Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

s3crypto

package

Go to main page

Versions in this module

v1

v1.0.1

Jul 4, 2024

v1.0.0

Jul 4, 2024

Changes in this version

+ const AESCBC

+ const AESGCMNoPadding

+ const DefaultInstructionKeySuffix

+ const DefaultMinFileSize

+ const KMSContextWrap

+ const KMSWrap

+ var AESCBCPadder = Padder(aescbcPadding)

+ var NoPadder = Padder(noPadder{})

+ func RegisterAESCBCContentCipher(registry *CryptoRegistry, padder Padder) error

+ func RegisterAESGCMContentCipher(registry *CryptoRegistry) error

+ func RegisterKMSContextWrapWithAnyCMK(registry *CryptoRegistry, client kmsiface.KMSAPI) error

+ func RegisterKMSContextWrapWithCMK(registry *CryptoRegistry, client kmsiface.KMSAPI, cmkID string) error

+ func RegisterKMSWrapWithAnyCMK(registry *CryptoRegistry, client kmsiface.KMSAPI) error

+ func RegisterKMSWrapWithCMK(registry *CryptoRegistry, client kmsiface.KMSAPI, cmkID string) error

+ type CEKEntry func(CipherData) (ContentCipher, error)

+ type Cipher interface

+ type CipherData struct

+ CEKAlgorithm string

+ EncryptedKey []byte

+ IV []byte

+ Key []byte

+ MaterialDescription MaterialDescription

+ Padder Padder

+ TagLength string

+ WrapAlgorithm string

+ func (cd CipherData) Clone() (v CipherData)

+ type CipherDataDecrypter interface

+ DecryptKey func([]byte) ([]byte, error)

+ type CipherDataDecrypterWithContext interface

+ DecryptKeyWithContext func(aws.Context, []byte) ([]byte, error)

+ type CipherDataGenerator interface

+ GenerateCipherData func(int, int) (CipherData, error)

+ func NewKMSKeyGenerator(kmsClient kmsiface.KMSAPI, cmkID string) CipherDataGenerator

+ func NewKMSKeyGeneratorWithMatDesc(kmsClient kmsiface.KMSAPI, cmkID string, matdesc MaterialDescription) CipherDataGenerator

+ type CipherDataGeneratorWithCEKAlg interface

+ GenerateCipherDataWithCEKAlg func(ctx aws.Context, keySize, ivSize int, cekAlgorithm string) (CipherData, error)

+ func NewKMSContextKeyGenerator(client kmsiface.KMSAPI, cmkID string, matdesc MaterialDescription) CipherDataGeneratorWithCEKAlg

+ type CipherDataGeneratorWithContext interface

+ GenerateCipherDataWithContext func(aws.Context, int, int) (CipherData, error)

+ type ContentCipher interface

+ DecryptContents func(io.ReadCloser) (io.ReadCloser, error)

+ EncryptContents func(io.Reader) (io.Reader, error)

+ GetCipherData func() CipherData

+ type ContentCipherBuilder interface

+ ContentCipher func() (ContentCipher, error)

+ func AESCBCContentCipherBuilder(generator CipherDataGenerator, padder Padder) ContentCipherBuilder

+ func AESGCMContentCipherBuilder(generator CipherDataGenerator) ContentCipherBuilder

+ func AESGCMContentCipherBuilderV2(generator CipherDataGeneratorWithCEKAlg) ContentCipherBuilder

+ type ContentCipherBuilderWithContext interface

+ ContentCipherWithContext func(aws.Context) (ContentCipher, error)

+ type CryptoReadCloser struct

+ Body io.ReadCloser

+ Decrypter io.Reader

+ func (rc *CryptoReadCloser) Close() error

+ func (rc *CryptoReadCloser) Read(b []byte) (int, error)

+ type CryptoRegistry struct

+ func NewCryptoRegistry() *CryptoRegistry

+ func (c *CryptoRegistry) AddCEK(name string, entry CEKEntry) error

+ func (c *CryptoRegistry) AddPadder(name string, padder Padder) error

+ func (c *CryptoRegistry) AddWrap(name string, entry WrapEntry) error

+ func (c *CryptoRegistry) GetPadder(name string) (Padder, bool)

+ func (c *CryptoRegistry) RemoveCEK(name string) (CEKEntry, bool)

+ func (c *CryptoRegistry) RemovePadder(name string) (Padder, bool)

+ func (c *CryptoRegistry) RemoveWrap(name string) (WrapEntry, bool)

+ func (c CryptoRegistry) GetCEK(name string) (CEKEntry, bool)

+ func (c CryptoRegistry) GetWrap(name string) (WrapEntry, bool)

+ type Decrypter interface

+ Decrypt func(io.Reader) io.Reader

+ type DecryptionClient struct

+ CEKRegistry map[string]CEKEntry

+ LoadStrategy LoadStrategy

+ PadderRegistry map[string]Padder

+ S3Client s3iface.S3API

+ WrapRegistry map[string]WrapEntry

+ func NewDecryptionClient(prov client.ConfigProvider, options ...func(*DecryptionClient)) *DecryptionClient

