mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
baec331e84
This commit adds two functions for sealing/unsealing the etag (a.k.a. content MD5) in case of SSE single-part upload. Sealing the ETag is neccessary in case of SSE-S3 to preserve the security guarantees. In case of SSE-S3 AWS returns the content-MD5 of the plaintext object as ETag. However, we must not store the MD5 of the plaintext for encrypted objects. Otherwise it becomes possible for an attacker to detect equal/non-equal encrypted objects. Therefore we encrypt the ETag before storing on the backend. But we only need to encrypt the ETag (content-MD5) if the client send it - otherwise the client cannot verify it anyway. |
||
---|---|---|
.. | ||
config.go | ||
doc.go | ||
error.go | ||
header_test.go | ||
header.go | ||
key_test.go | ||
key.go | ||
kms_test.go | ||
kms.go | ||
metadata_test.go | ||
metadata.go | ||
sse_test.go | ||
sse.go | ||
vault.go |