parsing should not fail: %v", err)
+	}
+
+	if regularKey != nil {
+		t.Error("Expected nil for regular headers when only copy source headers are present")
+	}
+}
+
+func TestSSECHeaderValidationErrors(t *testing.T) {
+	tests := []struct {
+		name      string
+		algorithm string
+		key       string
+		keyMD5    string
+		wantErr   error
+	}{
+		{
+			name:      "invalid algorithm",
+			algorithm: "AES128",
+			key:       base64.StdEncoding.EncodeToString(make([]byte, 32)),
+			keyMD5:    base64MD5(make([]byte, 32)),
+			wantErr:   ErrInvalidEncryptionAlgorithm,
+		},
+		{
+			name:      "invalid key length",
+			algorithm: "AES256",
+			key:       base64.StdEncoding.EncodeToString(make([]byte, 16)),
+			keyMD5:    base64MD5(make([]byte, 16)),
+			wantErr:   ErrInvalidEncryptionKey,
+		},
+		{
+			name:      "mismatched MD5",
+			algorithm: "AES256",
+			key:       base64.StdEncoding.EncodeToString(make([]byte, 32)),
+			keyMD5:    "wrong==md5",
+			wantErr:   ErrSSECustomerKeyMD5Mismatch,
+		},
+		{
+			name:      "incomplete headers",
+			algorithm: "AES256",
+			key:       "",
+			keyMD5:    "",
+			wantErr:   ErrInvalidRequest,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			req := &http.Request{Header: make(http.Header)}
+
+			if tt.algorithm != "" {
+				req.Header.Set(s3_constants.AmzServerSideEncryptionCustomerAlgorithm, tt.algorithm)
+			}
+			if tt.key != "" {
+				req.Header.Set(s3_constants.AmzServerSideEncryptionCustomerKey, tt.key)
+			}
+			if tt.keyMD5 != "" {
+				req.Header.Set(s3_constants.AmzServerSideEncryptionCustomerKeyMD5, tt.keyMD5)
+			}
+
+			err := ValidateSSECHeaders(req)
+			if err != tt.wantErr {
+				t.Errorf("Expected error %v, got %v", tt.wantErr, err)
+			}
+		})
+	}
+}
+
+func TestSSECEncryptionDecryption(t *testing.T) {
+	// Create customer key
+	key := make([]byte, 32)
+	for i := range key {
+		key[i] = byte(i)
+	}
+
+	md5sumKey := md5.Sum(key)
+	customerKey := &SSECustomerKey{
+		Algorithm: "AES256",
+		Key:       key,
+		KeyMD5:    base64.StdEncoding.EncodeToString(md5sumKey[:]),
+	}
+
+	// Test data
+	testData := []byte("Hello, World! This is a test of SSE-C encryption.")
+
+	// Create encrypted reader
+	dataReader := bytes.NewReader(testData)
+	encryptedReader, err := CreateSSECEncryptedReader(dataReader, customerKey)
+	if err != nil {
+		t.Fatalf("Failed to create encrypted reader: %v", err)
+	}
+
+	// Read encrypted data
+	encryptedData, err := io.ReadAll(encryptedReader)
+	if err != nil {
+		t.Fatalf("Failed to read encrypted data: %v", err)
+	}
+
+	// Verify data is actually encrypted (different from original)
+	if bytes.Equal(encryptedData[16:], testData) { // Skip IV
+		t.Error("Data doesn't appear to be encrypted")
+	}
+
+	// Create decrypted reader
+	encryptedReader2 := bytes.NewReader(encryptedData)
+	decryptedReader, err := CreateSSECDecryptedReader(encryptedReader2, customerKey)
+	if err != nil {
+		t.Fatalf("Failed to create decrypted reader: %v", err)
+	}
+
+	// Read decrypted data
+	decryptedData, err := io.ReadAll(decryptedReader)
+	if err != nil {
+		t.Fatalf("Failed to read decrypted data: %v", err)
+	}
+
+	// Verify decrypted data matches original
+	if !bytes.Equal(decryptedData, testData) {
+		t.Errorf("Decrypted data doesn't match original.\nOriginal: %s\nDecrypted: %s", testData, decryptedData)
+	}
+}
+
+func TestSSECIsSSECRequest(t *testing.T) {
+	// Test with SSE-C headers
+	req := &http.Request{Header: make(http.Header)}
+	req.Header.Set(s3_constants.AmzServerSideEncryptionCustomerAlgorithm, "AES256")
+
+	if !IsSSECRequest(req) {
+		t.Error("Expected IsSSECRequest to return true when SSE-C headers are present")
+	}
+
+	// Test without SSE-C headers
+	req2 := &http.Request{Header: make(http.Header)}
+	if IsSSECRequest(req2) {
+		t.Error("Expected IsSSECRequest to return false when no SSE-C headers are present")
+	}
+}
+
+// Test encryption with different data sizes (similar to s3tests)
+func TestSSECEncryptionVariousSizes(t *testing.T) {
+	sizes := []int{1, 13, 1024, 1024 * 1024} // 1B, 13B, 1KB, 1MB
+
+	for _, size := range sizes {
+		t.Run(fmt.Sprintf("size_%d", size), func(t *testing.T) {
+			// Create customer key
+			key := make([]byte, 32)
+			for i := range key {
+				key[i] = byte(i + size) // Make key unique per test
+			}
+
+			md5sumDyn := md5.Sum(key)
+			customerKey := &SSECustomerKey{
+				Algorithm: "AES256",
+				Key:       key,
+				KeyMD5:    base64.StdEncoding.EncodeToString(md5sumDyn[:]),
+			}
+
+			// Create test data of specified size
+			testData := make([]byte, size)
+			for i := range testData {
+				testData[i] = byte('A' + (i % 26)) // Pattern of A-Z
+			}
+
+			// Encrypt
+			dataReader := bytes.NewReader(testData)
+			encryptedReader, err := CreateSSECEncryptedReader(dataReader, customerKey)
+			if err != nil {
+				t.Fatalf("Failed to create encrypted reader: %v", err)
+			}
+
+			encryptedData, err := io.ReadAll(encryptedReader)
+			if err != nil {
+				t.Fatalf("Failed to read encrypted data: %v", err)
+			}
+
+			// Verify IV is present and data is encrypted
+			if len(encryptedData) < AESBlockSize {
+				t.Fatalf("Encrypted data too short, missing IV")
+			}
+
+			if len(encryptedData) != size+AESBlockSize {
+				t.Errorf("Expected encrypted data length %d, got %d", size+AESBlockSize, len(encryptedData))
+			}
+
+			// Decrypt
+			encryptedReader2 := bytes.NewReader(encryptedData)
+			decryptedReader, err := CreateSSECDecryptedReader(encryptedReader2, customerKey)
+			if err != nil {
+				t.Fatalf("Failed to create decrypted reader: %v", err)
+			}
+
+			decryptedData, err := io.ReadAll(decryptedReader)
+			if err != nil {
+				t.Fatalf("Failed to read decrypted data: %v", err)
+			}
+
+			// Verify decrypted data matches original
+			if !bytes.Equal(decryptedData, testData) {
+				t.Errorf("Decrypted data doesn't match original for size %d", size)
+			}
+		})
+	}
+}
+
+func TestSSECEncryptionWithNilKey(t *testing.T) {
+	testData := []byte("test data")
+	dataReader := bytes.NewReader(testData)
+
+	// Test encryption with nil key (should pass through)
+	encryptedReader, err := CreateSSECEncryptedReader(dataReader, nil)
+	if err != nil {
+		t.Fatalf("Failed to create encrypted reader with nil key: %v", err)
+	}
+
+	result, err := io.ReadAll(encryptedReader)
