Search Options

Results per page
Sort
Preferred Languages
Advance

Results 11 - 20 of 81 for sse (0.01 sec)

  1. docs/iam/policies/deny-non-sse-kms-objects.json

    Shubhendu <******@****.***> 1715701387 +0530
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 14 15:43:07 UTC 2024
    - 413 bytes
    - Viewed (0)
  2. docs/iam/policies/deny-objects-with-invalid-sse-kms-key-id.json

    Shubhendu <******@****.***> 1715701387 +0530
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 14 15:43:07 UTC 2024
    - 439 bytes
    - Viewed (0)
  3. docs/security/README.md

    MinIO supports two different types of server-side encryption ([SSE](#sse)):
    
    - **SSE-C**: The MinIO server en/decrypts an object with a secret key provided by the S3 client as part of the HTTP request headers. Therefore, [SSE-C](#ssec) requires TLS/HTTPS.
    - **SSE-S3**: The MinIO server en/decrypts an object with a secret key managed by a KMS. Therefore, MinIO requires a valid KMS configuration for [SSE-S3](#sses3).
    
    ### Server-Side Encryption - Preliminaries
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sat Feb 12 00:51:25 UTC 2022
    - 13.8K bytes
    - Viewed (0)
  4. internal/crypto/key_test.go

    		SealExtKey: [32]byte{}, SealIV: [32]byte{}, SealDomain: "SSE-C", SealBucket: "bucket", SealObject: "object",
    		UnsealExtKey: [32]byte{}, UnsealDomain: "SSE-C", UnsealBucket: "bucket", UnsealObject: "object",
    		ShouldPass: true,
    	}, // 0
    	{
    		SealExtKey: [32]byte{}, SealIV: [32]byte{}, SealDomain: "SSE-C", SealBucket: "bucket", SealObject: "object",
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Jul 12 20:51:54 UTC 2024
    - 6.7K bytes
    - Viewed (0)
  5. internal/etag/etag.go

    //
    // S3 specifies three types of server-side-encryption - SSE-C, SSE-S3
    // and SSE-KMS - with different semantics w.r.t. ETags.
    // In case of SSE-S3, the ETag of an object is computed the same as
    // for single resp. multipart plaintext objects. In particular,
    // the ETag of a singlepart SSE-S3 object is its content MD5.
    //
    // In case of SSE-C and SSE-KMS, the ETag of an object is computed
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sun Mar 10 21:09:36 UTC 2024
    - 13.3K bytes
    - Viewed (0)
  6. internal/crypto/metadata.go

    	// MetaSealedKeySSEC is the sealed object encryption key in case of SSE-C.
    	MetaSealedKeySSEC = "X-Minio-Internal-Server-Side-Encryption-Sealed-Key"
    	// MetaSealedKeyS3 is the sealed object encryption key in case of SSE-S3
    	MetaSealedKeyS3 = "X-Minio-Internal-Server-Side-Encryption-S3-Sealed-Key"
    	// MetaSealedKeyKMS is the sealed object encryption key in case of SSE-KMS
    	MetaSealedKeyKMS = "X-Minio-Internal-Server-Side-Encryption-Kms-Sealed-Key"
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Mon Jun 10 17:40:33 UTC 2024
    - 6.4K bytes
    - Viewed (0)
  7. internal/crypto/auto-encryption.go

    	"github.com/minio/pkg/v3/env"
    )
    
    const (
    	// EnvKMSAutoEncryption is the environment variable used to en/disable
    	// SSE-S3 auto-encryption. SSE-S3 auto-encryption, if enabled,
    	// requires a valid KMS configuration and turns any non-SSE-C
    	// request into an SSE-S3 request.
    	// If present EnvAutoEncryption must be either "on" or "off".
    	EnvKMSAutoEncryption = "MINIO_KMS_AUTO_ENCRYPTION"
    )
    
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri May 24 23:05:23 UTC 2024
    - 1.4K bytes
    - Viewed (0)
  8. internal/crypto/error.go

    	ErrCustomerKeyMD5Mismatch = Errorf("The provided SSE-C key MD5 does not match the computed MD5 of the SSE-C key")
    	// ErrIncompatibleEncryptionMethod indicates that both SSE-C headers and SSE-S3 headers were specified, and are incompatible
    	// The client needs to remove the SSE-S3 header or the SSE-C headers
    	ErrIncompatibleEncryptionMethod = Errorf("Server side encryption specified with both SSE-C and SSE-S3 headers")
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Mar 28 17:44:56 UTC 2024
    - 4.4K bytes
    - Viewed (0)
  9. internal/crypto/doc.go

    //     -   SealedKey <- metadata
    //     -   KeyEncKey := HMAC-SHA256(ClientKey, IV || 'SSE-C' || 'DAREv2-HMAC-SHA256' || bucket || '/' || object)
    //     -   ObjectKey := DAREv2_Dec(KeyEncKey, SealedKey)
    //     - object_data := DAREv2_Dec(ObjectKey, enc_object_data)
    //     Output: object_data
    //
    // ## SSE-S3
    //
    // SSE-S3 can use either a master key or a KMS as root-of-trust.
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Aug 26 19:52:29 UTC 2022
    - 5K bytes
    - Viewed (0)
  10. docs/iam/policies/pbac-tests.sh

    mc admin policy create myminio/ deny-non-sse-kms-pol ./docs/iam/policies/deny-non-sse-kms-objects.json
    mc admin policy create myminio/ deny-invalid-sse-kms-pol ./docs/iam/policies/deny-objects-with-invalid-sse-kms-key-id.json
    
    mc admin policy attach myminio deny-non-sse-kms-pol --user minio123
    mc admin policy attach myminio deny-invalid-sse-kms-pol --user minio123
    mc admin policy attach myminio consoleAdmin --user minio123
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Jun 25 01:15:27 UTC 2024
    - 2.5K bytes
    - Viewed (0)
Back to top