Add putObject/getObject() client side encryption examples

[harshavardhana]

Fixes #945

[deekoder]

but encryption is still server side here?

[poornas]

suggest also having a getobject-client-encryption example. The get-encrypted-object.go shows a server side example.

[poornas]

dare -> DARE

[poornas]

dare -> DARE

[aead]

@deekoder No, the encrypted reader returned from sio.Encrypt(....) encrypts everything. So encryption happens on client side.

@harshavardhana Should we use a password-based key derivation (maybe easier for users and if the use secret keys it would still be perfectly fine)?

[aead]

You can use encrypt.DefaultPBKDF here.

[poornas]

in both examples the argon2.IDKey method needs to have password and salt converted to byte array

encrypted, err := sio.EncryptReader(object, sio.Config{
		Key: argon2.IDKey([]byte(password), []byte(salt), 1, sseDAREPackageBlockSize, 4, sseDAREPackageMetaSize),
	})
decrypted, err := sio.DecryptReader(obj, sio.Config{
		Key: argon2.IDKey([]byte(password), []byte(salt), 1, sseDAREPackageBlockSize, 4, sseDAREPackageMetaSize),
	})

[harshavardhana]

You can use encrypt.DefaultPBKDF here.

I don't want to use code from server-side.go which has special methods attached to it - which will confuse the user @aead - here PBKDF is all about client side and how they can leverage it using argon2.

[harshavardhana]

updated @poornas

[aead]

@harshavardhana Okay - than one last thing. The parameters for argon2 (sseDAREPackageBlockSize, sseDAREPackageMetaSize) look like they are somehow tied to DARE / sio - but they are not. 64 MB is a (recommended) value from the RFC draft and the 32 is the key size. I see you are using constants here instead of literals but IMO the constants give a wrong impression of the meaning of these values. Maybe we can use literals or properly named constants. (I didn't mentioned it before because of PBKDF suggestion)

[poornas]

LGTM.