aws_encryption_sdk.keyrings.raw

Resources required for Raw Keyrings.

Classes

RawAESKeyring(key_namespace, key_name, …) Generate an instance of Raw AES Keyring which encrypts using AES-GCM algorithm using wrapping key provided as a byte array
RawRSAKeyring(key_namespace, key_name, …) Generate an instance of Raw RSA Keyring which performs asymmetric encryption and decryption using public and private keys provided
class aws_encryption_sdk.keyrings.raw.RawAESKeyring(key_namespace, key_name, wrapping_key)

Bases: aws_encryption_sdk.keyrings.base.Keyring

Generate an instance of Raw AES Keyring which encrypts using AES-GCM algorithm using wrapping key provided as a byte array

New in version 2.0.0.

Parameters:key_namespace (str) – String defining the keyring.

Note

key_namespace MUST NOT equal “aws-kms”.

Parameters:
  • key_name (str) – Key ID
  • wrapping_key (bytes) – Encryption key with which to wrap plaintext data key.

Note

Only one wrapping key can be specified in a Raw AES Keyring

on_decrypt(decryption_materials, encrypted_data_keys)

Attempt to decrypt the encrypted data keys.

Parameters:
Returns:

Decryption materials that MAY include a plaintext data key

Return type:

DecryptionMaterials

on_encrypt(encryption_materials)

Generate a data key if not present and encrypt it using any available wrapping key

Parameters:encryption_materials (EncryptionMaterials) – Encryption materials for the keyring to modify
Returns:Encryption materials containing data key and encrypted data key
Return type:EncryptionMaterials
class aws_encryption_sdk.keyrings.raw.RawRSAKeyring(key_namespace, key_name, wrapping_algorithm, private_wrapping_key=None, public_wrapping_key=None)

Bases: aws_encryption_sdk.keyrings.base.Keyring

Generate an instance of Raw RSA Keyring which performs asymmetric encryption and decryption using public and private keys provided

New in version 2.0.0.

Parameters:key_namespace (str) – String defining the keyring ID

Note

key_namespace MUST NOT equal “aws-kms”.

Parameters:

Note

At least one of public wrapping key or private wrapping key must be provided.

classmethod from_der_encoding(key_namespace, key_name, wrapping_algorithm, public_encoded_key=None, private_encoded_key=None, password=None)

Generate a raw RSA keyring using DER Encoded public and private keys

Parameters:
  • key_namespace (str) – String defining the keyring ID
  • key_name (bytes) – Key ID
  • wrapping_algorithm (WrappingAlgorithm) – Wrapping Algorithm with which to wrap plaintext data key
  • public_encoded_key (bytes) – DER encoded public key (optional)
  • private_encoded_key (bytes) – DER encoded private key (optional)
  • password (bytes) – Password to load private key (optional)
Returns:

RawRSAKeyring constructed using required parameters

classmethod from_pem_encoding(key_namespace, key_name, wrapping_algorithm, public_encoded_key=None, private_encoded_key=None, password=None)

Generate a Raw RSA keyring using PEM Encoded public and private keys

Parameters:
  • key_namespace (str) – String defining the keyring ID
  • key_name (bytes) – Key ID
  • wrapping_algorithm (WrappingAlgorithm) – Wrapping Algorithm with which to wrap plaintext data key
  • public_encoded_key (bytes) – PEM encoded public key (optional)
  • private_encoded_key (bytes) – PEM encoded private key (optional)
  • password (bytes) – Password to load private key (optional)
Returns:

RawRSAKeyring constructed using required parameters

on_decrypt(decryption_materials, encrypted_data_keys)

Attempt to decrypt the encrypted data keys.

Parameters:
  • decryption_materials (DecryptionMaterials) – Decryption materials for keyring to modify.
  • encrypted_data_keys – List of encrypted data keys.
Type:

List[EncryptedDataKey]

Returns:

Decryption materials that MAY include a plaintext data key

Return type:

DecryptionMaterials

on_encrypt(encryption_materials)

Generate a data key using generator keyring and encrypt it using any available wrapping key in any child keyring.

Parameters:encryption_materials (EncryptionMaterials) – Encryption materials for keyring to modify.
Returns:Encryption materials containing data key and encrypted data key
Return type:EncryptionMaterials