aws_encryption_sdk.internal.crypto.wrapping_keys

Contains wrapping key primitives.

Classes

WrappingKey(wrapping_algorithm, …[, password])

Creates a wrapping encryption key object to encrypt and decrypt data keys.

class aws_encryption_sdk.internal.crypto.wrapping_keys.WrappingKey(wrapping_algorithm, wrapping_key, wrapping_key_type, password=None)

Bases: object

Creates a wrapping encryption key object to encrypt and decrypt data keys.

For use inside aws_encryption_sdk.key_providers.raw.RawMasterKeyProvider objects.

Parameters:

• wrapping_algorithm (aws_encryption_sdk.identifiers.WrappingAlgorithm) – Wrapping Algorithm with which to wrap plaintext_data_key
• wrapping_key (bytes) – Encryption key with which to wrap plaintext_data_key
• wrapping_key_type (aws_encryption_sdk.identifiers.EncryptionKeyType) – Type of encryption key with which to wrap plaintext_data_key
• password (bytes) – Password to decrypt wrapping_key (optional, currently only relevant for RSA)

Prepares initial values.

decrypt(encrypted_wrapped_data_key, encryption_context)

Decrypts a wrapped, encrypted, data key.

Parameters:

• encrypted_wrapped_data_key (aws_encryption_sdk.internal.structures.EncryptedData) – Encrypted, wrapped, data key
• encryption_context (dict) – Encryption context to use in decryption

Returns:

Plaintext of data key

Return type:

bytes

encrypt(plaintext_data_key, encryption_context)

Encrypts a data key using a direct wrapping key.

Parameters:

• plaintext_data_key (bytes) – Data key to encrypt
• encryption_context (dict) – Encryption context to use in encryption

Returns:

Deserialized object containing encrypted key

Return type:

aws_encryption_sdk.internal.structures.EncryptedData