SSE-C: Server-Side Encryption with Customer-Provided Encryption Keys
In SSE-C, the client supplies the secret key needed to read and write data.
The same SSE-C key must be used on all clients reading or writing the data; this must be set client-side, in the hadoop configuration.
For hadoop applications to work reliably, SSE-C with a common key must be used exclusively within a bucket if it is to be used at all. This is the only way to ensure that path and directory listings do not fail with "Bad Request" errors.