-----BEGIN PGP SIGNED MESSAGE-----
few minutes ago I have uploaded s3cmd 0.9.4 to SourceForge.net. It's the
best available version of s3tools / s3cmd, the command line Amazon S3
The most important changes include:
* Support for non-ASCII characters in uploaded filenames
Attempt to upload files with names in encodings other than ASCII, for
instance in UTF-8 encoding, resulted to various errors, most often to
SignatureNotValid exception. That's now fixed. Now you can upload a file
named "한국어 Русский 日本語 Ελληνικά فارسی" and everything should work
as expected. It has however only been tested on UTF-8 enabled Linux
system, let me know if you experience any reproducible problems with
This change also fixes a problem recently reported by Roscoe who
couldn't upload a file with "+" in the name.
* Support for transparent GPG encryption of uploaded files
This is somewhat experimental and only supports "password keys", not
real gpg-keys for now by default. Advanced users may however edit their
~/.s3cmd file and configure gpg_encrypt and gpg_decrypt to their liking.
Including adding options to use their gpg keys. You'll need some
familiarity with GPG though as I havent (yet?) written any simple how-to
for it (anyone up for writing some docs, btw? ;-)
Additionaly note that:
- - you get a file compression for free (GPG does it by default)
- - if you manage to lose the encryption key you're out of luck. I may add
a support for s3cmd to handle multiple different keys, at least for
decryption so you don't lose access to files encrypted ages ago after
the key is changes in ~/.s3cmd config file. It isn't there yet though so
be careful when changing the key in s3cmd config file!
- - As the uploaded files are encrypted using standard GPG you are not
bound to use s3cmd in the future. Any other S3 client can download them
for you and you will be able to decrypt them with your gpg program.
* HTTP proxy support
Many thanks to John D. Rowell for a patch. It will definitely come handy
when you're in a network behind a proxy without direct connection to the
* HTTPS protocol support
HTTPS encrypts all communication between s3cmd and S3 server. It's
completely independent to the above GPG encryption and serves a
- - In the GPG case only data files are encrypted and are transferred and
stored encrypted in S3. Everything else goes in plaintext (unencrypted)
although digitally signed and therefore protected against unauthorized
modifications. That's by default, even when you don't use GPG.
- - In the HTTPS case everything is encrypted, even things like bucket
listings and upload/download of non-GPG-ed files. However in S3 on the
remote end everything is decrypted again and the data are stored to S3
unencrypted (if not using GPG). Using HTTPS is unfortunately slower then
using the default HTTP because there's an overhead with setting up the
encrypted channel. The other downside is that you can't use HTTPS behind
a proxy. I haven't found a way to use both https and proxy with python
httplib. Anyone with a patch wandering around?
In other words: GPG is for people who don't trust Amazon not to sniff on
their stored data. HTTPS is for people who trust Amazon but don't trust
the networks between them and Amazon. GPG + HTTPS is for the paranoid.
- - Changes to the packaging system to make Debian packagers' life easier
- - Some other cleanups here and there
- - I won't release generic RPM files anymore. It's too much pain to make
them right and usable in all RPM-based distros. Use the source package
and install it with "python setup.py install" instead.
Download from here:
S3tools / S3cmd homepage:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----