encrypt

package

v6.0.5+incompatible Latest Latest Go to latest Published: Jul 5, 2018 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jamesnaftel/minio-go

Links

Open Source Insights

Documentation ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type PBKDF ¶

type PBKDF func(password, salt []byte) ServerSide

PBKDF creates a SSE-C key from the provided password and salt. PBKDF is a password-based key derivation function which can be used to derive a high-entropy cryptographic key from a low-entropy password and a salt.

var DefaultPBKDF PBKDF = func(password, salt []byte) ServerSide {
	sse := ssec{}
	copy(sse[:], argon2.IDKey(password, salt, 1, 64*1024, 4, 32))
	return sse
}

DefaultPBKDF is the default PBKDF. It uses Argon2id with the recommended parameters from the RFC draft (1 pass, 64 MB memory, 4 threads).

type ServerSide ¶

type ServerSide interface {
	// Type returns the server-side-encryption method.
	Type() Type

	// Marshal adds encryption headers to the provided HTTP headers.
	// It marks an HTTP request as server-side-encryption request
	// and inserts the required data into the headers.
	Marshal(h http.Header)
}

ServerSide is a form of S3 server-side-encryption.

func NewSSE ¶

func NewSSE() ServerSide

NewSSE returns a server-side-encryption using S3 storage encryption. Using SSE-S3 the server will encrypt the object with server-managed keys.

func NewSSEC ¶

func NewSSEC(key []byte) (ServerSide, error)

NewSSEC returns a new server-side-encryption using SSE-C and the provided key. The key must be 32 bytes long.

func NewSSEKMS ¶

func NewSSEKMS(keyID string, context interface{}) (ServerSide, error)

NewSSEKMS returns a new server-side-encryption using SSE-KMS and the provided Key Id and context.

func SSE ¶

func SSE(sse ServerSide) ServerSide

SSE transforms a SSE-C copy encryption into a SSE-C encryption. It is the inverse of SSECopy(...).

If the provided sse is no SSE-C copy encryption SSE returns sse unmodified.

func SSECopy ¶

func SSECopy(sse ServerSide) ServerSide

SSECopy transforms a SSE-C encryption into a SSE-C copy encryption. This is required for SSE-C key rotation or a SSE-C copy where the source and the destination should be encrypted.

If the provided sse is no SSE-C encryption SSECopy returns sse unmodified.

type Type ¶

type Type string

Type is the server-side-encryption method. It represents one of the following encryption methods:

SSE-C: server-side-encryption with customer provided keys
KMS: server-side-encryption with managed keys
S3: server-side-encryption using S3 storage encryption

const (
	// SSEC represents server-side-encryption with customer provided keys
	SSEC Type = "SSE-C"
	// KMS represents server-side-encryption with managed keys
	KMS Type = "KMS"
	// S3 represents server-side-encryption using S3 storage encryption
	S3 Type = "S3"
)

Source Files ¶

View all Source files

server-side.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL