Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 19 for Unseal (0.05 sec)

  1. internal/crypto/key_test.go

    }
    
    func TestSealUnsealKey(t *testing.T) {
    	for i, test := range sealUnsealKeyTests {
    		key := GenerateKey(test.SealExtKey[:], rand.Reader)
    		sealedKey := key.Seal(test.SealExtKey[:], test.SealIV, test.SealDomain, test.SealBucket, test.SealObject)
    		if err := key.Unseal(test.UnsealExtKey[:], sealedKey, test.UnsealDomain, test.UnsealBucket, test.UnsealObject); err == nil && !test.ShouldPass {
    			t.Errorf("Test %d should fail but passed successfully", i)
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Jul 12 20:51:54 UTC 2024
    - 6.7K bytes
    - Viewed (0)
  2. internal/crypto/key.go

    	}
    	copy(sealedKey.Key[:], encryptedKey.Bytes())
    	return sealedKey
    }
    
    // Unseal decrypts a sealed key using the 256 bit external key. Since the sealed key
    // may be cryptographically bound to the object's path the same bucket/object as during sealing
    // must be provided. On success the ObjectKey contains the decrypted sealed key.
    func (key *ObjectKey) Unseal(extKey []byte, sealedKey SealedKey, domain, bucket, object string) error {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Mar 19 20:28:10 UTC 2024
    - 6.4K bytes
    - Viewed (0)
  3. internal/crypto/sse-s3.go

    		Name:           keyID,
    		Ciphertext:     kmsKey,
    		AssociatedData: kms.Context{bucket: path.Join(bucket, object)},
    	})
    	if err != nil {
    		return key, err
    	}
    	err = key.Unseal(unsealKey, sealedKey, s3.String(), bucket, object)
    	return key, err
    }
    
    // UnsealObjectsKeys extracts and decrypts all sealed object keys
    // from the metadata using the KMS and returns the decrypted object
    // keys.
    //
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 07 23:55:37 UTC 2024
    - 7.6K bytes
    - Viewed (0)
  4. internal/crypto/sse-kms.go

    	}
    	unsealKey, err := k.Decrypt(context.TODO(), &kms.DecryptRequest{
    		Name:           keyID,
    		Ciphertext:     kmsKey,
    		AssociatedData: ctx,
    	})
    	if err != nil {
    		return key, err
    	}
    	err = key.Unseal(unsealKey, sealedKey, s3.String(), bucket, object)
    	return key, err
    }
    
    // CreateMetadata encodes the sealed object key into the metadata and returns
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 07 23:55:37 UTC 2024
    - 8.5K bytes
    - Viewed (0)
  5. cmd/encryption-v1.go

    		if err = objectKey.Unseal(oldKey, sealedKey, crypto.S3.String(), bucket, object); err != nil {
    			return err
    		}
    
    		newKey, err := GlobalKMS.GenerateKey(ctx, &kms.GenerateKeyRequest{
    			Name:           GlobalKMS.DefaultKey,
    			AssociatedData: kms.Context{bucket: path.Join(bucket, object)},
    		})
    		if err != nil {
    			return err
    		}
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sun Oct 13 13:06:08 UTC 2024
    - 37.2K bytes
    - Viewed (0)
  6. cmd/bucket-metadata.go

    		Name:           keyID,
    		Ciphertext:     kmsKey,
    		AssociatedData: kmsContext,
    	})
    	if err != nil {
    		return nil, err
    	}
    	var objectKey crypto.ObjectKey
    	if err = objectKey.Unseal(extKey, sealedKey, crypto.S3.String(), bucket, ""); err != nil {
    		return nil, err
    	}
    
    	outbuf := bytes.NewBuffer(nil)
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Aug 28 15:32:18 UTC 2024
    - 18.2K bytes
    - Viewed (0)
  7. internal/crypto/error.go

    	errMissingInternalSealAlgorithm = Errorf("The object metadata is missing the internal seal algorithm")
    
    	errInvalidInternalIV            = Errorf("The internal encryption IV is malformed")
    	errInvalidInternalSealAlgorithm = Errorf("The internal seal algorithm is invalid and not supported")
    )
    
    // errOutOfEntropy indicates that the a source of randomness (PRNG) wasn't able
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Mar 28 17:44:56 UTC 2024
    - 4.4K bytes
    - Viewed (0)
  8. cmd/handler-utils.go

    var validSSEReplicationHeaders = map[string]string{
    	"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "X-Minio-Replication-Server-Side-Encryption-Sealed-Key",
    	"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "X-Minio-Replication-Server-Side-Encryption-Seal-Algorithm",
    	"X-Minio-Internal-Server-Side-Encryption-Iv":             "X-Minio-Replication-Server-Side-Encryption-Iv",
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Mon Jun 10 15:31:51 UTC 2024
    - 15.5K bytes
    - Viewed (0)
  9. internal/crypto/metadata_test.go

    			t.Errorf("Test %d: sealed KMS data mismatch: got '%v' - want '%v'", i, kmsKey, test.SealedDataKey)
    		}
    		if sealedKey.Algorithm != test.SealedKey.Algorithm {
    			t.Errorf("Test %d: seal algorithm mismatch: got '%s' - want '%s'", i, sealedKey.Algorithm, test.SealedKey.Algorithm)
    		}
    		if !bytes.Equal(sealedKey.IV[:], test.SealedKey.IV[:]) {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Jul 12 20:51:54 UTC 2024
    - 18.7K bytes
    - Viewed (0)
  10. internal/crypto/sse-c.go

    // metadata map if metadata is nil.
    func (ssec) CreateMetadata(metadata map[string]string, sealedKey SealedKey) map[string]string {
    	if sealedKey.Algorithm != SealAlgorithm {
    		logger.CriticalIf(context.Background(), Errorf("The seal algorithm '%s' is invalid for SSE-C", sealedKey.Algorithm))
    	}
    
    	if metadata == nil {
    		metadata = make(map[string]string, 3)
    	}
    	metadata[MetaAlgorithm] = SealAlgorithm
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Jan 18 07:03:17 UTC 2024
    - 5.2K bytes
    - Viewed (0)
Back to top