AESCBCContentCipherBuilder returns a new encryption only AES/CBC mode structure using the provided padder.

AESGCMContentCipherBuilder returns a new encryption only AES/GCM mode structure with a specific cipher data generator that will provide keys to be used for content encryption.

AESGCMContentCipherBuilderV2 returns a new encryption only AES/GCM mode structure with a specific cipher data generator that will provide keys to be used for content encryption.

NewCryptoRegistry creates a new CryptoRegistry to which wrapping algorithms, content encryption ciphers, and padders can be registered for use with the DecryptionClientV2.

NewDecryptionClient instantiates a new S3 crypto client Example: sess := session.Must(session.NewSession()) svc := s3crypto.NewDecryptionClient(sess, func(svc *s3crypto.DecryptionClient{ // Custom client options here })) Deprecated: This feature is in maintenance mode, no new updates will be released.

NewDecryptionClientV2 instantiates a new DecryptionClientV2.

NewEncryptionClient instantiates a new S3 crypto client Example: cmkID := "arn:aws:kms:region:000000000000:key/00000000-0000-0000-0000-000000000000" sess := session.Must(session.NewSession()) handler := s3crypto.NewKMSKeyGenerator(kms.New(sess), cmkID) svc := s3crypto.NewEncryptionClient(sess, s3crypto.AESGCMContentCipherBuilder(handler)) Deprecated: This feature is in maintenance mode, no new updates will be released.

NewEncryptionClientV2 instantiates a new S3 crypto client.

NewKMSContextKeyGenerator builds a new kms+context key provider using the customer key ID and material description.

NewKMSKeyGenerator builds a new KMS key provider using the customer key ID and material description.

NewKMSKeyGeneratorWithMatDesc builds a new KMS key provider using the customer key ID and material description.

NewKMSWrapEntry builds returns a new KMS key provider and its decrypt handler.

NewPKCS7Padder follows the RFC 2315: https://www.ietf.org/rfc/rfc2315.txt PKCS7 padding is subject to side-channel attacks and timing attacks.

RegisterAESCBCContentCipher registers the AES/CBC cipher and padder with the provided CryptoRegistry.

RegisterAESGCMContentCipher registers the AES/GCM content cipher algorithm with the provided CryptoRegistry.

RegisterKMSContextWrapWithAnyCMK registers the kms+context wrapping algorithm to the given WrapRegistry.

RegisterKMSContextWrapWithCMK registers the kms+context wrapping algorithm to the given WrapRegistry.

RegisterKMSWrapWithAnyCMK registers the `kms` wrapping algorithm to the given WrapRegistry.

RegisterKMSWrapWithCMK registers the `kms` wrapping algorithm to the given WrapRegistry.

AESCBC is the string constant that signifies the AES CBC algorithm cipher.

AESGCMNoPadding is the constant value that is used to specify the cek algorithm consiting of AES GCM with no padding.

DefaultInstructionKeySuffix is appended to the end of the instruction file key when grabbing or saving to S3.

DefaultMinFileSize is used to check whether we want to write to a temp file or store the data in memory.

KMSContextWrap is a constant used during decryption to build a kms+context key handler.

KMSWrap is a constant used during decryption to build a KMS key handler.

AESCBCPadder is used to pad AES encrypted and decrypted data.

NoPadder does not pad anything.

CipherData is used for content encryption.

CryptoReadCloser handles closing of the body and allowing reads from the decrypted content.

CryptoRegistry is a collection of registries for configuring a decryption client with different key wrapping algorithms, content encryption algorithms, and padders.

DecryptionClient is an S3 crypto client.

DecryptionClientOptions is the configuration options for DecryptionClientV2.

DecryptionClientV2 is an S3 crypto client.

EncryptionClient is an S3 crypto client.

EncryptionClientOptions is the configuration options for EncryptionClientV2.

EncryptionClientV2 is an S3 crypto client.

Envelope encryption starts off by generating a random symmetric key using AES GCM.

HeaderV2LoadStrategy will load the envelope from the metadata.

HeaderV2SaveStrategy will save the metadata of the crypto contents to the header of the object.

S3LoadStrategy will load the instruction file from s3.

S3SaveStrategy will save the metadata to a separate instruction file in S3.

Cipher interface allows for either encryption and decryption of an object.

CipherDataDecrypter is a handler to decrypt keys from the envelope.

CipherDataDecrypterWithContext is a handler to decrypt keys from the envelope with request context.

CipherDataGenerator handles generating proper key and IVs of proper size for the content cipher.

CipherDataGeneratorWithCEKAlg handles generating proper key and IVs of proper size for the content cipher.

CipherDataGeneratorWithContext handles generating proper key and IVs of proper size for the content cipher.

ContentCipher deals with encrypting and decrypting content.

ContentCipherBuilder is a builder interface that builds ciphers for each request.

ContentCipherBuilderWithContext is a builder interface that builds ciphers for each request.

Decrypter interface with only the decrypt method.

Encrypter interface with only the encrypt method.

LoadStrategy ...

Padder handles padding of crypto data.

SaveStrategy is how the data's metadata wants to be saved.

CEKEntry is a builder that returns a proper content decrypter and error.

MaterialDescription is used to identify how and what master key has been used.

WrapEntry is builder that return a proper key decrypter and error.