Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 28 for Unseal (0.09 sec)

  2. github.com/minio/minio

    internal/crypto/key_test.go 

    }

func TestSealUnsealKey(t *testing.T) {
	for i, test := range sealUnsealKeyTests {
		key := GenerateKey(test.SealExtKey[:], rand.Reader)
		sealedKey := key.Seal(test.SealExtKey[:], test.SealIV, test.SealDomain, test.SealBucket, test.SealObject)
		if err := key.Unseal(test.UnsealExtKey[:], sealedKey, test.UnsealDomain, test.UnsealBucket, test.UnsealObject); err == nil && !test.ShouldPass {
			t.Errorf("Test %d should fail but passed successfully", i)
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Jul 12 20:51:54 UTC 2024
    - 6.7K bytes
    - Viewed (0)
  3. github.com/minio/minio

    internal/crypto/doc.go 

    //     Output: object_data
//
// ### SSE-S3 and KMS
//
// SSE-S3 requires that the KMS provides two functions:
//
//  1. Generate(KeyID) -> (Key, EncKey)
//
//  2. Unseal(KeyID, EncKey) -> Key
//
//  1. Encrypt:
//     Input: KeyID, bucket, object, metadata, object_data
//     -     Key, EncKey := Generate(KeyID)
//     -              IV := Random({0,1}²⁵⁶)
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Aug 26 19:52:29 UTC 2022
    - 5K bytes
    - Viewed (0)
  4. github.com/minio/minio

    internal/crypto/key.go 

    	}
	copy(sealedKey.Key[:], encryptedKey.Bytes())
	return sealedKey
}

// Unseal decrypts a sealed key using the 256 bit external key. Since the sealed key
// may be cryptographically bound to the object's path the same bucket/object as during sealing
// must be provided. On success the ObjectKey contains the decrypted sealed key.
func (key *ObjectKey) Unseal(extKey []byte, sealedKey SealedKey, domain, bucket, object string) error {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Mar 19 20:28:10 UTC 2024
    - 6.4K bytes
    - Viewed (0)
  5. github.com/minio/minio

    internal/crypto/sse-s3.go 

    		Name:           keyID,
		Ciphertext:     kmsKey,
		AssociatedData: kms.Context{bucket: path.Join(bucket, object)},
	})
	if err != nil {
		return key, err
	}
	err = key.Unseal(unsealKey, sealedKey, s3.String(), bucket, object)
	return key, err
}

// UnsealObjectsKeys extracts and decrypts all sealed object keys
// from the metadata using the KMS and returns the decrypted object
// keys.
//
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 07 23:55:37 UTC 2024
    - 7.6K bytes
    - Viewed (0)
  6. github.com/minio/minio

    internal/crypto/sse.go 

    	"github.com/minio/sio"
)

const (
	// SealAlgorithm is the encryption/sealing algorithm used to derive & seal
	// the key-encryption-key and to en/decrypt the object data.
	SealAlgorithm = "DAREv2-HMAC-SHA256"

	// InsecureSealAlgorithm is the legacy encryption/sealing algorithm used
	// to derive & seal the key-encryption-key and to en/decrypt the object data.
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Aug 30 15:26:43 UTC 2022
    - 4.4K bytes
    - Viewed (0)
  7. github.com/minio/minio

    internal/crypto/sse-kms.go 

    	}
	unsealKey, err := k.Decrypt(context.TODO(), &kms.DecryptRequest{
		Name:           keyID,
		Ciphertext:     kmsKey,
		AssociatedData: ctx,
	})
	if err != nil {
		return key, err
	}
	err = key.Unseal(unsealKey, sealedKey, s3.String(), bucket, object)
	return key, err
}

// CreateMetadata encodes the sealed object key into the metadata and returns
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 07 23:55:37 UTC 2024
    - 8.5K bytes
    - Viewed (0)
  8. github.com/minio/minio

    cmd/encryption-v1.go 

    		if err = objectKey.Unseal(oldKey, sealedKey, crypto.S3.String(), bucket, object); err != nil {
			return err
		}

		newKey, err := GlobalKMS.GenerateKey(ctx, &kms.GenerateKeyRequest{
			Name:           GlobalKMS.DefaultKey,
			AssociatedData: kms.Context{bucket: path.Join(bucket, object)},
		})
		if err != nil {
			return err
		}
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sun Oct 13 13:06:08 UTC 2024
    - 37.2K bytes
    - Viewed (0)
  9. github.com/minio/minio

    cmd/bucket-metadata.go 

    		Name:           keyID,
		Ciphertext:     kmsKey,
		AssociatedData: kmsContext,
	})
	if err != nil {
		return nil, err
	}
	var objectKey crypto.ObjectKey
	if err = objectKey.Unseal(extKey, sealedKey, crypto.S3.String(), bucket, ""); err != nil {
		return nil, err
	}

	outbuf := bytes.NewBuffer(nil)
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Aug 28 15:32:18 UTC 2024
    - 18.2K bytes
    - Viewed (0)
  10. github.com/minio/minio

    cmd/testdata/decryptObjectInfo.json.zst 

    X-Minio-Internal-Server-Side-Encryption-S3-Kms-Sealed-Key":"IAAfAJjZ2dY7iCAom9rP/UK/5mmg/gpSloOs8Xjy5gYKtTDfL==","X-Minio-Internal-Server-Side-Encryption-S3-Sealed-Key":"IAAfAN+0R4CsC3ibYvamkvm9KIg+hidIQ==","X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm":"DAREv2-HMAC-SHA256","content-type":"text/plain"}},{"Bucket":"buck1","Name":"go_113/src/cmd/go/testdata/mod/rsc.io_breaker_v1.0.0.txt","UserDef":{"X-Minio-Internal-Server-Side-Encryption-Iv":"HaaoKKQdysUQRnLF1tKF+a0BiM=","X-Minio-Intern...
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Oct 29 16:34:20 UTC 2020
    - 164K bytes
    - Viewed (0)
  11. github.com/minio/minio

    internal/crypto/sse_test.go 

    		Metadata: map[string]string{
			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
			"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256",
			"X-Minio-Internal-Server-Side-Encryption-Iv":             "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
		},
		ExpectedErr: nil,
	},
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Jun 01 21:59:40 UTC 2021
    - 8.4K bytes
    - Viewed (0)
Back to top