aws_encryption_sdk.materials_managers

Primitive structures for use when interacting with crypto material managers.

New in version 1.3.0.

Classes

CryptographicMaterials(algorithm, …[, …]) Cryptographic materials core.
DecryptionMaterials([data_key, verification_key]) Decryption materials returned by a crypto material manager’s decrypt_materials method.
DecryptionMaterialsRequest(algorithm, …) Request object to provide to a crypto material manager’s decrypt_materials method.
EncryptionMaterials([algorithm, …]) Encryption materials returned by a crypto material manager’s get_encryption_materials method.
EncryptionMaterialsRequest(…[, …]) Request object to provide to a crypto material manager’s get_encryption_materials method.
class aws_encryption_sdk.materials_managers.CryptographicMaterials(algorithm, encryption_context, data_encryption_key=None)

Bases: object

Cryptographic materials core.

New in version 2.0.0.

Parameters:
  • algorithm (Algorithm) – Algorithm to use for encrypting message
  • encryption_context (dict) – Encryption context tied to encrypted_data_keys
  • data_encryption_key (RawDataKey) – Plaintext data key to use for encrypting message
class aws_encryption_sdk.materials_managers.DecryptionMaterials(data_key=<object object>, verification_key=None, **kwargs)

Bases: aws_encryption_sdk.materials_managers.CryptographicMaterials

Decryption materials returned by a crypto material manager’s decrypt_materials method.

New in version 1.3.0.

New in version 2.0.0: The algorithm, data_encryption_key, and encryption_context parameters.

New in version 2.0.0: All parameters are now optional.

Parameters:
  • algorithm (Algorithm) – Algorithm to use for encrypting message (optional)
  • data_encryption_key (RawDataKey) – Plaintext data key to use for encrypting message (optional)
  • encryption_context (dict) – Encryption context tied to encrypted_data_keys (optional)
  • verification_key (bytes) – Raw signature verification key (optional)
data_key

Backwards-compatible shim for access to data key.

is_complete

Determine whether these materials are sufficiently complete for use as decryption materials.

Return type:bool
with_data_encryption_key(data_encryption_key)

Get new decryption materials that also include this data encryption key.

New in version 2.0.0.

Parameters:

data_encryption_key (RawDataKey) – Data encryption key

Return type:

DecryptionMaterials

Raises:
with_verification_key(verification_key)

Get new decryption materials that also include this verification key.

New in version 2.0.0.

Parameters:verification_key (bytes) – Verification key
Return type:DecryptionMaterials
class aws_encryption_sdk.materials_managers.DecryptionMaterialsRequest(algorithm, encrypted_data_keys, encryption_context)

Bases: object

Request object to provide to a crypto material manager’s decrypt_materials method.

New in version 1.3.0.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to provide to master keys for underlying decrypt requests
  • encrypted_data_keys (set of aws_encryption_sdk.structures.EncryptedDataKey) – Set of encrypted data keys
  • encryption_context (dict) – Encryption context to provide to master keys for underlying decrypt requests
class aws_encryption_sdk.materials_managers.EncryptionMaterials(algorithm=None, data_encryption_key=None, encrypted_data_keys=None, encryption_context=None, signing_key=None, **kwargs)

Bases: aws_encryption_sdk.materials_managers.CryptographicMaterials

Encryption materials returned by a crypto material manager’s get_encryption_materials method.

New in version 1.3.0.

New in version 2.0.0: Most parameters are now optional.

Parameters:
  • algorithm (Algorithm) – Algorithm to use for encrypting message
  • data_encryption_key (RawDataKey) – Plaintext data key to use for encrypting message (optional)
  • encrypted_data_keys (list of EncryptedDataKey) – List of encrypted data keys (optional)
  • encryption_context (dict) – Encryption context tied to encrypted_data_keys
  • signing_key (bytes) – Encoded signing key (optional)
encrypted_data_keys

Return a read-only version of the encrypted data keys.

Return type:Tuple[EncryptedDataKey]
is_complete

Determine whether these materials are sufficiently complete for use as encryption materials.

Return type:bool
with_data_encryption_key(data_encryption_key)

Get new encryption materials that also include this data encryption key.

New in version 2.0.0.

Parameters:

data_encryption_key (RawDataKey) – Data encryption key

Return type:

EncryptionMaterials

Raises:
with_encrypted_data_key(encrypted_data_key)

Get new encryption materials that also include this encrypted data key.

New in version 2.0.0.

Parameters:encrypted_data_key (EncryptedDataKey) – Encrypted data key to add
Return type:EncryptionMaterials
Raises:AttributeError – if data encryption key is not set
with_signing_key(signing_key)

Get new encryption materials that also include this signing key.

New in version 2.0.0.

Parameters:

signing_key (bytes) – Signing key

Return type:

EncryptionMaterials

Raises:
class aws_encryption_sdk.materials_managers.EncryptionMaterialsRequest(encryption_context, frame_length, plaintext_rostream=None, algorithm=None, plaintext_length=None)

Bases: object

Request object to provide to a crypto material manager’s get_encryption_materials method.

New in version 1.3.0.

Warning

If plaintext_rostream seek position is modified, it must be returned before leaving method.

Parameters:
  • encryption_context (dict) – Encryption context passed to underlying master key provider and master keys
  • frame_length (int) – Frame length to be used while encrypting stream
  • plaintext_rostream (aws_encryption_sdk.internal.utils.streams.ROStream) – Source plaintext read-only stream (optional)
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm passed to underlying master key provider and master keys (optional)
  • plaintext_length (int) – Length of source plaintext (optional)