+ func (c *DecryptionClient) GetObject(input *s3.GetObjectInput) (*s3.GetObjectOutput, error)

+ func (c *DecryptionClient) GetObjectRequest(input *s3.GetObjectInput) (*request.Request, *s3.GetObjectOutput)

+ func (c *DecryptionClient) GetObjectWithContext(ctx aws.Context, input *s3.GetObjectInput, opts ...request.Option) (*s3.GetObjectOutput, error)

+ type DecryptionClientOptions struct

+ CryptoRegistry *CryptoRegistry

+ LoadStrategy LoadStrategy

+ S3Client s3iface.S3API

+ type DecryptionClientV2 struct

+ func NewDecryptionClientV2(prov client.ConfigProvider, cryptoRegistry *CryptoRegistry, ...) (*DecryptionClientV2, error)

+ func (c *DecryptionClientV2) GetObject(input *s3.GetObjectInput) (*s3.GetObjectOutput, error)

+ func (c *DecryptionClientV2) GetObjectRequest(input *s3.GetObjectInput) (*request.Request, *s3.GetObjectOutput)

+ func (c *DecryptionClientV2) GetObjectWithContext(ctx aws.Context, input *s3.GetObjectInput, opts ...request.Option) (*s3.GetObjectOutput, error)

+ type Encrypter interface

+ Encrypt func(io.Reader) io.Reader

+ type EncryptionClient struct

+ ContentCipherBuilder ContentCipherBuilder

+ MinFileSize int64

+ S3Client s3iface.S3API

+ SaveStrategy SaveStrategy

+ TempFolderPath string

+ func NewEncryptionClient(prov client.ConfigProvider, builder ContentCipherBuilder, ...) *EncryptionClient

+ func (c *EncryptionClient) PutObject(input *s3.PutObjectInput) (*s3.PutObjectOutput, error)

+ func (c *EncryptionClient) PutObjectRequest(input *s3.PutObjectInput) (*request.Request, *s3.PutObjectOutput)

+ func (c *EncryptionClient) PutObjectWithContext(ctx aws.Context, input *s3.PutObjectInput, opts ...request.Option) (*s3.PutObjectOutput, error)

+ type EncryptionClientOptions struct

+ ContentCipherBuilder ContentCipherBuilder

+ MinFileSize int64

+ S3Client s3iface.S3API

+ SaveStrategy SaveStrategy

+ TempFolderPath string

+ type EncryptionClientV2 struct

+ func NewEncryptionClientV2(prov client.ConfigProvider, contentCipherBuilder ContentCipherBuilder, ...) (client *EncryptionClientV2, err error)

+ func (c *EncryptionClientV2) PutObject(input *s3.PutObjectInput) (*s3.PutObjectOutput, error)

+ func (c *EncryptionClientV2) PutObjectRequest(input *s3.PutObjectInput) (*request.Request, *s3.PutObjectOutput)

+ func (c *EncryptionClientV2) PutObjectWithContext(ctx aws.Context, input *s3.PutObjectInput, opts ...request.Option) (*s3.PutObjectOutput, error)

+ type Envelope struct

+ CEKAlg string

+ CipherKey string

+ IV string

+ MatDesc string

+ TagLen string

+ UnencryptedContentLen string

+ UnencryptedMD5 string

+ WrapAlg string

+ func (e *Envelope) UnmarshalJSON(value []byte) error

+ type HeaderV2LoadStrategy struct

+ func (load HeaderV2LoadStrategy) Load(req *request.Request) (Envelope, error)

+ type HeaderV2SaveStrategy struct

+ func (strat HeaderV2SaveStrategy) Save(env Envelope, req *request.Request) error

+ type LoadStrategy interface

+ Load func(*request.Request) (Envelope, error)

+ type MaterialDescription map[string]*string

+ func (md MaterialDescription) Clone() (clone MaterialDescription)

+ type Padder interface

+ Name func() string

+ Pad func([]byte, int) ([]byte, error)

+ Unpad func([]byte) ([]byte, error)

+ func NewPKCS7Padder(blockSize int) Padder

+ type S3LoadStrategy struct

+ Client *s3.S3

+ InstructionFileSuffix string

+ func (load S3LoadStrategy) Load(req *request.Request) (Envelope, error)

+ type S3SaveStrategy struct

+ Client *s3.S3

+ InstructionFileSuffix string

+ func (strat S3SaveStrategy) Save(env Envelope, req *request.Request) error

+ type SaveStrategy interface

+ Save func(Envelope, *request.Request) error

+ type WrapEntry func(Envelope) (CipherDataDecrypter, error)

+ func NewKMSWrapEntry(kmsClient kmsiface.KMSAPI) WrapEntry