Documentation ¶
Index ¶
Constants ¶
const ( // SseGenericHeader is the AWS SSE header used for SSE-S3 and SSE-KMS. SseGenericHeader = "X-Amz-Server-Side-Encryption" // SseKmsKeyID is the AWS SSE-KMS key id. SseKmsKeyID = SseGenericHeader + "-Aws-Kms-Key-Id" // SseEncryptionContext is the AWS SSE-KMS Encryption Context data. SseEncryptionContext = SseGenericHeader + "-Context" // SseCustomerAlgorithm is the AWS SSE-C algorithm HTTP header key. SseCustomerAlgorithm = SseGenericHeader + "-Customer-Algorithm" // SseCustomerKey is the AWS SSE-C encryption key HTTP header key. SseCustomerKey = SseGenericHeader + "-Customer-Key" // SseCustomerKeyMD5 is the AWS SSE-C encryption key MD5 HTTP header key. SseCustomerKeyMD5 = SseGenericHeader + "-Customer-Key-MD5" // SseCopyCustomerAlgorithm is the AWS SSE-C algorithm HTTP header key for CopyObject API. SseCopyCustomerAlgorithm = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm" // SseCopyCustomerKey is the AWS SSE-C encryption key HTTP header key for CopyObject API. SseCopyCustomerKey = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key" // SseCopyCustomerKeyMD5 is the AWS SSE-C encryption key MD5 HTTP header key for CopyObject API. SseCopyCustomerKeyMD5 = "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-MD5" )
const FIPS = false
FIPS is true if 'fips' build tag was specified.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type PBKDF ¶
type PBKDF func(password, salt []byte) ServerSide
PBKDF creates a SSE-C key from the provided password and salt. PBKDF is a password-based key derivation function which can be used to derive a high-entropy cryptographic key from a low-entropy password and a salt.
type ServerSide ¶
type ServerSide interface { // Type returns the server-side-encryption method. Type() Type // Marshal adds encryption headers to the provided HTTP headers. // It marks an HTTP request as server-side-encryption request // and inserts the required data into the headers. Marshal(h http.Header) }
ServerSide is a form of S3 server-side-encryption.
func NewSSE ¶
func NewSSE() ServerSide
NewSSE returns a server-side-encryption using S3 storage encryption. Using SSE-S3 the server will encrypt the object with server-managed keys.
func NewSSEC ¶
func NewSSEC(key []byte) (ServerSide, error)
NewSSEC returns a new server-side-encryption using SSE-C and the provided key. The key must be 32 bytes long.
func NewSSEKMS ¶
func NewSSEKMS(keyID string, context interface{}) (ServerSide, error)
NewSSEKMS returns a new server-side-encryption using SSE-KMS and the provided Key Id and context.
func SSE ¶
func SSE(sse ServerSide) ServerSide
SSE transforms a SSE-C copy encryption into a SSE-C encryption. It is the inverse of SSECopy(...).
If the provided sse is no SSE-C copy encryption SSE returns sse unmodified.
func SSECopy ¶
func SSECopy(sse ServerSide) ServerSide
SSECopy transforms a SSE-C encryption into a SSE-C copy encryption. This is required for SSE-C key rotation or a SSE-C copy where the source and the destination should be encrypted.
If the provided sse is no SSE-C encryption SSECopy returns sse unmodified.