+	if err != nil {
+		t.Fatalf("Failed to read from pass-through reader: %v", err)
+	}
+
+	if !bytes.Equal(result, testData) {
+		t.Error("Data should pass through unchanged when key is nil")
+	}
+
+	// Test decryption with nil key (should pass through)
+	dataReader2 := bytes.NewReader(testData)
+	decryptedReader, err := CreateSSECDecryptedReader(dataReader2, nil)
+	if err != nil {
+		t.Fatalf("Failed to create decrypted reader with nil key: %v", err)
+	}
+
+	result2, err := io.ReadAll(decryptedReader)
+	if err != nil {
+		t.Fatalf("Failed to read from pass-through reader: %v", err)
+	}
+
+	if !bytes.Equal(result2, testData) {
+		t.Error("Data should pass through unchanged when key is nil")
+	}
+}
+
+// TestSSECEncryptionSmallBuffers tests the fix for the critical bug where small buffers
+// could corrupt the data stream when reading in chunks smaller than the IV size
+func TestSSECEncryptionSmallBuffers(t *testing.T) {
+	testData := []byte("This is a test message for small buffer reads")
+
+	// Create customer key
+	key := make([]byte, 32)
+	for i := range key {
+		key[i] = byte(i)
+	}
+
+	md5sumKey3 := md5.Sum(key)
+	customerKey := &SSECustomerKey{
+		Algorithm: "AES256",
+		Key:       key,
+		KeyMD5:    base64.StdEncoding.EncodeToString(md5sumKey3[:]),
+	}
+
+	// Create encrypted reader
+	dataReader := bytes.NewReader(testData)
+	encryptedReader, err := CreateSSECEncryptedReader(dataReader, customerKey)
+	if err != nil {
+		t.Fatalf("Failed to create encrypted reader: %v", err)
+	}
+
+	// Read with very small buffers (smaller than IV size of 16 bytes)
+	var encryptedData []byte
+	smallBuffer := make([]byte, 5) // Much smaller than 16-byte IV
+
+	for {
+		n, err := encryptedReader.Read(smallBuffer)
+		if n > 0 {
+			encryptedData = append(encryptedData, smallBuffer[:n]...)
+		}
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			t.Fatalf("Error reading encrypted data: %v", err)
+		}
+	}
+
+	// Verify the encrypted data starts with 16-byte IV
+	if len(encryptedData) < 16 {
+		t.Fatalf("Encrypted data too short, expected at least 16 bytes for IV, got %d", len(encryptedData))
+	}
+
+	// Expected total size: 16 bytes (IV) + len(testData)
+	expectedSize := 16 + len(testData)
+	if len(encryptedData) != expectedSize {
+		t.Errorf("Expected encrypted data size %d, got %d", expectedSize, len(encryptedData))
+	}
+
+	// Decrypt and verify
+	encryptedReader2 := bytes.NewReader(encryptedData)
+	decryptedReader, err := CreateSSECDecryptedReader(encryptedReader2, customerKey)
+	if err != nil {
+		t.Fatalf("Failed to create decrypted reader: %v", err)
+	}
+
+	decryptedData, err := io.ReadAll(decryptedReader)
+	if err != nil {
+		t.Fatalf("Failed to read decrypted data: %v", err)
+	}
+
+	if !bytes.Equal(decryptedData, testData) {
+		t.Errorf("Decrypted data doesn't match original.\nOriginal: %s\nDecrypted: %s", testData, decryptedData)
+	}
+}
--- a/weed/s3api/s3api_object_handlers.go
+++ b/weed/s3api/s3api_object_handlers.go
@ -328,7 +328,10 @@ func (s3a *S3ApiServer) GetObjectHandler(w http.ResponseWriter, r *http.Request)
 		destUrl = s3a.toFilerUrl(bucket, object)
 	}

