mirror of
https://github.com/pgsty/minio.git
synced 2026-03-16 17:53:43 +01:00
a79a7e570c
This chnage replaces the current SSE-C key derivation scheme. The 'old' scheme derives an unique object encryption key from the client provided key. This key derivation was not invertible. That means that a client cannot change its key without changing the object encryption key. AWS S3 allows users to update there SSE-C keys by executing a SSE-C COPY with source == destination. AWS probably updates just the metadata (which is a very cheap operation). The old key derivation scheme would require a complete copy of the object because the minio server would not be able to derive the same object encryption key from a different client provided key (without breaking the crypto. hash function). This change makes the key derivation invertible.
4.8 KiB
4.8 KiB