• Home
• com.ibm.cos
• ibm-cos-java-sdk-s3
• 2.14.0
• source code
• CryptoMode.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.ibm.cloud.objectstorage.services.s3.model.CryptoMode Maven / Gradle / Ivy

/*
 * Copyright 2013-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * A copy of the License is located at
 *
 *  http://aws.amazon.com/apache2.0
 *
 * or in the "license" file accompanying this file. This file is distributed
 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */
package com.ibm.cloud.objectstorage.services.s3.model;

/**
 * Denotes the different cryptographic modes available for securing an S3 object
 * via client-side encryption. 
 */
public enum CryptoMode {
    /**
     * Encryption-only mode using AES/CBC.
     * @deprecated This feature is in maintenance mode, no new updates will be released.
     * Please see https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html for more information.
     */
    @Deprecated
    EncryptionOnly,
    /**
     * Authenticated encryption mode using AES/GCM, AESWrap, etc. Please
     * note the limitation on the maximum message size in bytes that can be
     * encrypted under this mode is 2^36-32, or ~64G, due to the security
     * limitation of AES/GCM as recommended by NIST.
     * 

     * When decrypting with AES-GCM, read the entire object to the end before you start using the decrypted data. This
     * is to verify that the object has not been modified since it was encrypted.
     */
    AuthenticatedEncryption,
    /**
     * Strictly enforce the use of authenticated encryption via AES/GCM,
     * AESWrap, etc., and will throw security exception if an S3 object
     * retrieved is found to be not protected using authenticated encryption.
     * This means range-get operation is not supported in this mode, since
     * range-get is not authenticated.
     * 

     * Please note the limitation on the maximum message size in bytes that can
     * be encrypted under this mode is 2^36-32, or ~64G, due to the security
     * limitation of AES/GCM as recommended by NIST.
     * 

     * When decrypting with AES-GCM, read the entire object to the end before you start using the decrypted data. This
     * is to verify that the object has not been modified since it was encrypted.
     */
    StrictAuthenticatedEncryption, ;
}