Server-Side Encryption And End-to-End Encryption

• Server-side encryption: means that data will be encrypted as soon as the server receives it, and the data will also be decrypted on the server before being sent back to the client.
• End-to-end encryption: means that data will be encrypted and decrypted on the client side.

Since W3S stores data using AIOZ dCDN, encryption becomes very important to ensure security. W3S uses server-side encryption, which means that data sent to W3S is encrypted before being stored on AIOZ dCDN, making sure it's safe.

The information required for decrypting data—known as the access grant—is generated by the user on the client side. We will delve into the concept of the access grant more comprehensively in a subsequent article. In essence, the access grant encompasses encryption details as well as permissions.

When a user needs to utilize the S3 API, they send the access grant to the W3S registry service to create a new set of s3 credentials. This service uses the s3 Access ID to encrypt the access grant.

If End-To-End Encryption is of paramount importance, users have the option to use W3S CLI or by constructing a W3S self-hosted gateway tailored to their specific needs.
By utilizing W3S CL, users gain the ability to manage, access, and manipulate their data while ensuring that encryption and decryption operations occur within their local environment.
Alternatively, those who require the robust security measures of end-to-end encryption while concurrently seeking the benefits of s3-compatible functionality now have the opportunity to deploy their own self-hosted gateway.

For comprehensive insights and step-by-step instructions, we encourage you to explore the dedicated sections on W3S self-hosted gateway and W3S CLI, where you'll find detailed resources to empower your pursuit of enhanced data security through End-To-End Encryption.