-	s3a.proxyToFiler(w, r, destUrl, false, passThroughResponse)
+	s3a.proxyToFiler(w, r, destUrl, false, func(proxyResponse *http.Response, w http.ResponseWriter) (statusCode int, bytesTransferred int64) {
+		// Handle SSE-C decryption if needed
+		return s3a.handleSSECResponse(r, proxyResponse, w)
+	})
 }

 func (s3a *S3ApiServer) HeadObjectHandler(w http.ResponseWriter, r *http.Request) {
@ -423,7 +426,10 @@ func (s3a *S3ApiServer) HeadObjectHandler(w http.ResponseWriter, r *http.Request
 		destUrl = s3a.toFilerUrl(bucket, object)
 	}

-	s3a.proxyToFiler(w, r, destUrl, false, passThroughResponse)
+	s3a.proxyToFiler(w, r, destUrl, false, func(proxyResponse *http.Response, w http.ResponseWriter) (statusCode int, bytesTransferred int64) {
+		// Handle SSE-C validation for HEAD requests
+		return s3a.handleSSECResponse(r, proxyResponse, w)
+	})
 }

 func (s3a *S3ApiServer) proxyToFiler(w http.ResponseWriter, r *http.Request, destUrl string, isWrite bool, responseFn func(proxyResponse *http.Response, w http.ResponseWriter) (statusCode int, bytesTransferred int64)) {
@ -555,34 +561,134 @@ func restoreCORSHeaders(w http.ResponseWriter, capturedCORSHeaders map[string]st
 	}
 }

-func passThroughResponse(proxyResponse *http.Response, w http.ResponseWriter) (statusCode int, bytesTransferred int64) {
-	// Capture existing CORS headers that may have been set by middleware
-	capturedCORSHeaders := captureCORSHeaders(w, corsHeaders)
-
-	// Copy headers from proxy response
-	for k, v := range proxyResponse.Header {
-		w.Header()[k] = v
-	}
-
+// writeFinalResponse handles the common response writing logic shared between
+// passThroughResponse and handleSSECResponse
+func writeFinalResponse(w http.ResponseWriter, proxyResponse *http.Response, bodyReader io.Reader, capturedCORSHeaders map[string]string) (statusCode int, bytesTransferred int64) {
 	// Restore CORS headers that were set by middleware
 	restoreCORSHeaders(w, capturedCORSHeaders)

 	if proxyResponse.Header.Get("Content-Range") != "" && proxyResponse.StatusCode == 200 {
-		w.WriteHeader(http.StatusPartialContent)
 		statusCode = http.StatusPartialContent
 	} else {
 		statusCode = proxyResponse.StatusCode
 	}
 	w.WriteHeader(statusCode)
+
+	// Stream response data
 	buf := mem.Allocate(128 * 1024)
 	defer mem.Free(buf)
-	bytesTransferred, err := io.CopyBuffer(w, proxyResponse.Body, buf)
+	bytesTransferred, err := io.CopyBuffer(w, bodyReader, buf)
 	if err != nil {
-		glog.V(1).Infof("passthrough response read %d bytes: %v", bytesTransferred, err)
+		glog.V(1).Infof("response read %d bytes: %v", bytesTransferred, err)
 	}
 	return statusCode, bytesTransferred
 }

+func passThroughResponse(proxyResponse *http.Response, w http.ResponseWriter) (statusCode int, bytesTransferred int64) {
+	// Capture existing CORS headers that may have been set by middleware
+	capturedCORSHeaders := captureCORSHeaders(w, corsHeaders)
+
+	// Copy headers from proxy response
+	for k, v := range proxyResponse.Header {
+		w.Header()[k] = v
+	}
+
+	return writeFinalResponse(w, proxyResponse, proxyResponse.Body, capturedCORSHeaders)
+}
+
+// handleSSECResponse handles SSE-C decryption and response processing
+func (s3a *S3ApiServer) handleSSECResponse(r *http.Request, proxyResponse *http.Response, w http.ResponseWriter) (statusCode int, bytesTransferred int64) {
+	// Check if the object has SSE-C metadata
+	sseAlgorithm := proxyResponse.Header.Get(s3_constants.AmzServerSideEncryptionCustomerAlgorithm)
+	sseKeyMD5 := proxyResponse.Header.Get(s3_constants.AmzServerSideEncryptionCustomerKeyMD5)
+	isObjectEncrypted := sseAlgorithm != "" && sseKeyMD5 != ""
+
+	// Parse SSE-C headers from request once (avoid duplication)
+	customerKey, err := ParseSSECHeaders(r)
+	if err != nil {
+		errCode := MapSSECErrorToS3Error(err)
+		s3err.WriteErrorResponse(w, r, errCode)
+		return http.StatusBadRequest, 0
+	}
+
+	if isObjectEncrypted {
+		// This object was encrypted with SSE-C, validate customer key
+		if customerKey == nil {
+			s3err.WriteErrorResponse(w, r, s3err.ErrSSECustomerKeyMissing)
+			return http.StatusBadRequest, 0
+		}
+
+		// SSE-C MD5 is base64 and case-sensitive
+		if customerKey.KeyMD5 != sseKeyMD5 {
+			// For GET/HEAD requests, AWS S3 returns 403 Forbidden for a key mismatch.
+			s3err.WriteErrorResponse(w, r, s3err.ErrAccessDenied)
+			return http.StatusForbidden, 0
+		}
+
+		// SSE-C encrypted objects do not support HTTP Range requests because the 16-byte IV
+		// is required at the beginning of the stream for proper decryption
+		if r.Header.Get("Range") != "" {
+			s3err.WriteErrorResponse(w, r, s3err.ErrInvalidRange)
+			return http.StatusRequestedRangeNotSatisfiable, 0
+		}
+
+		// Create decrypted reader
+		decryptedReader, decErr := CreateSSECDecryptedReader(proxyResponse.Body, customerKey)
+		if decErr != nil {
+			glog.Errorf("Failed to create SSE-C decrypted reader: %v", decErr)
+			s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
+			return http.StatusInternalServerError, 0
+		}
+
+		// Capture existing CORS headers that may have been set by middleware
+		capturedCORSHeaders := captureCORSHeaders(w, corsHeaders)
+
+		// Copy headers from proxy response (excluding body-related headers that might change)
+		for k, v := range proxyResponse.Header {
+			if k != "Content-Length" && k != "Content-Encoding" {
+				w.Header()[k] = v
+			}
+		}
+
+		// Set correct Content-Length for SSE-C (only for full object requests)
+		// Range requests are complex with SSE-C because the entire object needs decryption
+		if proxyResponse.Header.Get("Content-Range") == "" {
+			// Full object request: subtract 16-byte IV from encrypted length
+			if contentLengthStr := proxyResponse.Header.Get("Content-Length"); contentLengthStr != "" {
+				encryptedLength, err := strconv.ParseInt(contentLengthStr, 10, 64)
+				if err != nil {
+					glog.Errorf("Invalid Content-Length header for SSE-C object: %v", err)
+					s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
+					return http.StatusInternalServerError, 0
+				}
+				originalLength := encryptedLength - 16
+				if originalLength < 0 {
+					glog.Errorf("Encrypted object length (%d) is less than IV size (16 bytes)", encryptedLength)
+					s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
+					return http.StatusInternalServerError, 0
+				}
+				w.Header().Set("Content-Length", strconv.FormatInt(originalLength, 10))
+			}
+		}
+		// For range requests, let the actual bytes transferred determine the response length
+
+		// Add SSE-C response headers
+		w.Header().Set(s3_constants.AmzServerSideEncryptionCustomerAlgorithm, sseAlgorithm)
+		w.Header().Set(s3_constants.AmzServerSideEncryptionCustomerKeyMD5, sseKeyMD5)
+
+		return writeFinalResponse(w, proxyResponse, decryptedReader, capturedCORSHeaders)
+	} else {
+		// Object is not encrypted, but check if customer provided SSE-C headers unnecessarily
+		if customerKey != nil {
+			s3err.WriteErrorResponse(w, r, s3err.ErrSSECustomerKeyNotNeeded)
+			return http.StatusBadRequest, 0
+		}
+
+		// Normal pass-through response
+		return passThroughResponse(proxyResponse, w)
+	}
+}
+
 // addObjectLockHeadersToResponse extracts object lock metadata from entry Extended attributes
 // and adds the appropriate S3 headers to the response
 func (s3a *S3ApiServer) addObjectLockHeadersToResponse(w http.ResponseWriter, entry *filer_pb.Entry) {
--- a/weed/s3api/s3api_object_handlers_copy.go
+++ b/weed/s3api/s3api_object_handlers_copy.go
@ -1,8 +1,10 @@
 package s3api

