Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 28 for Unseal (0.46 sec)

  1. internal/crypto/key_test.go

    }
    
    func TestSealUnsealKey(t *testing.T) {
    	for i, test := range sealUnsealKeyTests {
    		key := GenerateKey(test.SealExtKey[:], rand.Reader)
    		sealedKey := key.Seal(test.SealExtKey[:], test.SealIV, test.SealDomain, test.SealBucket, test.SealObject)
    		if err := key.Unseal(test.UnsealExtKey[:], sealedKey, test.UnsealDomain, test.UnsealBucket, test.UnsealObject); err == nil && !test.ShouldPass {
    			t.Errorf("Test %d should fail but passed successfully", i)
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Jul 12 20:51:54 UTC 2024
    - 6.7K bytes
    - Viewed (0)
  2. internal/crypto/doc.go

    //     Output: object_data
    //
    // ### SSE-S3 and KMS
    //
    // SSE-S3 requires that the KMS provides two functions:
    //
    //  1. Generate(KeyID) -> (Key, EncKey)
    //
    //  2. Unseal(KeyID, EncKey) -> Key
    //
    //  1. Encrypt:
    //     Input: KeyID, bucket, object, metadata, object_data
    //     -     Key, EncKey := Generate(KeyID)
    //     -              IV := Random({0,1}²⁵⁶)
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Fri Aug 26 19:52:29 UTC 2022
    - 5K bytes
    - Viewed (0)
  3. internal/crypto/key.go

    	}
    	copy(sealedKey.Key[:], encryptedKey.Bytes())
    	return sealedKey
    }
    
    // Unseal decrypts a sealed key using the 256 bit external key. Since the sealed key
    // may be cryptographically bound to the object's path the same bucket/object as during sealing
    // must be provided. On success the ObjectKey contains the decrypted sealed key.
    func (key *ObjectKey) Unseal(extKey []byte, sealedKey SealedKey, domain, bucket, object string) error {
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Mar 19 20:28:10 UTC 2024
    - 6.4K bytes
    - Viewed (0)
  4. internal/crypto/sse-s3.go

    		Name:           keyID,
    		Ciphertext:     kmsKey,
    		AssociatedData: kms.Context{bucket: path.Join(bucket, object)},
    	})
    	if err != nil {
    		return key, err
    	}
    	err = key.Unseal(unsealKey, sealedKey, s3.String(), bucket, object)
    	return key, err
    }
    
    // UnsealObjectsKeys extracts and decrypts all sealed object keys
    // from the metadata using the KMS and returns the decrypted object
    // keys.
    //
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 07 23:55:37 UTC 2024
    - 7.6K bytes
    - Viewed (0)
  5. internal/crypto/sse.go

    	"github.com/minio/sio"
    )
    
    const (
    	// SealAlgorithm is the encryption/sealing algorithm used to derive & seal
    	// the key-encryption-key and to en/decrypt the object data.
    	SealAlgorithm = "DAREv2-HMAC-SHA256"
    
    	// InsecureSealAlgorithm is the legacy encryption/sealing algorithm used
    	// to derive & seal the key-encryption-key and to en/decrypt the object data.
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Aug 30 15:26:43 UTC 2022
    - 4.4K bytes
    - Viewed (0)
  6. internal/crypto/sse-kms.go

    	}
    	unsealKey, err := k.Decrypt(context.TODO(), &kms.DecryptRequest{
    		Name:           keyID,
    		Ciphertext:     kmsKey,
    		AssociatedData: ctx,
    	})
    	if err != nil {
    		return key, err
    	}
    	err = key.Unseal(unsealKey, sealedKey, s3.String(), bucket, object)
    	return key, err
    }
    
    // CreateMetadata encodes the sealed object key into the metadata and returns
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue May 07 23:55:37 UTC 2024
    - 8.5K bytes
    - Viewed (0)
  7. cmd/encryption-v1.go

    		if err = objectKey.Unseal(oldKey, sealedKey, crypto.S3.String(), bucket, object); err != nil {
    			return err
    		}
    
    		newKey, err := GlobalKMS.GenerateKey(ctx, &kms.GenerateKeyRequest{
    			Name:           GlobalKMS.DefaultKey,
    			AssociatedData: kms.Context{bucket: path.Join(bucket, object)},
    		})
    		if err != nil {
    			return err
    		}
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Sun Oct 13 13:06:08 UTC 2024
    - 37.2K bytes
    - Viewed (0)
  8. cmd/bucket-metadata.go

    		Name:           keyID,
    		Ciphertext:     kmsKey,
    		AssociatedData: kmsContext,
    	})
    	if err != nil {
    		return nil, err
    	}
    	var objectKey crypto.ObjectKey
    	if err = objectKey.Unseal(extKey, sealedKey, crypto.S3.String(), bucket, ""); err != nil {
    		return nil, err
    	}
    
    	outbuf := bytes.NewBuffer(nil)
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Wed Aug 28 15:32:18 UTC 2024
    - 18.2K bytes
    - Viewed (0)
  9. cmd/testdata/decryptObjectInfo.json.zst

    X-Minio-Internal-Server-Side-Encryption-S3-Kms-Sealed-Key":"IAAfAJjZ2dY7iCAom9rP/UK/5mmg/gpSloOs8Xjy5gYKtTDfL==","X-Minio-Internal-Server-Side-Encryption-S3-Sealed-Key":"IAAfAN+0R4CsC3ibYvamkvm9KIg+hidIQ==","X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm":"DAREv2-HMAC-SHA256","content-type":"text/plain"}},{"Bucket":"buck1","Name":"go_113/src/cmd/go/testdata/mod/rsc.io_breaker_v1.0.0.txt","UserDef":{"X-Minio-Internal-Server-Side-Encryption-Iv":"HaaoKKQdysUQRnLF1tKF+a0BiM=","X-Minio-Intern...
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Thu Oct 29 16:34:20 UTC 2020
    - 164K bytes
    - Viewed (0)
  10. internal/crypto/sse_test.go

    		Metadata: map[string]string{
    			"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "IAAfAMBdYor5tf/UlVaQvwYlw5yKbPBeQqfygqsfHqhu1wHD9KDAP4bw38AhL12prFTS23JbbR9Re5Qv26ZnlQ==",
    			"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "DAREv2-HMAC-SHA256",
    			"X-Minio-Internal-Server-Side-Encryption-Iv":             "coVfGS3I/CTrqexX5vUN+PQPoP9aUFiPYYrSzqTWfBA=",
    		},
    		ExpectedErr: nil,
    	},
    Registered: Sun Nov 03 19:28:11 UTC 2024
    - Last Modified: Tue Jun 01 21:59:40 UTC 2021
    - 8.4K bytes
    - Viewed (0)
Back to top