GCS CSEK and object versioning

GCS CSEK with Object versioning
The following will upload a file into a bucket with object versioning.
The file will have a CSEK
Then encrypt it with another CSEK and recall the first version using its original CSEK
### create two cseks
$ export dek_enc_1=`openssl rand --base64 32`
$ export dek_enc_2=`openssl rand --base64 32`

$ echo -n "bar" > encrypted.txt

## upload the file with csek1
$ gcloud storage cp encrypted.txt gs://core-eso-bucket --encryption-key=$dek_enc_1


$ gcloud storage objects describe gs://core-eso-bucket/encrypted.txt
bucket: core-eso-bucket
content_type: text/plain
creation_time: 2025-01-23T19:05:40+0000
decryption_key_hash_sha256: TXdhdV/4bCdY+Tk2yOxHsG0tUOdPwWX3/w6GerzComI=
encryption_algorithm: AES256
etag: COnrw97EjIsDEAE=
generation: '1737659140601321'
metageneration: 1
name: encrypted.txt
size: 3
storage_class: STANDARD
storage_class_update_time: 2025-01-23T19:05:40+0000
storage_url: gs://core-eso-bucket/encrypted.txt#1737659140601321
update_time: 2025-01-23T19:05:40+0000

---- 

### upload the file with csek2
$ gcloud storage cp encrypted.txt gs://core-eso-bucket --encryption-key=$dek_enc_2
  Completed files 1/1 | 3.0B/3.0B                                                                                                                                                                                                                                                                   

$ gcloud storage objects describe gs://core-eso-bucket/encrypted.txt
bucket: core-eso-bucket
content_type: text/plain
creation_time: 2025-01-23T19:12:51+0000
decryption_key_hash_sha256: lZqmEehoQGmRkGImLdyLsPLo1w2zq1i7Wx7YgLCU7QA=
encryption_algorithm: AES256
etag: COCj5avGjIsDEAE=
generation: '1737659571065312'
metageneration: 1
name: encrypted.txt
size: 3
storage_class: STANDARD
storage_class_update_time: 2025-01-23T19:12:51+0000
storage_url: gs://core-eso-bucket/encrypted.txt#1737659571065312
update_time: 2025-01-23T19:12:51+0000


$ gcloud storage  cp gs://core-eso-bucket/encrypted.txt /tmp/decrypted.txt  --encryption-key=$dek_enc_1


### attempt to just download the file
$ gcloud storage  cp gs://core-eso-bucket/encrypted.txt /tmp/decrypted.txt
ERROR: (gcloud.storage.cp) Missing decryption key with SHA256 hash lZqmEehoQGmRkGImLdyLsPLo1w2zq1i7Wx7YgLCU7QA=. No decryption key matches object gs://core-eso-bucket/encrypted.txt#1737659571065312.




### attempt to download the latest file with csek1
$  gcloud storage  cp gs://core-eso-bucket/encrypted.txt /tmp/decrypted.txt  --encryption-key=$dek_enc_1
  ERROR: (gcloud.storage.cp) Missing decryption key with SHA256 hash lZqmEehoQGmRkGImLdyLsPLo1w2zq1i7Wx7YgLCU7QA=. No decryption key matches object gs://core-eso-bucket/encrypted.txt#1737659571065312.


## download the latest file with csek2
$  gcloud storage  cp gs://core-eso-bucket/encrypted.txt /tmp/decrypted.txt  --encryption-key=$dek_enc_2

  Completed files 1/1 | 3.0B/3.0B                                                                                                                                                                                                                                                                   
### now to download the original file with csek1
$  gcloud storage  cp gs://core-eso-bucket/encrypted.txt#1737659140601321 /tmp/decrypted.txt  --encryption-key=$dek_enc_1

   Completed files 1/1 | 3.0B/3.0B
salrashid123/csek_versioning.md
