encrypt

package
v6.0.4+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 21, 2018 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type PBKDF

type PBKDF func(password, salt []byte) ServerSide

PBKDF creates a SSE-C key from the provided password and salt. PBKDF is a password-based key derivation function which can be used to derive a high-entropy cryptographic key from a low-entropy password and a salt.

var DefaultPBKDF PBKDF = func(password, salt []byte) ServerSide {
	sse := ssec{}
	copy(sse[:], argon2.IDKey(password, salt, 1, 64*1024, 4, 32))
	return sse
}

DefaultPBKDF is the default PBKDF. It uses Argon2id with the recommended parameters from the RFC draft (1 pass, 64 MB memory, 4 threads).

type ServerSide

type ServerSide interface {
	// Type returns the server-side-encryption method.
	Type() Type

	// Marshal adds encryption headers to the provided HTTP headers.
	// It marks an HTTP request as server-side-encryption request
	// and inserts the required data into the headers.
	Marshal(h http.Header)
}

ServerSide is a form of S3 server-side-encryption.

func NewSSE

func NewSSE() ServerSide

NewSSE returns a server-side-encryption using S3 storage encryption. Using SSE-S3 the server will encrypt the object with server-managed keys.

func NewSSEC

func NewSSEC(key []byte) (ServerSide, error)

NewSSEC returns a new server-side-encryption using SSE-C and the provided key. The key must be 32 bytes long.

func NewSSEKMS

func NewSSEKMS(keyID string, context interface{}) (ServerSide, error)

NewSSEKMS returns a new server-side-encryption using SSE-KMS and the provided Key Id and context.

func SSE

func SSE(sse ServerSide) ServerSide

SSE transforms a SSE-C copy encryption into a SSE-C encryption. It is the inverse of SSECopy(...).

If the provided sse is no SSE-C copy encryption SSE returns sse unmodified.

func SSECopy

func SSECopy(sse ServerSide) ServerSide

SSECopy transforms a SSE-C encryption into a SSE-C copy encryption. This is required for SSE-C key rotation or a SSE-C copy where the source and the destination should be encrypted.

If the provided sse is no SSE-C encryption SSECopy returns sse unmodified.

type Type

type Type string

Type is the server-side-encryption method. It represents one of the following encryption methods:

  • SSE-C: server-side-encryption with customer provided keys
  • KMS: server-side-encryption with managed keys
  • S3: server-side-encryption using S3 storage encryption
const (
	// SSEC represents server-side-encryption with customer provided keys
	SSEC Type = "SSE-C"
	// KMS represents server-side-encryption with managed keys
	KMS Type = "KMS"
	// S3 represents server-side-encryption using S3 storage encryption
	S3 Type = "S3"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL