Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 45 for keyId (0.02 sec)

  1. internal/kms/secret-key.go

    	}
    	return &KMS{
    		Type:       Builtin,
    		DefaultKey: keyID,
    		conn: secretKey{
    			keyID: keyID,
    			key:   key,
    		},
    		latencyBuckets: defaultLatencyBuckets,
    		latency:        make([]atomic.Uint64, len(defaultLatencyBuckets)),
    	}, nil
    }
    
    // secretKey is a KMS implementation that derives new DEKs
    // from a single key.
    type secretKey struct {
    	keyID string
    	key   []byte
    }
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sun Aug 18 06:43:03 UTC 2024
    - 8.3K bytes
    - Viewed (0)
  2. internal/crypto/doc.go

    //
    // ### SSE-S3 and KMS
    //
    // SSE-S3 requires that the KMS provides two functions:
    //
    //  1. Generate(KeyID) -> (Key, EncKey)
    //
    //  2. Unseal(KeyID, EncKey) -> Key
    //
    //  1. Encrypt:
    //     Input: KeyID, bucket, object, metadata, object_data
    //     -     Key, EncKey := Generate(KeyID)
    //     -              IV := Random({0,1}²⁵⁶)
    //     -       ObjectKey := SHA256(Key, Random({0,1}²⁵⁶))
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Aug 26 19:52:29 UTC 2022
    - 5K bytes
    - Viewed (0)
  3. internal/crypto/sse-s3.go

    // KMS master key ID nor a sealed KMS data key it returns an empty keyID and
    // KMS data key. Otherwise, it returns an error.
    func (sses3) ParseMetadata(metadata map[string]string) (keyID string, kmsKey []byte, sealedKey SealedKey, err error) {
    	// Extract all required values from object metadata
    	b64IV, ok := metadata[MetaIV]
    	if !ok {
    		return keyID, kmsKey, sealedKey, errMissingInternalIV
    	}
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 07 23:55:37 UTC 2024
    - 7.6K bytes
    - Viewed (0)
  4. internal/crypto/sse-kms.go

    		if err := json.Unmarshal(b, &ctx); err != nil {
    			return "", nil, err
    		}
    	}
    
    	keyID := h.Get(xhttp.AmzServerSideEncryptionKmsID)
    	spaces := strings.HasPrefix(keyID, " ") || strings.HasSuffix(keyID, " ")
    	if spaces {
    		return "", nil, ErrInvalidEncryptionKeyID
    	}
    	return strings.TrimPrefix(keyID, ARNPrefix), ctx, nil
    }
    
    // IsEncrypted returns true if the object metadata indicates
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 07 23:55:37 UTC 2024
    - 8.5K bytes
    - Viewed (0)
  5. internal/bucket/encryption/bucket-sse-config_test.go

    				t.Errorf("Test case %d: Expected %s but got %s", i+1, tc.expectedErr, err)
    			}
    			continue
    		}
    
    		if tc.keyID != "" && tc.keyID != ssec.KeyID() {
    			t.Errorf("Test case %d: Expected bucket encryption KeyID %s but got %s", i+1, tc.keyID, ssec.KeyID())
    		}
    
    		if expectedXML, err := xml.Marshal(tc.expectedConfig); err != nil || !bytes.Equal(expectedXML, []byte(tc.inputXML)) {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Aug 16 18:28:30 UTC 2022
    - 6.1K bytes
    - Viewed (0)
  6. cmd/kms-handlers.go

    		return
    	}
    
    	if GlobalKMS == nil {
    		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrKMSNotConfigured), r.URL)
    		return
    	}
    
    	keyID := r.Form.Get("key-id")
    	if keyID == "" {
    		keyID = GlobalKMS.DefaultKey
    	}
    	response := madmin.KMSKeyStatus{
    		KeyID: keyID,
    	}
    
    	// Ensure policy allows the user to get this key's status
    	cred, owner, s3Err := validateAdminSignature(ctx, r, "")
    	if s3Err != ErrNone {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sun Aug 18 06:43:03 UTC 2024
    - 10.1K bytes
    - Viewed (0)
  7. internal/crypto/metadata_test.go

    			}
    		}
    		if !bytes.Equal(dataKey, test.DataKey) {
    			t.Errorf("Test %d: got data key '%v' - want data key '%v'", i, dataKey, test.DataKey)
    		}
    		if keyID != test.KeyID {
    			t.Errorf("Test %d: got key-ID '%v' - want key-ID '%v'", i, keyID, test.KeyID)
    		}
    		if sealedKey.Algorithm != test.SealedKey.Algorithm {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Jul 12 20:51:54 UTC 2024
    - 18.7K bytes
    - Viewed (0)
  8. internal/kms/conn.go

    // MarshalText encodes the DEK's key ID and ciphertext
    // as JSON.
    func (d DEK) MarshalText() ([]byte, error) {
    	type JSON struct {
    		KeyID      string `json:"keyid"`
    		Version    uint32 `json:"version,omitempty"`
    		Ciphertext []byte `json:"ciphertext"`
    	}
    	return json.Marshal(JSON{
    		KeyID:      d.KeyID,
    		Version:    uint32(d.Version),
    		Ciphertext: d.Ciphertext,
    	})
    }
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sun Aug 18 06:43:03 UTC 2024
    - 5K bytes
    - Viewed (0)
  9. internal/kms/secret-key_test.go

    		}
    	}
    }
    
    var decryptKeyTests = []struct {
    	KeyID      string
    	Plaintext  string
    	Ciphertext string
    	Context    Context
    }{
    	{
    		KeyID:      "my-key",
    		Plaintext:  "zmS7NrG765UZ0ZN85oPjybelxqVvpz01vxsSpOISy2M=",
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 07 23:55:37 UTC 2024
    - 2.9K bytes
    - Viewed (0)
  10. internal/bucket/encryption/bucket-sse-config.go

    				return nil, errors.New("MasterKeyID is allowed with aws:kms only")
    			}
    		case AWSKms:
    			keyID := rule.DefaultEncryptionAction.MasterKeyID
    			if keyID == "" {
    				return nil, errors.New("MasterKeyID is missing with aws:kms")
    			}
    			spaces := strings.HasPrefix(keyID, " ") || strings.HasSuffix(keyID, " ")
    			if spaces {
    				return nil, errors.New("MasterKeyID contains unsupported characters")
    			}
    		}
    	}
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Oct 25 00:44:15 UTC 2022
    - 4.9K bytes
    - Viewed (0)
Back to top