aws_encryption_sdk.identifiers¶

AWS Encryption SDK native data structures for defining implementation-specific characteristics.

Classes

`Algorithm`	alias of `aws_encryption_sdk.identifiers.AlgorithmSuite`
`AlgorithmSuite`(algorithm_id, encryption[, …])	Static combinations of encryption, KDF, and authentication algorithms.
`AuthenticationSuite`(algorithm, …)	Static definition of authentication algorithm details.
`ContentAADString`	Body Additional Authenticated Data values for building the AAD for a message body.
`ContentType`	Type of content framing contained in message.
`EncryptionKeyType`	Identifies raw encryption key type.
`EncryptionSuite`(algorithm, mode, …[, …])	Static definition of encryption algorithm details.
`EncryptionType`	Identifies symmetric vs asymmetric encryption.
`KDFSuite`(algorithm, input_length, hash_algorithm)	Static definition of key derivation algorithm details.
`ObjectType`	Valid Type values per the AWS Encryption SDK message format.
`SequenceIdentifier`	Identifiers for specific sequence frames.
`SerializationVersion`	Valid Versions of AWS Encryption SDK message format.
`WrappingAlgorithm`(encryption_type, …)	Wrapping Algorithms for use by RawMasterKey objects.

aws_encryption_sdk.identifiers.Algorithm¶: alias of aws_encryption_sdk.identifiers.AlgorithmSuite

class aws_encryption_sdk.identifiers.AlgorithmSuite(algorithm_id, encryption, kdf=<KDFSuite.NONE: (None, None, None)>, authentication=<AuthenticationSuite.NONE: (None, None, 0)>, allowed=True)¶

Bases: enum.Enum

Static combinations of encryption, KDF, and authentication algorithms.

Warning

No AlgorithmSuites except those defined here are supported.

Parameters:

algorithm_id (int) – KMS Encryption Algorithm ID
encryption_suite (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use with this AlgorithmSuite
kdf_suite (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to use with this AlgorithmSuite
authentication_suite (aws_encryption_sdk.identifiers.AuthenticationSuite) – AuthenticationSuite to use with this AlgorithmSuite

Prepare a new AlgorithmSuite.

id_as_bytes()¶: Return the algorithm suite ID as a 2-byte array

kdf_input_len¶: Determine the correct KDF input value length for this algorithm suite.

safe_to_cache()¶: Determine whether encryption materials for this algorithm suite should be cached.

class aws_encryption_sdk.identifiers.AuthenticationSuite(algorithm, hash_algorithm, signature_length)¶

Bases: enum.Enum

Static definition of authentication algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters:	algorithm (may vary (currently only ECC curve object)) – Information needed by signing algorithm to define behavior hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in signature signature_lenth (int) – Number of bytes in signature

Prepare a new AuthenticationSuite.

class aws_encryption_sdk.identifiers.ContentAADString¶

Bases: enum.Enum

Body Additional Authenticated Data values for building the AAD for a message body.

class aws_encryption_sdk.identifiers.ContentType¶

Bases: enum.Enum

Type of content framing contained in message.

class aws_encryption_sdk.identifiers.EncryptionKeyType¶

Bases: enum.Enum

Identifies raw encryption key type. Used to identify key capabilities for WrappingAlgorithm.

class aws_encryption_sdk.identifiers.EncryptionSuite(algorithm, mode, data_key_length, iv_length, auth_length, auth_key_length=0)¶

Bases: enum.Enum

Static definition of encryption algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters:

algorithm (cryptography.io ciphers algorithm object) – Encryption algorithm to use
mode (cryptography.io ciphers modes object) – Encryption mode in which to operate
data_key_length (int) – Number of bytes in envelope encryption data key
iv_length (int) – Number of bytes in IV
auth_length (int) – Number of bytes in auth data (tag)
auth_key_length (int) – Number of bytes in auth key (not currently supported by any algorithms)

Prepare a new EncryptionSuite.

valid_kdf(kdf)¶

Determine whether a KDFSuite can be used with this EncryptionSuite.

Parameters:	kdf (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to evaluate
Return type:	bool

class aws_encryption_sdk.identifiers.EncryptionType¶

Bases: enum.Enum

Identifies symmetric vs asymmetric encryption. Used to identify encryption type for WrappingAlgorithm.

class aws_encryption_sdk.identifiers.KDFSuite(algorithm, input_length, hash_algorithm)¶

Bases: enum.Enum

Static definition of key derivation algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters:	algorithm (cryptography.io KDF object) – KDF algorithm to use input_length (int) – Number of bytes of input data to feed into KDF function hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in KDF

Prepare a new KDFSuite.

input_length(encryption)¶

Determine the correct KDF input value length for this KDFSuite when used with a specific EncryptionSuite.

Parameters:	encryption (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use
Return type:	int

class aws_encryption_sdk.identifiers.ObjectType¶

Bases: enum.Enum

Valid Type values per the AWS Encryption SDK message format.

class aws_encryption_sdk.identifiers.SequenceIdentifier¶

Bases: enum.Enum

Identifiers for specific sequence frames.

class aws_encryption_sdk.identifiers.SerializationVersion¶

Bases: enum.Enum

Valid Versions of AWS Encryption SDK message format.

class aws_encryption_sdk.identifiers.WrappingAlgorithm(encryption_type, algorithm, padding_type, padding_algorithm, padding_mgf)¶

Bases: enum.Enum

Wrapping Algorithms for use by RawMasterKey objects.

Parameters:	algorithm (aws_encryption_sdk.identifiers.Algorithm) – Encryption algorithm to use for encryption of data keys padding_type – Padding type to use for encryption of data keys padding_algorithm – Padding algorithm to use for encryption of data keys padding_mgf – Padding MGF to use for encryption of data keys

Prepares new WrappingAlgorithm.