com.ibm.cloud.objectstorage.services.s3.model.CryptoMode Maven / Gradle / Ivy
/*
* Copyright 2013-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package com.ibm.cloud.objectstorage.services.s3.model;
/**
* Denotes the different cryptographic modes available for securing an S3 object
* via client-side encryption.
*/
public enum CryptoMode {
/**
* Encryption-only mode using AES/CBC.
* @deprecated This feature is in maintenance mode, no new updates will be released.
* Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information.
*/
@Deprecated
EncryptionOnly,
/**
* Authenticated encryption mode using AES/GCM, AESWrap, etc. Please
* note the limitation on the maximum message size in bytes that can be
* encrypted under this mode is 2^36-32, or ~64G, due to the security
* limitation of AES/GCM as recommended by NIST.
*
* When decrypting with AES-GCM, read the entire object to the end before you start using the decrypted data. This
* is to verify that the object has not been modified since it was encrypted.
*/
AuthenticatedEncryption,
/**
* Strictly enforce the use of authenticated encryption via AES/GCM,
* AESWrap, etc., and will throw security exception if an S3 object
* retrieved is found to be not protected using authenticated encryption.
* This means range-get operation is not supported in this mode, since
* range-get is not authenticated.
*
* Please note the limitation on the maximum message size in bytes that can
* be encrypted under this mode is 2^36-32, or ~64G, due to the security
* limitation of AES/GCM as recommended by NIST.
*
* When decrypting with AES-GCM, read the entire object to the end before you start using the decrypted data. This
* is to verify that the object has not been modified since it was encrypted.
*/
StrictAuthenticatedEncryption, ;
}