AESCBCContentCipherBuilder returns a new encryption only mode structure with a specific cipher for the master key.

AESGCMContentCipherBuilder returns a new encryption only mode structure with a specific cipher for the master key.

NewDecryptionClient instantiates a new S3 crypto client Example: sess := session.New() svc := s3crypto.NewDecryptionClient(sess, func(svc *s3crypto.DecryptionClient{ // Custom client options here })).

NewEncryptionClient instantiates a new S3 crypto client Example: cmkID := "arn:aws:kms:region:000000000000:key/00000000-0000-0000-0000-000000000000" sess := session.New() handler := s3crypto.NewKMSKeyGenerator(kms.New(sess), cmkID) svc := s3crypto.New(sess, s3crypto.AESGCMContentCipherBuilder(handler)).

NewKMSKeyGenerator builds a new KMS key provider using the customer key ID and material description.

NewKMSKeyGeneratorWithMatDesc builds a new KMS key provider using the customer key ID and material description.

NewPKCS7Padder follows the RFC 2315: https://www.ietf.org/rfc/rfc2315.txt PKCS7 padding is subject to side-channel attacks and timing attacks.

AESCBC is the string constant that signifies the AES CBC algorithm cipher.

AESGCMNoPadding is the constant value that is used to specify the CEK algorithm consiting of AES GCM with no padding.

DefaultInstructionKeySuffix is appended to the end of the instruction file key when grabbing or saving to S3.

DefaultMinFileSize is used to check whether we want to write to a temp file or store the data in memory.

KMSWrap is a constant used during decryption to build a KMS key handler.

AESCBCPadder is used to pad AES encrypted and decrypted data.

NoPadder does not pad anything.

CipherData is used for content encryption.

CryptoReadCloser handles closing of the body and allowing reads from the decrypted content.

DecryptionClient is an S3 crypto client.

EncryptionClient is an S3 crypto client.

Envelope encryption starts off by generating a random symmetric key using AES GCM.

HeaderV2LoadStrategy will load the envelope from the metadata.

HeaderV2SaveStrategy will save the metadata of the crypto contents to the header of the object.

S3LoadStrategy will load the instruction file from s3.

S3SaveStrategy will save the metadata to a separate instruction file in S3.

Cipher interface allows for either encryption and decryption of an object.

CipherDataDecrypter is a handler to decrypt keys from the envelope.

CipherDataGenerator handles generating proper key and IVs of proper size for the content cipher.

ContentCipher deals with encrypting and decrypting content.

ContentCipherBuilder is a builder interface that builds ciphers for each request.

Decrypter interface with only the decrypt method.

Encrypter interface with only the encrypt method.

LoadStrategy ...

Padder handles padding of crypto data.

SaveStrategy is how the data's metadata wants to be saved.

CEKEntry is a builder thatn returns a proper content decrypter and error.

MaterialDescription is used to identify how and what master key has been used.

WrapEntry is builder that return a proper key decrypter and error.