 import (
+	"bytes"
 	"context"
 	"fmt"
+	"io"
 	"net/http"
 	"net/url"
 	"strconv"
@ -160,11 +162,17 @@ func (s3a *S3ApiServer) CopyObjectHandler(w http.ResponseWriter, r *http.Request
 		// Just copy the entry structure without chunks for zero-size files
 		dstEntry.Chunks = nil
 	} else {
-		// Replicate chunks for files with content
-		dstChunks, err := s3a.copyChunks(entry, r.URL.Path)
+		// Handle SSE-C copy with smart fast/slow path selection
+		dstChunks, err := s3a.copyChunksWithSSEC(entry, r)
 		if err != nil {
-			glog.Errorf("CopyObjectHandler copy chunks error: %v", err)
-			s3err.WriteErrorResponse(w, r, s3err.ErrInternalError)
+			glog.Errorf("CopyObjectHandler copy chunks with SSE-C error: %v", err)
+			// Use shared error mapping helper
+			errCode := MapSSECErrorToS3Error(err)
+			// For copy operations, if the error is not recognized, use InternalError
+			if errCode == s3err.ErrInvalidRequest {
+				errCode = s3err.ErrInternalError
+			}
+			s3err.WriteErrorResponse(w, r, errCode)
 			return
 		}
 		dstEntry.Chunks = dstChunks
@ -591,7 +599,8 @@ func processMetadataBytes(reqHeader http.Header, existing map[string][]byte, rep
 // copyChunks replicates chunks from source entry to destination entry
 func (s3a *S3ApiServer) copyChunks(entry *filer_pb.Entry, dstPath string) ([]*filer_pb.FileChunk, error) {
 	dstChunks := make([]*filer_pb.FileChunk, len(entry.GetChunks()))
-	executor := util.NewLimitedConcurrentExecutor(4) // Limit to 4 concurrent operations
+	const defaultChunkCopyConcurrency = 4
+	executor := util.NewLimitedConcurrentExecutor(defaultChunkCopyConcurrency) // Limit to configurable concurrent operations
 	errChan := make(chan error, len(entry.GetChunks()))

 	for i, chunk := range entry.GetChunks() {
@ -777,7 +786,8 @@ func (s3a *S3ApiServer) copyChunksForRange(entry *filer_pb.Entry, startOffset, e

 	// Copy the relevant chunks using a specialized method for range copies
 	dstChunks := make([]*filer_pb.FileChunk, len(relevantChunks))
-	executor := util.NewLimitedConcurrentExecutor(4)
+	const defaultChunkCopyConcurrency = 4
+	executor := util.NewLimitedConcurrentExecutor(defaultChunkCopyConcurrency)
 	errChan := make(chan error, len(relevantChunks))

