encrypt

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 26, 2023 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// SseGenericHeader is the AWS SSE header used for SSE-S3 and SSE-KMS.
	SseGenericHeader = "X-Amz-Server-Side-Encryption"

	// SseKmsKeyID is the AWS SSE-KMS key id.
	SseKmsKeyID = SseGenericHeader + "-Aws-Kms-Key-Id"
	// SseEncryptionContext is the AWS SSE-KMS Encryption Context data.
	SseEncryptionContext = SseGenericHeader + "-Context"

	// SseCustomerAlgorithm is the AWS SSE-C algorithm HTTP header key.
	SseCustomerAlgorithm = SseGenericHeader + "-Customer-Algorithm"
	// SseCustomerKey is the AWS SSE-C encryption key HTTP header key.
	SseCustomerKey = SseGenericHeader + "-Customer-Key"
	// SseCustomerKeyMD5 is the AWS SSE-C encryption key MD5 HTTP header key.
	SseCustomerKeyMD5 = SseGenericHeader + "-Customer-Key-MD5"

	// SseCopyCustomerAlgorithm is the AWS SSE-C algorithm HTTP header key for CopyObject API.
	SseCopyCustomerAlgorithm = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm"
	// SseCopyCustomerKey is the AWS SSE-C encryption key HTTP header key for CopyObject API.
	SseCopyCustomerKey = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key"
	// SseCopyCustomerKeyMD5 is the AWS SSE-C encryption key MD5 HTTP header key for CopyObject API.
	SseCopyCustomerKeyMD5 = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-MD5"
)
View Source
const FIPS = false

FIPS is true if 'fips' build tag was specified.

Variables

This section is empty.

Functions

This section is empty.

Types

type PBKDF

type PBKDF func(password, salt []byte) ServerSide

PBKDF creates a SSE-C key from the provided password and salt. PBKDF is a password-based key derivation function which can be used to derive a high-entropy cryptographic key from a low-entropy password and a salt.

var DefaultPBKDF PBKDF = func(password, salt []byte) ServerSide {
	sse := ssec{}
	copy(sse[:], argon2.IDKey(password, salt, 1, 64*1024, 4, 32))
	return sse
}

DefaultPBKDF is the default PBKDF. It uses Argon2id with the recommended parameters from the RFC draft (1 pass, 64 MB memory, 4 threads).

type ServerSide

type ServerSide interface {
	// Type returns the server-side-encryption method.
	Type() Type

	// Marshal adds encryption headers to the provided HTTP headers.
	// It marks an HTTP request as server-side-encryption request
	// and inserts the required data into the headers.
	Marshal(h http.Header)
}

ServerSide is a form of S3 server-side-encryption.

func NewSSE

func NewSSE() ServerSide

NewSSE returns a server-side-encryption using S3 storage encryption. Using SSE-S3 the server will encrypt the object with server-managed keys.

func NewSSEC

func NewSSEC(key []byte) (ServerSide, error)

NewSSEC returns a new server-side-encryption using SSE-C and the provided key. The key must be 32 bytes long.

func NewSSEKMS

func NewSSEKMS(keyID string, context interface{}) (ServerSide, error)

NewSSEKMS returns a new server-side-encryption using SSE-KMS and the provided Key Id and context.

func SSE

func SSE(sse ServerSide) ServerSide

SSE transforms a SSE-C copy encryption into a SSE-C encryption. It is the inverse of SSECopy(...).

If the provided sse is no SSE-C copy encryption SSE returns sse unmodified.

func SSECopy

func SSECopy(sse ServerSide) ServerSide

SSECopy transforms a SSE-C encryption into a SSE-C copy encryption. This is required for SSE-C key rotation or a SSE-C copy where the source and the destination should be encrypted.

If the provided sse is no SSE-C encryption SSECopy returns sse unmodified.

type Type

type Type string

Type is the server-side-encryption method. It represents one of the following encryption methods:

  • SSE-C: server-side-encryption with customer provided keys
  • KMS: server-side-encryption with managed keys
  • S3: server-side-encryption using S3 storage encryption
const (
	// SSEC represents server-side-encryption with customer provided keys
	SSEC Type = "SSE-C"
	// KMS represents server-side-encryption with managed keys
	KMS Type = "KMS"
	// S3 represents server-side-encryption using S3 storage encryption
	S3 Type = "S3"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL