aws_encryption_sdk.identifiers¶
AWS Encryption SDK native data structures for defining implementation-specific characteristics.
Classes
Algorithm |
alias of aws_encryption_sdk.identifiers.AlgorithmSuite |
AlgorithmSuite (algorithm_id, encryption[, …]) |
Static combinations of encryption, KDF, and authentication algorithms. |
AuthenticationSuite (algorithm, …) |
Static definition of authentication algorithm details. |
ContentAADString |
Body Additional Authenticated Data values for building the AAD for a message body. |
ContentType |
Type of content framing contained in message. |
EncryptionKeyType |
Identifies raw encryption key type. |
EncryptionSuite (algorithm, mode, …[, …]) |
Static definition of encryption algorithm details. |
EncryptionType |
Identifies symmetric vs asymmetric encryption. |
KDFSuite (algorithm, input_length, hash_algorithm) |
Static definition of key derivation algorithm details. |
ObjectType |
Valid Type values per the AWS Encryption SDK message format. |
SequenceIdentifier |
Identifiers for specific sequence frames. |
SerializationVersion |
Valid Versions of AWS Encryption SDK message format. |
WrappingAlgorithm (encryption_type, …) |
Wrapping Algorithms for use by RawMasterKey objects. |
-
aws_encryption_sdk.identifiers.
Algorithm
¶
-
class
aws_encryption_sdk.identifiers.
AlgorithmSuite
(algorithm_id, encryption, kdf=<KDFSuite.NONE: (None, None, None)>, authentication=<AuthenticationSuite.NONE: (None, None, 0)>, allowed=True)¶ Bases:
enum.Enum
Static combinations of encryption, KDF, and authentication algorithms.
Warning
No AlgorithmSuites except those defined here are supported.
Parameters: - algorithm_id (int) – KMS Encryption Algorithm ID
- encryption_suite (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use with this AlgorithmSuite
- kdf_suite (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to use with this AlgorithmSuite
- authentication_suite (aws_encryption_sdk.identifiers.AuthenticationSuite) – AuthenticationSuite to use with this AlgorithmSuite
Prepare a new AlgorithmSuite.
-
id_as_bytes
()¶ Return the algorithm suite ID as a 2-byte array
-
kdf_input_len
¶ Determine the correct KDF input value length for this algorithm suite.
-
safe_to_cache
()¶ Determine whether encryption materials for this algorithm suite should be cached.
-
class
aws_encryption_sdk.identifiers.
AuthenticationSuite
(algorithm, hash_algorithm, signature_length)¶ Bases:
enum.Enum
Static definition of authentication algorithm details.
Warning
These members must only be used as part of an AlgorithmSuite.
Parameters: - algorithm (may vary (currently only ECC curve object)) – Information needed by signing algorithm to define behavior
- hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in signature
- signature_lenth (int) – Number of bytes in signature
Prepare a new AuthenticationSuite.
-
class
aws_encryption_sdk.identifiers.
ContentAADString
¶ Bases:
enum.Enum
Body Additional Authenticated Data values for building the AAD for a message body.
-
class
aws_encryption_sdk.identifiers.
ContentType
¶ Bases:
enum.Enum
Type of content framing contained in message.
-
class
aws_encryption_sdk.identifiers.
EncryptionKeyType
¶ Bases:
enum.Enum
Identifies raw encryption key type. Used to identify key capabilities for WrappingAlgorithm.
-
class
aws_encryption_sdk.identifiers.
EncryptionSuite
(algorithm, mode, data_key_length, iv_length, auth_length, auth_key_length=0)¶ Bases:
enum.Enum
Static definition of encryption algorithm details.
Warning
These members must only be used as part of an AlgorithmSuite.
Parameters: - algorithm (cryptography.io ciphers algorithm object) – Encryption algorithm to use
- mode (cryptography.io ciphers modes object) – Encryption mode in which to operate
- data_key_length (int) – Number of bytes in envelope encryption data key
- iv_length (int) – Number of bytes in IV
- auth_length (int) – Number of bytes in auth data (tag)
- auth_key_length (int) – Number of bytes in auth key (not currently supported by any algorithms)
Prepare a new EncryptionSuite.
-
valid_kdf
(kdf)¶ Determine whether a KDFSuite can be used with this EncryptionSuite.
Parameters: kdf (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to evaluate Return type: bool
-
class
aws_encryption_sdk.identifiers.
EncryptionType
¶ Bases:
enum.Enum
Identifies symmetric vs asymmetric encryption. Used to identify encryption type for WrappingAlgorithm.
-
class
aws_encryption_sdk.identifiers.
KDFSuite
(algorithm, input_length, hash_algorithm)¶ Bases:
enum.Enum
Static definition of key derivation algorithm details.
Warning
These members must only be used as part of an AlgorithmSuite.
Parameters: - algorithm (cryptography.io KDF object) – KDF algorithm to use
- input_length (int) – Number of bytes of input data to feed into KDF function
- hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in KDF
Prepare a new KDFSuite.
-
input_length
(encryption)¶ Determine the correct KDF input value length for this KDFSuite when used with a specific EncryptionSuite.
Parameters: encryption (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use Return type: int
-
class
aws_encryption_sdk.identifiers.
ObjectType
¶ Bases:
enum.Enum
Valid Type values per the AWS Encryption SDK message format.
-
class
aws_encryption_sdk.identifiers.
SequenceIdentifier
¶ Bases:
enum.Enum
Identifiers for specific sequence frames.
-
class
aws_encryption_sdk.identifiers.
SerializationVersion
¶ Bases:
enum.Enum
Valid Versions of AWS Encryption SDK message format.
-
class
aws_encryption_sdk.identifiers.
WrappingAlgorithm
(encryption_type, algorithm, padding_type, padding_algorithm, padding_mgf)¶ Bases:
enum.Enum
Wrapping Algorithms for use by RawMasterKey objects.
Parameters: - algorithm (aws_encryption_sdk.identifiers.Algorithm) – Encryption algorithm to use for encryption of data keys
- padding_type – Padding type to use for encryption of data keys
- padding_algorithm – Padding algorithm to use for encryption of data keys
- padding_mgf – Padding MGF to use for encryption of data keys
Prepares new WrappingAlgorithm.