 	// Create a map to track original chunks for each relevant chunk
@ -997,3 +1007,136 @@ func (s3a *S3ApiServer) downloadChunkData(srcUrl string, offset, size int64) ([]
 	}
 	return chunkData, nil
 }
+
+// copyChunksWithSSEC handles SSE-C aware copying with smart fast/slow path selection
+func (s3a *S3ApiServer) copyChunksWithSSEC(entry *filer_pb.Entry, r *http.Request) ([]*filer_pb.FileChunk, error) {
+	// Parse SSE-C headers
+	copySourceKey, err := ParseSSECCopySourceHeaders(r)
+	if err != nil {
+		return nil, err
+	}
+
+	destKey, err := ParseSSECHeaders(r)
+	if err != nil {
+		return nil, err
+	}
+
+	// Determine copy strategy
+	strategy, err := DetermineSSECCopyStrategy(entry.Extended, copySourceKey, destKey)
+	if err != nil {
+		return nil, err
+	}
+
+	glog.V(2).Infof("SSE-C copy strategy for %s: %v", r.URL.Path, strategy)
+
+	switch strategy {
+	case SSECCopyDirect:
+		// FAST PATH: Direct chunk copy
+		glog.V(2).Infof("Using fast path: direct chunk copy for %s", r.URL.Path)
+		return s3a.copyChunks(entry, r.URL.Path)
+
+	case SSECCopyReencrypt:
+		// SLOW PATH: Decrypt and re-encrypt
+		glog.V(2).Infof("Using slow path: decrypt/re-encrypt for %s", r.URL.Path)
+		return s3a.copyChunksWithReencryption(entry, copySourceKey, destKey, r.URL.Path)
+
+	default:
+		return nil, fmt.Errorf("unknown SSE-C copy strategy: %v", strategy)
+	}
+}
+
+// copyChunksWithReencryption handles the slow path: decrypt source and re-encrypt for destination
+func (s3a *S3ApiServer) copyChunksWithReencryption(entry *filer_pb.Entry, copySourceKey *SSECustomerKey, destKey *SSECustomerKey, dstPath string) ([]*filer_pb.FileChunk, error) {
+	dstChunks := make([]*filer_pb.FileChunk, len(entry.GetChunks()))
+	const defaultChunkCopyConcurrency = 4
+	executor := util.NewLimitedConcurrentExecutor(defaultChunkCopyConcurrency) // Limit to configurable concurrent operations
+	errChan := make(chan error, len(entry.GetChunks()))
+
+	for i, chunk := range entry.GetChunks() {
+		chunkIndex := i
+		executor.Execute(func() {
+			dstChunk, err := s3a.copyChunkWithReencryption(chunk, copySourceKey, destKey, dstPath)
+			if err != nil {
+				errChan <- fmt.Errorf("chunk %d: %v", chunkIndex, err)
+				return
+			}
+			dstChunks[chunkIndex] = dstChunk
+			errChan <- nil
+		})
+	}
+
+	// Wait for all operations to complete and check for errors
+	for i := 0; i < len(entry.GetChunks()); i++ {
+		if err := <-errChan; err != nil {
+			return nil, err
+		}
+	}
+
+	return dstChunks, nil
+}
+
+// copyChunkWithReencryption copies a single chunk with decrypt/re-encrypt
+func (s3a *S3ApiServer) copyChunkWithReencryption(chunk *filer_pb.FileChunk, copySourceKey *SSECustomerKey, destKey *SSECustomerKey, dstPath string) (*filer_pb.FileChunk, error) {
+	// Create destination chunk
+	dstChunk := s3a.createDestinationChunk(chunk, chunk.Offset, chunk.Size)
+
+	// Prepare chunk copy (assign new volume and get source URL)
+	assignResult, srcUrl, err := s3a.prepareChunkCopy(chunk.GetFileIdString(), dstPath)
+	if err != nil {
+		return nil, err
+	}
+
+	// Set file ID on destination chunk
+	if err := s3a.setChunkFileId(dstChunk, assignResult); err != nil {
+		return nil, err
+	}
+
+	// Download encrypted chunk data
+	encryptedData, err := s3a.downloadChunkData(srcUrl, 0, int64(chunk.Size))
+	if err != nil {
+		return nil, fmt.Errorf("download encrypted chunk data: %w", err)
+	}
+
+	var finalData []byte
+
+	// Decrypt if source is encrypted
+	if copySourceKey != nil {
+		decryptedReader, decErr := CreateSSECDecryptedReader(bytes.NewReader(encryptedData), copySourceKey)
+		if decErr != nil {
+			return nil, fmt.Errorf("create decrypted reader: %w", decErr)
+		}
+
+		decryptedData, readErr := io.ReadAll(decryptedReader)
+		if readErr != nil {
+			return nil, fmt.Errorf("decrypt chunk data: %w", readErr)
+		}
+		finalData = decryptedData
+	} else {
+		// Source is unencrypted
+		finalData = encryptedData
+	}
+
+	// Re-encrypt if destination should be encrypted
+	if destKey != nil {
+		encryptedReader, encErr := CreateSSECEncryptedReader(bytes.NewReader(finalData), destKey)
+		if encErr != nil {
+			return nil, fmt.Errorf("create encrypted reader: %w", encErr)
+		}
+
+		reencryptedData, readErr := io.ReadAll(encryptedReader)
+		if readErr != nil {
+			return nil, fmt.Errorf("re-encrypt chunk data: %w", readErr)
+		}
+		finalData = reencryptedData
+
+		// Update chunk size to include IV
+		dstChunk.Size = uint64(len(finalData))
+	}
+
+	// Upload the processed data
+	if err := s3a.uploadChunkData(finalData, assignResult); err != nil {
+		return nil, fmt.Errorf("upload processed chunk data: %w", err)
+	}
+
+	return dstChunk, nil
+}
--- a/weed/s3api/s3api_object_handlers_put.go
+++ b/weed/s3api/s3api_object_handlers_put.go
@ -190,6 +190,25 @@ func (s3a *S3ApiServer) PutObjectHandler(w http.ResponseWriter, r *http.Request)

 func (s3a *S3ApiServer) putToFiler(r *http.Request, uploadUrl string, dataReader io.Reader, destination string, bucket string) (etag string, code s3err.ErrorCode) {

+	// Handle SSE-C encryption if requested
+	customerKey, err := ParseSSECHeaders(r)
+	if err != nil {
+		glog.Errorf("SSE-C header validation failed: %v", err)
+		// Use shared error mapping helper
+		errCode := MapSSECErrorToS3Error(err)
+		return "", errCode
+	}
+
+	// Apply SSE-C encryption if customer key is provided
+	if customerKey != nil {
+		encryptedReader, encErr := CreateSSECEncryptedReader(dataReader, customerKey)
+		if encErr != nil {
+			glog.Errorf("Failed to create SSE-C encrypted reader: %v", encErr)
+			return "", s3err.ErrInternalError
+		}
+		dataReader = encryptedReader
+	}
+
 	hash := md5.New()
 	var body = io.TeeReader(dataReader, hash)

--- a/weed/s3api/s3err/s3api_errors.go
+++ b/weed/s3api/s3err/s3api_errors.go
@ -116,6 +116,13 @@ const (
 	ErrInvalidRetentionPeriod
 	ErrObjectLockConfigurationNotFoundError
 	ErrInvalidUnorderedWithDelimiter
+
+	// SSE-C related errors
+	ErrInvalidEncryptionAlgorithm
+	ErrInvalidEncryptionKey
+	ErrSSECustomerKeyMD5Mismatch
+	ErrSSECustomerKeyMissing
+	ErrSSECustomerKeyNotNeeded
 )

 // Error message constants for checksum validation
@ -471,6 +478,33 @@ var errorCodeResponse = map[ErrorCode]APIError{
 		Description:    "Unordered listing cannot be used with delimiter",
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+
+	// SSE-C related error mappings
+	ErrInvalidEncryptionAlgorithm: {
+		Code:           "InvalidEncryptionAlgorithmError",
+		Description:    "The encryption algorithm specified is not valid.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrInvalidEncryptionKey: {
+		Code:           "InvalidArgument",
+		Description:    "Invalid encryption key. Encryption key must be 256-bit AES256.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrSSECustomerKeyMD5Mismatch: {
+		Code:           "InvalidArgument",
+		Description:    "The provided customer encryption key MD5 does not match the key.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrSSECustomerKeyMissing: {
+		Code:           "InvalidArgument",
+		Description:    "Requests specifying Server Side Encryption with Customer provided keys must provide the customer key.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
+	ErrSSECustomerKeyNotNeeded: {
+		Code:           "InvalidArgument",
+		Description:    "The object was not encrypted with customer provided keys.",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
 }

 // GetAPIError provides API Error for input API error code.
--- a/weed/server/filer_server_handlers_write_autochunk.go
+++ b/weed/server/filer_server_handlers_write_autochunk.go
@ -488,6 +488,15 @@ func SaveAmzMetaData(r *http.Request, existing map[string][]byte, isReplace bool
 		}
 	}

+	// Handle SSE-C headers
+	if algorithm := r.Header.Get(s3_constants.AmzServerSideEncryptionCustomerAlgorithm); algorithm != "" {
+		metadata[s3_constants.AmzServerSideEncryptionCustomerAlgorithm] = []byte(algorithm)
+	}
+	if keyMD5 := r.Header.Get(s3_constants.AmzServerSideEncryptionCustomerKeyMD5); keyMD5 != "" {
+		// Store as-is; SSE-C MD5 is base64 and case-sensitive
+		metadata[s3_constants.AmzServerSideEncryptionCustomerKeyMD5] = []byte(keyMD5)
+	}
+
 	//acp-owner
 	acpOwner := r.Header.Get(s3_constants.ExtAmzOwnerKey)
 	if len(acpOwner) > 0 {