const ( GcmTagSizeBits = "128" KMSKeyring = "kms" KMSContextKeyring = "kms+context" GrantTokens = "GrantTokens" )
This section is empty.
This section is empty.
CryptographicMaterials is used for content encryption. It is used for storing the metadata of the encrypted content.
CryptographicMaterialsManager (CMM) assembles the cryptographic materials used to encrypt and decrypt the encrypted objects.
type DataKey struct {
KeyMaterial []byte
EncryptedDataKey []byte
DataKeyAlgorithm string
}
DecryptMaterialsRequest contains the information required to assemble the DecryptionMaterials which are used by Keyring.OnDecrypt to decrypt the encrypted data key.
type DefaultCryptographicMaterialsManager struct {
Keyring *Keyring
}
DefaultCryptographicMaterialsManager provides support for encrypting and decrypting S3 objects using the configured Keyring.
NewCryptographicMaterialsManager creates a new DefaultCryptographicMaterialsManager with the given Keyring. The Keyring provided must not be nil. If Keyring is nil, NewCryptographicMaterialsManager will return error.
DecryptMaterials uses the provided DecryptMaterialsRequest to assemble DecryptionMaterials which are used by Keyring.OnDecrypt to decrypt the encrypted data key.
GetEncryptionMaterials assembles the required EncryptionMaterials and then calls Keyring.OnEncrypt to encrypt the materials.
type EncryptionMaterials struct {
}
Keyring implementations are responsible for encrypting/decrypting data keys using some kind of key material. Keyring implementations MAY support decryption-only (i.e. for legacy algorithms) or both encryption (including data key generation) and decryption.
type KeyringOptions struct {
EnableLegacyWrappingAlgorithms bool
}
KeyringOptions is for additional configuration on Keyring types to perform additional behaviors. When EnableLegacyWrappingAlgorithms is set to true, the Keyring MAY decrypt objects encrypted using legacy wrapping algorithms such as KMS v1.
KmsAPIClient is a client that implements the GenerateDataKey and Decrypt operations
type KmsAnyKeyKeyring struct {
}
KmsAnyKeyKeyring is decrypt-only.
NewKmsDecryptOnlyAnyKeyKeyring creates a new KmsAnyKeyKeyring. This Keyring uses the KMS identifier persisted in the data key's ciphertext to decrypt the data key.
OnDecrypt decrypts the encryptedDataKeys and returns them in materials for use with content decryption, or an error if the object cannot be decrypted by the Keyring as its configured.
OnEncrypt generates/encrypts a data key for use with content encryption The KmsAnyKeyKeyring does not support OnEncrypt, so an error is returned.
type KmsKeyring struct {
KmsKeyId string
}
KmsKeyring encrypts with encryption context and on decrypt it checks for the algorithm in the material description and makes the call to commonDecrypt with the correct parameters
NewKmsKeyring creates a new KmsKeyring which calls KMS to encrypt/decrypt the data key used to encrypt the S3 object. The KmsKeyring will always use the kmsKeyId provided to encrypt and decrypt messages.
OnDecrypt decrypts the encryptedDataKeys and returns them in materials for use with content decryption, or an error if the object cannot be decrypted by the Keyring as its configured.
OnEncrypt generates/encrypts a data key for use with content encryption.
MaterialDescription is used to identify how and what master key has been used.
Clone returns a copy of the MaterialDescription
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4