sealed - Code Search

cmd/testdata/decryptObjectInfo.json.zst

c+d3vF5fW5pWtPEyxNC/oTP80=","X-Minio-Internal-Server-Side-Encryption-S3-Kms-Key-Id":"my-minio-key","X-Minio-Internal-Server-Side-Encryption-S3-Kms-Sealed-Key":"IAAfAJjZ2dY7iCAom9rP/UK/5mmg/gpSloOs8Xjy5gYKtTDfL==","X-Minio-Internal-Server-Side-Encryption-S3-Sealed-Key":"IAAfAN+0R4CsC3ibYvamkvm9KIg+hidIQ==","X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm":"DAREv2-HMAC-SHA256","content-type":"text/plain"}},{"Bucket":"buck1","Name":"go_113/src/cmd/go/testdata/mod/rsc.io_breaker_v1.0.0.txt","...

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Thu Oct 29 16:34:20 GMT 2020

- 164K bytes

- Click Count (0)

github.com/minio/minio

internal/crypto/sse-s3.go

		return keyID, kmsKey, sealedKey, Errorf("The internal sealed key for SSE-S3 is invalid")
	}
	if idPresent && kmsKeyPresent { // We are using a KMS -> parse the sealed KMS data key.
		kmsKey, err = base64.StdEncoding.DecodeString(b64KMSSealedKey)
		if err != nil {
			return keyID, kmsKey, sealedKey, Errorf("The internal sealed KMS data key for SSE-S3 is invalid")
		}
	}

	sealedKey.Algorithm = algorithm

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Tue May 07 23:55:37 GMT 2024

- 7.6K bytes

- Click Count (0)

github.com/minio/minio

internal/crypto/metadata_test.go

		}
		if sealedKey.Algorithm != test.SealedKey.Algorithm {
			t.Errorf("Test %d: got sealed key algorithm '%v' - want sealed key algorithm '%v'", i, sealedKey.Algorithm, test.SealedKey.Algorithm)
		}
		if !bytes.Equal(sealedKey.Key[:], test.SealedKey.Key[:]) {
			t.Errorf("Test %d: got sealed key '%v' - want sealed key '%v'", i, sealedKey.Key, test.SealedKey.Key)
		}
		if !bytes.Equal(sealedKey.IV[:], test.SealedKey.IV[:]) {

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Fri Jul 12 20:51:54 GMT 2024

- 18.7K bytes

- Click Count (0)

github.com/minio/minio

internal/crypto/metadata.go

	MetaAlgorithm = "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm"

	// MetaSealedKeySSEC is the sealed object encryption key in case of SSE-C.
	MetaSealedKeySSEC = "X-Minio-Internal-Server-Side-Encryption-Sealed-Key"
	// MetaSealedKeyS3 is the sealed object encryption key in case of SSE-S3
	MetaSealedKeyS3 = "X-Minio-Internal-Server-Side-Encryption-S3-Sealed-Key"
	// MetaSealedKeyKMS is the sealed object encryption key in case of SSE-KMS

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Mon Jun 10 17:40:33 GMT 2024

- 6.4K bytes

- Click Count (0)

github.com/minio/minio

internal/crypto/sse-c.go

}

// CreateMetadata encodes the sealed key into the metadata
// and returns the modified metadata. It allocates a new
// metadata map if metadata is nil.
func (ssec) CreateMetadata(metadata map[string]string, sealedKey SealedKey) map[string]string {
	if sealedKey.Algorithm != SealAlgorithm {
		logger.CriticalIf(context.Background(), Errorf("The seal algorithm '%s' is invalid for SSE-C", sealedKey.Algorithm))
	}

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Sun Sep 28 20:59:21 GMT 2025

- 5.2K bytes

- Click Count (0)

github.com/minio/minio

cmd/storage-datatypes_test.go

ver-Side-Encryption-S3-Kms-Key-Id": "my-minio-key", "X-Minio-Internal-Server-Side-Encryption-S3-Kms-Sealed-Key": "IAAfAP2p7ZLv3UpLwBnsKkF2mtWba0qoY42tymK0szRgGvAxBNcXyHXYooe9dQpeeEJWgKUa/8R61oCy1mFwIg==", "X-Minio-Internal-Server-Side-Encryption-S3-Sealed-Key": "IAAfAPFYRDkHVirJBJxBixNj3PLWt78dFuUTyTLIdLG820J7XqLPBO4gpEEEWw/DoTsJIb+apnaem+rKtQ1h3Q==", "X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256", "content-type": "application/octet-stream", "etag": "20000f00e2c37...

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Fri Aug 29 02:39:48 GMT 2025

- 9.1K bytes

- Click Count (0)

github.com/minio/minio

internal/crypto/sse-kms.go

		return keyID, kmsKey, sealedKey, ctx, Errorf("The internal sealed key for SSE-KMS is invalid")
	}
	if idPresent && kmsKeyPresent { // We are using a KMS -> parse the sealed KMS data key.
		kmsKey, err = base64.StdEncoding.DecodeString(b64KMSSealedKey)
		if err != nil {
			return keyID, kmsKey, sealedKey, ctx, Errorf("The internal sealed KMS data key for SSE-KMS is invalid")
		}
	}
	b64Ctx, ok := metadata[MetaContext]

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Tue May 07 23:55:37 GMT 2024

- 8.5K bytes

- Click Count (0)

github.com/minio/minio

internal/crypto/key.go

		logger.CriticalIf(context.Background(), errors.New("Unable to generate sealed key"))
	}
	sealedKey := SealedKey{
		IV:        iv,
		Algorithm: SealAlgorithm,
	}
	copy(sealedKey.Key[:], encryptedKey.Bytes())
	return sealedKey
}

// Unseal decrypts a sealed key using the 256 bit external key. Since the sealed key
// may be cryptographically bound to the object's path the same bucket/object as during sealing

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Fri May 16 14:27:42 GMT 2025

- 6.2K bytes

- Click Count (0)

github.com/minio/minio

internal/crypto/sse_test.go

		},
		Bucket: "bucket",
		Object: "object",
		Metadata: map[string]string{
			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
			"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256",
			"X-Minio-Internal-Server-Side-Encryption-Iv":             "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
		},

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Tue Jun 01 21:59:40 GMT 2021

- 8.4K bytes

- Click Count (0)

github.com/minio/minio

internal/crypto/sse.go

	"github.com/minio/sio"
)

const (
	// SealAlgorithm is the encryption/sealing algorithm used to derive & seal
	// the key-encryption-key and to en/decrypt the object data.
	SealAlgorithm = "DAREv2-HMAC-SHA256"

	// InsecureSealAlgorithm is the legacy encryption/sealing algorithm used
	// to derive & seal the key-encryption-key and to en/decrypt the object data.

Created: Sun Dec 28 19:28:13 GMT 2025

- Last Modified: Sun Sep 28 20:59:21 GMT 2025

- 4.3K bytes

- Click Count (0)

Search Options