if len(value.IV) != IVSize {
		return ErrDecrypt
	}
	if len(value.Nonce) != NonceSize {
		return ErrDecrypt
	}

	switch value.Algorithm {
	case AES256GCM:
		c.Algorithm = kms.AES256
	case CHACHA20POLY1305:
		c.Algorithm = kms.ChaCha20
	default:
		c.Algorithm = 0
	}
	c.ID = value.ID
	c.IV = value.IV
	c.Nonce = value.Nonce
	c.Bytes = value.Bytes
	return nil

		return nil, err
	}
	if stream.NonceSize() != len(metadata.Nonce) {
		return nil, sio.NotAuthentic
	}
	return stream.DecryptReader(ciphertext, metadata.Nonce, nil), nil
}

type encryptedObject struct {
	KeyID  string `json:"keyid"`
	KMSKey []byte `json:"kmskey"`

	Algorithm sio.Algorithm `json:"algorithm"`
	Nonce     []byte        `json:"nonce"`

	}

	stream, err := sio.AES_256_GCM.Stream(key)
	if err != nil {
		return err
	}
	// Zero nonce, we only use each key once, and 32 bytes is plenty.
	nonce := make([]byte, stream.NonceSize())
	encr := stream.DecryptReader(r, nonce, nil)
	_, err = io.Copy(w, encr)
	if err == nil {
		fmt.Println(okMsg)
	}
	return err

	}
	var nonce [32]byte
	if _, err := io.ReadFull(random, nonce[:]); err != nil {
		logger.CriticalIf(context.Background(), errOutOfEntropy)
	}

	const Context = "object-encryption-key generation"
	mac := hmac.New(sha256.New, extKey)
	mac.Write([]byte(Context))
	mac.Write(nonce[:])
	mac.Sum(key[:0])
	return key
}

		Ciphertext: `{"aead":"ChaCha20Poly1305","iv":"JbI+vwvYww1lCb5VpkAFuQ==","nonce":"ARjIjJxBSD541Gz8","bytes":"KCbEc2sA0TLvA7aWTWa23AdccVfJMpOxwgG8hm+4PaNrxYfy1xFWZg2gEenVrOgv"}`,
	},
	{
		KeyID:      "my-key",
		Plaintext:  "UnPWsZgVI+T4L9WGNzFlP1PsP1Z6hn2Fx8ISeZfDGnA=",
		Ciphertext: `{"aead":"ChaCha20Poly1305","iv":"r4+yfiVbVIYR0Z2I9Fq+6g==","nonce":"2YpwGwE59GcVraI3","bytes":"k/svMglOU7/Kgwv73heG38NWW575XLcFp3SaxQHDMjJGYyRI3Fiygu2OeutGPXNL"}`,

##### Figure 1 - Secure Channel construction

```
plaintext   := chunk_0          ||       chunk_1          ||       chunk_2          ||       ...
                 |                         |                         |
                 |                         |                         |
               AEAD <- key, nonce + 0    AEAD <- key, nonce + 1    AEAD <- key, nonce + 2    ...

			return
		}
		copy(objectEncryptionKey[:], key)

		var nonce [12]byte
		tmp := sha256.Sum256(fmt.Append(nil, uploadID, partID))
		copy(nonce[:], tmp[:12])

		partEncryptionKey := objectEncryptionKey.DerivePartKey(uint32(partID))
		encReader, err := sio.EncryptReader(reader, sio.Config{
			Key:   partEncryptionKey[:],
			Nonce: &nonce,
		})
		if err != nil {

	//   return len(e) > 16 && !bytes.ContainsRune(e, '-')
	//
	// An encrypted ETag may contain some random bytes - e.g.
	// and nonce value. This nonce value may contain a '-'
	// just by its nature of being randomly generated.
	// The above implementation would incorrectly consider
	// such an ETag (with a nonce value containing a '-')
	// as non-encrypted.

	return len(e) >= 32 // We consider all ETags longer than 32 bytes as encrypted
}

tTable, aes.EncryptionKeySchedul(&g.cipher)) } func seal(out []byte, g *GCM, nonce, plaintext, data []byte) { if !supportsAESGCM { sealGeneric(out, g, nonce, plaintext, data) return } var counter, tagMask [gcmBlockSize]byte if len(nonce) == gcmStandardNonceSize { // Init counter to nonce||1 copy(counter[:], nonce) counter[gcmBlockSize-1] = 1 } else { // Otherwise counter = GHASH(nonce) gcmAesData(&g.productTable, nonce, &counter) gcmAesFinish(&g.productTable, &tagMask, &counter, uint64(len(nonce)),...

tTable, aes.EncryptionKeySchedul(&g.cipher)) } func seal(out []byte, g *GCM, nonce, plaintext, data []byte) { if !supportsAESGCM { sealGeneric(out, g, nonce, plaintext, data) return } var counter, tagMask [gcmBlockSize]byte if len(nonce) == gcmStandardNonceSize { // Init counter to nonce||1 copy(counter[:], nonce) counter[gcmBlockSize-1] = 1 } else { // Otherwise counter = GHASH(nonce) gcmAesData(&g.productTable, nonce, &counter) gcmAesFinish(&g.productTable, &tagMask, &counter, uint64(len(nonce)),...