s3.meta.client.upload_file('/etc/hosts',
                           'testbucket',
                           'hosts',
                           ExtraArgs={'ServerSideEncryption': 'AES256'})

# Download encrypted object using temporary credentials

			if opts.EncryptFn != nil {
				fi.Checksum = opts.EncryptFn("object-checksum", fi.Checksum)
			}
		}
	} else if fi.Checksum == nil && opts.WantChecksum != nil {
		// Trailing headers checksums should now be filled.
		fi.Checksum = opts.WantChecksum.AppendTo(nil, nil)
		if opts.EncryptFn != nil {
			fi.Checksum = opts.EncryptFn("object-checksum", fi.Checksum)
		}
	}

	"File":             true,
	"Policy":           true,

	// MinIO specific exceptions to the general S3 rule above.
	encrypt.SseKmsKeyID:          true,
	encrypt.SseEncryptionContext: true,
	encrypt.SseCustomerAlgorithm: true,
	encrypt.SseCustomerKey:       true,
	encrypt.SseCustomerKeyMD5:    true,
}

// checkPostPolicy - apply policy conditions and validate input values.

		} else {
			loadX509KeyPair := func(certFile, keyFile string) (tls.Certificate, error) {
				// Manually load the certificate and private key into memory.
				// We need to check whether the private key is encrypted, and
				// if so, decrypt it using the user-provided password.
				certBytes, err := os.ReadFile(certFile)
				if err != nil {

	}

	for i, test := range encryptDecryptTests {
		ciphertext, err := Encrypt(KMS, bytes.NewReader(test.Data), test.Context)
		if err != nil {
			t.Fatalf("Test %d: failed to encrypt stream: %v", i, err)
		}
		data, err := io.ReadAll(ciphertext)
		if err != nil {
			t.Fatalf("Test %d: failed to encrypt stream: %v", i, err)
		}

		plaintext, err := Decrypt(KMS, bytes.NewReader(data), test.Context)

* Nginx
* HAProxy

## Let's Encrypt { #lets-encrypt }

Vor Let's Encrypt wurden diese **HTTPS-Zertifikate** von vertrauenswürdigen Dritten verkauft.

Der Prozess zum Erwerb eines dieser Zertifikate war früher umständlich, erforderte viel Papierarbeit und die Zertifikate waren ziemlich teuer.

Aber dann wurde **<a href="https://letsencrypt.org/" class="external-link" target="_blank">Let's Encrypt</a>** geschaffen.

		return ErrNotSupported
	}
	return ErrKeyExists
}

// GenerateKey decrypts req.Ciphertext. The key name req.Name must match the key
// name of the secretKey.
//
// The returned DEK is encrypted using AES-GCM and the ciphertext format is compatible
// with KES and MinKMS.
func (s secretKey) GenerateKey(_ context.Context, req *GenerateKeyRequest) (DEK, error) {
	if req.Name != s.keyID {
		return DEK{}, ErrKeyNotFound

kQyKGUTpDbKLuyYMFsoH73YLjBqNe+UEhPwE+FWpcky1Sp9RTx/oMLpiZaPR
-----END CERTIFICATE-----`,
		shouldFail: true,
	},
	{
		password: "foobar",
		privateKey: `-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,CC483BF11678C35F9F02A1AD85DAE285

nMDFd+Qxk1f+S7LwMitmMofNXYNbCY4L1QEqPOOx5wnjNF1wSxmEkL7+h8W4Y/vb
AQt/7TCcUSuSqEMl45nUIcCbhBos5wz+ShvFiez3qKwmR5HSURvqyN6PIJeAbU+h

		return nil, err
	}
	config.drivercache[tierName] = d
	return d, nil
}

// configReader returns a PutObjReader and ObjectOptions needed to save config
// using a PutObject API. PutObjReader encrypts json encoded tier configurations
// if KMS is enabled, otherwise simply yields the json encoded bytes as is.
// Similarly, ObjectOptions value depends on KMS' status.

        }
    }

    /**
     * Finds a login user by username and encrypted password.
     *
     * @param username the username to search for
     * @param cipheredPassword the encrypted password to match
     * @return an optional entity containing the found user, or empty if not found
     */