aws_encryption_sdk.materials_managers¶
Primitive structures for use when interacting with crypto material managers.
New in version 1.3.0.
Classes
CryptographicMaterials (algorithm, …[, …]) |
Cryptographic materials core. |
DecryptionMaterials ([data_key, verification_key]) |
Decryption materials returned by a crypto material manager’s decrypt_materials method. |
DecryptionMaterialsRequest (algorithm, …) |
Request object to provide to a crypto material manager’s decrypt_materials method. |
EncryptionMaterials ([algorithm, …]) |
Encryption materials returned by a crypto material manager’s get_encryption_materials method. |
EncryptionMaterialsRequest (…[, …]) |
Request object to provide to a crypto material manager’s get_encryption_materials method. |
-
class
aws_encryption_sdk.materials_managers.
CryptographicMaterials
(algorithm, encryption_context, data_encryption_key=None)¶ Bases:
object
Cryptographic materials core.
New in version 2.0.0.
Parameters: - algorithm (Algorithm) – Algorithm to use for encrypting message
- encryption_context (dict) – Encryption context tied to encrypted_data_keys
- data_encryption_key (RawDataKey) – Plaintext data key to use for encrypting message
-
class
aws_encryption_sdk.materials_managers.
DecryptionMaterials
(data_key=<object object>, verification_key=None, **kwargs)¶ Bases:
aws_encryption_sdk.materials_managers.CryptographicMaterials
Decryption materials returned by a crypto material manager’s decrypt_materials method.
New in version 1.3.0.
New in version 2.0.0: The algorithm, data_encryption_key, and encryption_context parameters.
New in version 2.0.0: All parameters are now optional.
Parameters: - algorithm (Algorithm) – Algorithm to use for encrypting message (optional)
- data_encryption_key (RawDataKey) – Plaintext data key to use for encrypting message (optional)
- encryption_context (dict) – Encryption context tied to encrypted_data_keys (optional)
- verification_key (bytes) – Raw signature verification key (optional)
-
data_key
¶ Backwards-compatible shim for access to data key.
-
is_complete
¶ Determine whether these materials are sufficiently complete for use as decryption materials.
Return type: bool
-
with_data_encryption_key
(data_encryption_key)¶ Get new decryption materials that also include this data encryption key.
New in version 2.0.0.
Parameters: data_encryption_key (RawDataKey) – Data encryption key
Return type: Raises: - AttributeError – if data encryption key is already set
- InvalidDataKeyError – if data key length does not match algorithm suite
-
with_verification_key
(verification_key)¶ Get new decryption materials that also include this verification key.
New in version 2.0.0.
Parameters: verification_key (bytes) – Verification key Return type: DecryptionMaterials
-
class
aws_encryption_sdk.materials_managers.
DecryptionMaterialsRequest
(algorithm, encrypted_data_keys, encryption_context)¶ Bases:
object
Request object to provide to a crypto material manager’s decrypt_materials method.
New in version 1.3.0.
Parameters: - algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to provide to master keys for underlying decrypt requests
- encrypted_data_keys (set of aws_encryption_sdk.structures.EncryptedDataKey) – Set of encrypted data keys
- encryption_context (dict) – Encryption context to provide to master keys for underlying decrypt requests
-
class
aws_encryption_sdk.materials_managers.
EncryptionMaterials
(algorithm=None, data_encryption_key=None, encrypted_data_keys=None, encryption_context=None, signing_key=None, **kwargs)¶ Bases:
aws_encryption_sdk.materials_managers.CryptographicMaterials
Encryption materials returned by a crypto material manager’s get_encryption_materials method.
New in version 1.3.0.
New in version 2.0.0: Most parameters are now optional.
Parameters: - algorithm (Algorithm) – Algorithm to use for encrypting message
- data_encryption_key (RawDataKey) – Plaintext data key to use for encrypting message (optional)
- encrypted_data_keys (list of
EncryptedDataKey
) – List of encrypted data keys (optional) - encryption_context (dict) – Encryption context tied to encrypted_data_keys
- signing_key (bytes) – Encoded signing key (optional)
-
encrypted_data_keys
¶ Return a read-only version of the encrypted data keys.
Return type: Tuple[EncryptedDataKey]
-
is_complete
¶ Determine whether these materials are sufficiently complete for use as encryption materials.
Return type: bool
-
with_data_encryption_key
(data_encryption_key)¶ Get new encryption materials that also include this data encryption key.
New in version 2.0.0.
Parameters: data_encryption_key (RawDataKey) – Data encryption key
Return type: Raises: - AttributeError – if data encryption key is already set
- InvalidDataKeyError – if data key length does not match algorithm suite
-
with_encrypted_data_key
(encrypted_data_key)¶ Get new encryption materials that also include this encrypted data key.
New in version 2.0.0.
Parameters: encrypted_data_key (EncryptedDataKey) – Encrypted data key to add Return type: EncryptionMaterials Raises: AttributeError – if data encryption key is not set
-
with_signing_key
(signing_key)¶ Get new encryption materials that also include this signing key.
New in version 2.0.0.
Parameters: signing_key (bytes) – Signing key
Return type: Raises: - AttributeError – if signing key is already set
- SignatureKeyError – if algorithm suite does not support signing keys
-
class
aws_encryption_sdk.materials_managers.
EncryptionMaterialsRequest
(encryption_context, frame_length, plaintext_rostream=None, algorithm=None, plaintext_length=None)¶ Bases:
object
Request object to provide to a crypto material manager’s get_encryption_materials method.
New in version 1.3.0.
Warning
If plaintext_rostream seek position is modified, it must be returned before leaving method.
Parameters: - encryption_context (dict) – Encryption context passed to underlying master key provider and master keys
- frame_length (int) – Frame length to be used while encrypting stream
- plaintext_rostream (aws_encryption_sdk.internal.utils.streams.ROStream) – Source plaintext read-only stream (optional)
- algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm passed to underlying master key provider and master keys (optional)
- plaintext_length (int) – Length of source plaintext (optional)