minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

Revert "MinIO Server releases and other fixes (#1172)"

Browse Source 
This reverts commit 2488541cd0.
This commit is contained in:
Ravind Kumar
2024-03-27 18:00:59 -04:00
parent 2488541cd0
commit c9505be39d
11 changed files with 133 additions and 116 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
source/includes/common-minio-sse.rst
View File

@ -1,26 +1,32 @@
.. start-sse-dek
MinIO generates a Data Encryption Key (DEK) using the |EK|.
Specifically, :minio-git:`MinIO Key Encryption Service (KES) <kes>` requests a new cryptographic key from the KMS using the |EK| as the "root" key.
MinIO generates a Data Encryption Key (DEK) using the |EK|. Specifically,
:minio-git:`MinIO Key Encryption Service (KES) <kes>` requests a new
cryptographic key from the KMS using the |EK| as the "root" key.
KES returns both the plain-text *and* an |EK|-encrypted representation of the DEK.
MinIO stores the encrypted representation as part of the object metadata.
KES returns both the plain-text *and* an |EK|-encrypted representation of the
DEK. MinIO stores the encrypted representation as part of the object metadata.
.. end-sse-dek
.. start-sse-kek
MinIO uses a deterministic algorithm to generate a 256-bit unique Key Encryption Key (KEK).
The key-derivation algorithm uses a pseudo-random function that takes the plain-text |DEK|, a randomly generated initialization vector, and a context consisting of values like the bucket and object name.
MinIO uses a deterministic algorithm to generate a 256-bit unique Key
Encryption Key (KEK). The key-derivation algorithm uses a pseudo-random function
(:ref:`PRF <minio-encryption-sse-primitives>`) that takes the plain-text |DEK|,
a randomly generated initialization vector, and a context consisting of values
like the bucket and object name.
MinIO generates the KEK at the time of each cryptographic encryption or decryption operation and *never* stores the KEK to a drive.
MinIO generates the KEK at the time of each cryptographic encryption or
decryption operation and *never* stores the KEK to a drive.
.. end-sse-kek
.. start-sse-oek
MinIO generates a random 256-bit unique Object Encryption Key (OEK) and uses that key to encrypt the object.
MinIO never stores the plaintext representation of the OEK on a drive.
The plaintext OEK resides in RAM during cryptographic operations.
MinIO generates a random 256-bit unique Object Encryption Key (OEK) and uses
that key to encrypt the object. MinIO never stores the plaintext representation
of the OEK on a drive. The plaintext OEK resides in RAM during cryptographic
operations.
.. end-sse-oek