aws_encryption_sdk.streaming_client

High level AWS Encryption SDK client for streaming objects.

Classes

DecryptorConfig(source[, materials_manager, …]) Configuration object for StreamDecryptor class.
EncryptorConfig(source[, materials_manager, …]) Configuration object for StreamEncryptor class.
StreamDecryptor(**kwargs) Provides a streaming encryptor for encrypting a stream source.
StreamEncryptor(**kwargs) Provides a streaming encryptor for encrypting a stream source.
class aws_encryption_sdk.streaming_client.DecryptorConfig(source, materials_manager=None, keyring=None, key_provider=None, source_length=None, line_length=8192, max_body_length=None)

Bases: aws_encryption_sdk.streaming_client._ClientConfig

Configuration object for StreamDecryptor class.

New in version 1.5.0: The keyring parameter.

Parameters:
  • source (str, bytes, io.IOBase, or file) – Source data to encrypt or decrypt
  • materials_manager (CryptoMaterialsManager) – Cryptographic materials manager to use for encryption (either materials_manager, keyring, key_provider required)
  • keyring (Keyring) – Keyring to use for encryption (either materials_manager, keyring, key_provider required)
  • key_provider (MasterKeyProvider) – Master key provider to use for encryption (either materials_manager, keyring, key_provider required)
  • source_length (int) –

    Length of source data (optional)

    Note

    If source_length is not provided and read() is called, will attempt to seek() to the end of the stream and tell() to find the length of source data.

  • max_body_length (int) – Maximum frame size (or content length for non-framed messages) in bytes to read from ciphertext message.
class aws_encryption_sdk.streaming_client.EncryptorConfig(source, materials_manager=None, keyring=None, key_provider=None, source_length=None, line_length=8192, encryption_context=NOTHING, algorithm=None, frame_length=4096)

Bases: aws_encryption_sdk.streaming_client._ClientConfig

Configuration object for StreamEncryptor class.

New in version 1.5.0: The keyring parameter.

Parameters:
  • source (str, bytes, io.IOBase, or file) – Source data to encrypt or decrypt
  • materials_manager (CryptoMaterialsManager) – Cryptographic materials manager to use for encryption (either materials_manager, keyring, key_provider required)
  • keyring (Keyring) – Keyring to use for encryption (either materials_manager, keyring, key_provider required)
  • key_provider (MasterKeyProvider) – Master key provider to use for encryption (either materials_manager, keyring, key_provider required)
  • source_length (int) –

    Length of source data (optional)

    Note

    If source_length is not provided and unframed message is being written or read() is called, will attempt to seek() to the end of the stream and tell() to find the length of source data.

    Note

    New in version 1.3.0.

    If source_length and materials_manager are both provided, the total plaintext bytes encrypted will not be allowed to exceed source_length. To maintain backwards compatibility, this is not enforced if a key_provider is provided.

  • encryption_context (dict) – Dictionary defining encryption context
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption (optional)
  • frame_length (int) – Frame length in bytes (optional)
class aws_encryption_sdk.streaming_client.StreamDecryptor(**kwargs)

Bases: aws_encryption_sdk.streaming_client._EncryptionStream

Provides a streaming encryptor for encrypting a stream source. Behaves as a standard file-like object.

Note

Take care when decrypting framed messages with large frame length and large non-framed messages. See aws_encryption_sdk.stream for more details.

Note

If config is provided, all other parameters are ignored.

New in version 1.5.0: The keyring parameter.

Parameters:
  • config (aws_encryption_sdk.streaming_client.DecryptorConfig) – Client configuration object (config or individual parameters required)
  • source (str, bytes, io.IOBase, or file) – Source data to encrypt or decrypt
  • materials_manager (CryptoMaterialsManager) – Cryptographic materials manager to use for encryption (either materials_manager, keyring, key_provider required)
  • keyring (Keyring) – Keyring to use for encryption (either materials_manager, keyring, key_provider required)
  • key_provider (MasterKeyProvider) – Master key provider to use for encryption (either materials_manager, keyring, key_provider required)
  • source_length (int) –

    Length of source data (optional)

    Note

    If source_length is not provided and read() is called, will attempt to seek() to the end of the stream and tell() to find the length of source data.

  • max_body_length (int) – Maximum frame size (or content length for non-framed messages) in bytes to read from ciphertext message.

Prepares necessary initial values.

close()

Closes out the stream.

class aws_encryption_sdk.streaming_client.StreamEncryptor(**kwargs)

Bases: aws_encryption_sdk.streaming_client._EncryptionStream

Provides a streaming encryptor for encrypting a stream source. Behaves as a standard file-like object.

Note

Take care when encrypting framed messages with large frame length and large non-framed messages. See aws_encryption_sdk.stream for more details.

Note

If config is provided, all other parameters are ignored.

New in version 1.5.0: The keyring parameter.

Parameters:
  • config (aws_encryption_sdk.streaming_client.EncryptorConfig) – Client configuration object (config or individual parameters required)
  • source (str, bytes, io.IOBase, or file) – Source data to encrypt or decrypt
  • materials_manager (CryptoMaterialsManager) – Cryptographic materials manager to use for encryption (either materials_manager, keyring, key_provider required)
  • keyring (Keyring) – Keyring to use for encryption (either materials_manager, keyring, key_provider required)
  • key_provider (MasterKeyProvider) – Master key provider to use for encryption (either materials_manager, keyring, key_provider required)
  • source_length (int) –

    Length of source data (optional)

    Note

    If source_length is not provided and unframed message is being written or read() is called, will attempt to seek() to the end of the stream and tell() to find the length of source data.

    Note

    New in version 1.3.0.

    If source_length and materials_manager are both provided, the total plaintext bytes encrypted will not be allowed to exceed source_length. To maintain backwards compatibility, this is not enforced if a key_provider is provided.

  • encryption_context (dict) – Dictionary defining encryption context
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
  • frame_length (int) – Frame length in bytes

Prepares necessary initial values.

ciphertext_length()

Returns the length of the resulting ciphertext message in bytes.

Return type:int
close()

Closes out the stream.