crypto

package

v3.3.0 Latest Latest Go to latest Published: May 6, 2025 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ONSdigital/dp-s3

Links

Open Source Insights

Documentation ¶

Overview ¶

File copied form s3crypto repository Original repo: https://github.com/ONSdigital/s3crypto

Index ¶

Variables
type Config
type CryptoClient
- func New(awsConfig aws.Config, cfg *Config, optFns ...func(*s3.Options)) *CryptoClient
type Uploader
- func NewUploader(awsConfig aws.Config, cfg *Config, optFns ...func(*s3.Options)) *Uploader
- func (u *Uploader) Upload(ctx context.Context, input *s3.PutObjectInput) (output *manager.UploadOutput, err error)
- func (u *Uploader) UploadWithPSK(ctx context.Context, input *s3.PutObjectInput, psk []byte) (output *manager.UploadOutput, err error)

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrNoMetadataPSK = errors.New("no encrypted key found for this file, you are trying to download a file which is not encrypted")

ErrNoMetadataPSK is returned when the file you are trying to download is not encrypted

View Source

var ErrNoPrivateKey = errors.New("you have not provided a private key and therefore do not have permission to complete this action")

ErrNoPrivateKey is returned when an attempt is made to access a method that requires a private key when it has not been provided

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	PublicKey  *rsa.PublicKey
	PrivateKey *rsa.PrivateKey

	HasUserDefinedPSK  bool
	MultipartChunkSize int
}

Config represents the configuration items for the CryptoClient

type CryptoClient ¶

type CryptoClient struct {
	// contains filtered or unexported fields
}

CryptoClient provides a wrapper to the aws-sdk-go-v2 S3 object

func New ¶

func New(awsConfig aws.Config, cfg *Config, optFns ...func(*s3.Options)) *CryptoClient

New supports the creation of an Encryption supported client with a given aws config and rsa Private Key.

func (*CryptoClient) CreateMultipartUpload ¶

func (c *CryptoClient) CreateMultipartUpload(ctx context.Context, input *s3.CreateMultipartUploadInput) (*s3.CreateMultipartUploadOutput, error)

CreateMultipartUploadRequest wraps the SDK method by creating a PSK which is encrypted using the public key and stored as metadata against the completed object, as well as temporarily being stored as its own object while the Multipart upload is being updated.

func (*CryptoClient) GetObject ¶

func (c *CryptoClient) GetObject(ctx context.Context, input *s3.GetObjectInput) (*s3.GetObjectOutput, error)

GetObjectRequest wraps the SDK method by retrieving the encrypted PSK from the object metadata. The PSK is then decrypted, and is then used to decrypt the content of the object.

func (*CryptoClient) GetObjectWithPSK ¶

func (c *CryptoClient) GetObjectWithPSK(ctx context.Context, input *s3.GetObjectInput, psk []byte) (*s3.GetObjectOutput, error)

GetObjectRequestWithPSK wraps the SDK method by decrypting the retrieved object content with the given PSK

func (*CryptoClient) PutObject ¶

func (c *CryptoClient) PutObject(ctx context.Context, input *s3.PutObjectInput) (*s3.PutObjectOutput, error)

PutObjectRequest wraps the SDK method by creating a PSK, encrypting it using the public key, and encrypting the object content using the PSK

func (*CryptoClient) PutObjectWithPSK ¶

func (c *CryptoClient) PutObjectWithPSK(ctx context.Context, input *s3.PutObjectInput, psk []byte) (*s3.PutObjectOutput, error)

PutObjectRequestWithPSK wraps the SDK method by encrypting the object content with a user defined PSK

func (*CryptoClient) UploadPartRequest ¶

func (c *CryptoClient) UploadPartRequest(ctx context.Context, input *s3.UploadPartInput) (*s3.UploadPartOutput, error)

UploadPartRequest wraps the SDK method by retrieving the encrypted PSK from the temporary object, decrypting the PSK using the private key, before stream encoding the content for the particular part

func (*CryptoClient) UploadPartWithPSK ¶

func (c *CryptoClient) UploadPartWithPSK(ctx context.Context, input *s3.UploadPartInput, psk []byte) (*s3.UploadPartOutput, error)

UploadPartRequestWithPSK wraps the SDK method encrypting the part contents with a user defined PSK

type Uploader ¶

type Uploader struct {
	*CryptoClient
	// contains filtered or unexported fields
}

Uploader provides a wrapper to the aws-sdk-go-v2 manager uploader for encryption

func NewUploader ¶

func NewUploader(awsConfig aws.Config, cfg *Config, optFns ...func(*s3.Options)) *Uploader

NewUploader creates a new instance of the crypto Uploader

func (*Uploader) Upload ¶

func (u *Uploader) Upload(ctx context.Context, input *s3.PutObjectInput) (output *manager.UploadOutput, err error)

Upload provides a wrapper for the sdk method with encryption

func (*Uploader) UploadWithPSK ¶

func (u *Uploader) UploadWithPSK(ctx context.Context, input *s3.PutObjectInput, psk []byte) (output *manager.UploadOutput, err error)

UploadWithPSK allows you to encrypt the file with a given psk

Source Files ¶

View all Source files

s3crypto.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL