Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 30 for Unseal (0.26 sec)

  2. github.com/minio/minio

    internal/crypto/key_test.go 

    }

func TestSealUnsealKey(t *testing.T) {
	for i, test := range sealUnsealKeyTests {
		key := GenerateKey(test.SealExtKey[:], rand.Reader)
		sealedKey := key.Seal(test.SealExtKey[:], test.SealIV, test.SealDomain, test.SealBucket, test.SealObject)
		if err := key.Unseal(test.UnsealExtKey[:], sealedKey, test.UnsealDomain, test.UnsealBucket, test.UnsealObject); err == nil && !test.ShouldPass {
			t.Errorf("Test %d should fail but passed successfully", i)
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Fri Feb 02 00:13:57 GMT 2024
    - 6.8K bytes
    - Viewed (0)
  3. github.com/minio/minio

    internal/crypto/key.go 

    	}
	copy(sealedKey.Key[:], encryptedKey.Bytes())
	return sealedKey
}

// Unseal decrypts a sealed key using the 256 bit external key. Since the sealed key
// may be cryptographically bound to the object's path the same bucket/object as during sealing
// must be provided. On success the ObjectKey contains the decrypted sealed key.
func (key *ObjectKey) Unseal(extKey []byte, sealedKey SealedKey, domain, bucket, object string) error {
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Tue Mar 19 20:28:10 GMT 2024
    - 6.4K bytes
    - Viewed (0)
  4. github.com/minio/minio

    internal/crypto/sse-s3.go 

    	if err != nil {
		return key, err
	}
	unsealKey, err := k.DecryptKey(keyID, kmsKey, kms.Context{bucket: path.Join(bucket, object)})
	if err != nil {
		return key, err
	}
	err = key.Unseal(unsealKey, sealedKey, s3.String(), bucket, object)
	return key, err
}

// UnsealObjectsKeys extracts and decrypts all sealed object keys
// from the metadata using the KMS and returns the decrypted object
// keys.
//
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Thu Jan 18 07:03:17 GMT 2024
    - 8.5K bytes
    - Viewed (0)
  5. github.com/minio/minio

    internal/crypto/doc.go 

    //     Output: object_data
//
// ### SSE-S3 and KMS
//
// SSE-S3 requires that the KMS provides two functions:
//
//  1. Generate(KeyID) -> (Key, EncKey)
//
//  2. Unseal(KeyID, EncKey) -> Key
//
//  1. Encrypt:
//     Input: KeyID, bucket, object, metadata, object_data
//     -     Key, EncKey := Generate(KeyID)
//     -              IV := Random({0,1}²⁵⁶)
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Fri Aug 26 19:52:29 GMT 2022
    - 5K bytes
    - Viewed (0)
  6. github.com/minio/minio

    internal/crypto/sse.go 

    	"github.com/minio/sio"
)

const (
	// SealAlgorithm is the encryption/sealing algorithm used to derive & seal
	// the key-encryption-key and to en/decrypt the object data.
	SealAlgorithm = "DAREv2-HMAC-SHA256"

	// InsecureSealAlgorithm is the legacy encryption/sealing algorithm used
	// to derive & seal the key-encryption-key and to en/decrypt the object data.
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Tue Aug 30 15:26:43 GMT 2022
    - 4.4K bytes
    - Viewed (0)
  7. github.com/minio/minio

    cmd/encryption-v1.go 

    			return err
		}
		var objectKey crypto.ObjectKey
		if err = objectKey.Unseal(oldKey, sealedKey, crypto.S3.String(), bucket, object); err != nil {
			return err
		}

		newKey, err := GlobalKMS.GenerateKey(ctx, "", kms.Context{bucket: path.Join(bucket, object)})
		if err != nil {
			return err
		}
		sealedKey = objectKey.Seal(newKey.Plaintext, crypto.GenerateIV(rand.Reader), crypto.S3.String(), bucket, object)
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Thu Apr 04 12:04:40 GMT 2024
    - 36.5K bytes
    - Viewed (0)
  8. github.com/minio/minio

    internal/crypto/sse-kms.go 

    	} else if _, ok := ctx[bucket]; !ok {
		ctx[bucket] = path.Join(bucket, object)
	}
	unsealKey, err := k.DecryptKey(keyID, kmsKey, ctx)
	if err != nil {
		return key, err
	}
	err = key.Unseal(unsealKey, sealedKey, s3.String(), bucket, object)
	return key, err
}

// CreateMetadata encodes the sealed object key into the metadata and returns
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Thu Jan 18 07:03:17 GMT 2024
    - 8.4K bytes
    - Viewed (0)
  9. github.com/minio/minio

    cmd/bucket-metadata.go 

    	if err != nil {
		return nil, err
	}
	extKey, err := GlobalKMS.DecryptKey(keyID, kmsKey, kmsContext)
	if err != nil {
		return nil, err
	}
	var objectKey crypto.ObjectKey
	if err = objectKey.Unseal(extKey, sealedKey, crypto.S3.String(), bucket, ""); err != nil {
		return nil, err
	}

	outbuf := bytes.NewBuffer(nil)
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Thu Apr 04 12:04:40 GMT 2024
    - 16.5K bytes
    - Viewed (0)
  10. github.com/codelibs/jcifs

    src/main/java/jcifs/smb/NtlmContext.java 

            }

        this.sealClientKey = deriveKey(mk, C2S_SEAL_CONSTANT);
        this.sealClientHandle = Crypto.getArcfour(this.sealClientKey);
        if ( log.isDebugEnabled() ) {
            log.debug("Seal key is " + Hexdump.toHexString(this.sealClientKey));
        }

        this.sealServerKey = deriveKey(mk, S2C_SEAL_CONSTANT);
        this.sealServerHandle = Crypto.getArcfour(this.sealServerKey);
    Java
    - Registered: Sun Apr 28 00:10:09 GMT 2024
    - Last Modified: Tue Jul 07 12:07:20 GMT 2020
    - 15.7K bytes
    - Viewed (0)
  11. github.com/minio/minio

    internal/crypto/sse_test.go 

    		Metadata: map[string]string{
			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
			"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256",
			"X-Minio-Internal-Server-Side-Encryption-Iv":             "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
		},
		ExpectedErr: nil,
	},
    Go
    - Registered: Sun Apr 28 19:28:10 GMT 2024
    - Last Modified: Tue Jun 01 21:59:40 GMT 2021
    - 8.4K bytes
    - Viewed (0)
Back to top