CreateMultipartMetadata adds the multipart flag entry to metadata and returns modifed metadata.

DecryptSinglePart decrypts an io.Writer which must an object uploaded with the single-part PUT API.

EncryptMultiPart encrypts an io.Reader which must be the body of multi-part PUT request.

EncryptSinglePart encrypts an io.Reader which must be the the body of a single-part PUT request.

Errorf - formats according to a format specifier and returns the string as a value that satisfies error of type crypto.Error.

GenerateIV generates a new random 256 bit IV from the provided source of randomness.

GenerateKey generates a unique ObjectKey from a 256 bit external key and a source of randomness.

IsEncrypted returns true if the object metadata indicates that it was uploaded using some form of server-side-encryption.

IsETagSealed returns true if the etag seems to be encrypted.

IsMultiPart returns true if the object metadata indicates that it was uploaded using some form of server-side-encryption and the S3 multipart API.

IsRequested returns true and the SSE Type if the HTTP headers indicate that some form server-side encryption is requested.

IsSourceEncrypted returns true if the source is encrypted.

LookupAutoEncryption returns true if and only if the MINIO_KMS_AUTO_ENCRYPTION env.

RemoveInternalEntries removes all crypto-specific internal metadata entries from the metadata map.

RemoveSensitiveEntries removes confidential encryption information - e.g.

RemoveSensitiveHeaders removes confidential encryption information - e.g.

RemoveSSEHeaders removes all crypto-specific SSE header entries from the metadata map.

EnvKMSAutoEncryption is the environment variable used to en/disable SSE-S3 auto-encryption.

InsecureSealAlgorithm is the legacy encryption/sealing algorithm used to derive & seal the key-encryption-key and to en/decrypt the object data.

MetaAlgorithm is the algorithm used to derive internal keys and encrypt the objects.

MetaContext is the KMS context provided by a client when encrypting an object with SSE-KMS.

MetaDataEncryptionKey is the sealed data encryption key (DEK) received from the KMS.

MetaIV is the random initialization vector (IV) used for the MinIO-internal key derivation.

MetaKeyID is the KMS master key ID used to generate/encrypt the data encryption key (DEK).

MetaMultipart indicates that the object has been uploaded in multiple parts - via the S3 multipart API.

MetaSealedKeyKMS is the sealed object encryption key in case of SSE-KMS.

MetaSealedKeyS3 is the sealed object encryption key in case of SSE-S3.

MetaSealedKeySSEC is the sealed object encryption key in case of SSE-C.

SealAlgorithm is the encryption/sealing algorithm used to derive & seal the key-encryption-key and to en/decrypt the object data.

ErrCustomerKeyMD5Mismatch indicates that the SSE-C key MD5 does not match the computed MD5 sum.

ErrIncompatibleEncryptionMethod indicates that both SSE-C headers and SSE-S3 headers were specified, and are incompatible The client needs to remove the SSE-S3 header or the SSE-C headers.

ErrInvalidCustomerAlgorithm indicates that the specified SSE-C algorithm is not supported.

ErrInvalidCustomerKey indicates that the SSE-C client key is not valid - e.g.

ErrInvalidEncryptionMethod indicates that the specified SSE encryption method is not supported.

ErrMissingCustomerKey indicates that the HTTP headers contains no SSE-C client key.

ErrMissingCustomerKeyMD5 indicates that the HTTP headers contains no SSE-C client key MD5 checksum.

ErrSecretKeyMismatch indicates that the provided secret key (SSE-C client key / SSE-S3 KMS key) does not match the secret key used during encrypting the object.

S3 represents AWS SSE-S3.

S3KMS represents AWS SSE-KMS.

SSEC represents AWS SSE-C.

SSECopy represents AWS SSE-C for copy requests.

Error is the generic type for any error happening during decrypting an object.

SealedKey represents a sealed object key.

Type represents an AWS SSE type: • SSE-C • SSE-S3 • SSE-KMS.

ObjectKey is a 256 bit secret key used to encrypt the object.