aws_encryption_sdk.structures

Public data structures for aws_encryption_sdk.

Classes

CryptoResult(result, header)	Result container for one-shot cryptographic API results.
DataKey(key_provider, data_key, …)	Holds both the encrypted and unencrypted copies of a data key.
EncryptedDataKey(key_provider, …)	Holds only the encrypted copy of a data key.
MasterKeyInfo(provider_id, key_info[, key_name])	Contains information necessary to identify a Master Key.
MessageHeader(version, type, algorithm, …)	Deserialized message header object.
RawDataKey(key_provider, data_key)	Hold only the unencrypted copy of a data key.

class aws_encryption_sdk.structures.CryptoResult(result, header)

Bases: object

Result container for one-shot cryptographic API results.

New in version 2.0.0.

Note

For backwards compatibility, this container also unpacks like a 2-member tuple. This allows for backwards compatibility with the previous outputs.

Parameters:

• result (bytes) – Binary results of the cryptographic operation
• header (MessageHeader) – Encrypted message metadata

class aws_encryption_sdk.structures.DataKey(key_provider, data_key, encrypted_data_key)

Bases: object

Holds both the encrypted and unencrypted copies of a data key.

Parameters:

• key_provider (aws_encryption_sdk.structures.MasterKeyInfo) – Key Provider information
• data_key (bytes) – Plaintext data key
• encrypted_data_key (bytes) – Encrypted data key

class aws_encryption_sdk.structures.EncryptedDataKey(key_provider, encrypted_data_key)

Bases: object

Holds only the encrypted copy of a data key.

Parameters:

• key_provider (aws_encryption_sdk.structures.MasterKeyInfo) – Key Provider information
• encrypted_data_key (bytes) – Encrypted data key

classmethod from_data_key(data_key)

Build an EncryptedDataKey from a DataKey.

New in version 2.0.0.

class aws_encryption_sdk.structures.MasterKeyInfo(provider_id, key_info, key_name=None)

Bases: object

Contains information necessary to identify a Master Key.

Note

The only keyring or master key that should need to set key_name is the Raw AES keyring/master key. For all other keyrings and master keys, key_info and key_name should always be the same.

New in version 2.0.0: key_name

Parameters:

• provider_id (str) – MasterKey provider_id value
• key_info (bytes) – MasterKey key_info value
• key_name (bytes) – Key name if different than key_info (optional)

key_namespace

Access the key namespace value (previously, provider ID).

New in version 2.0.0.

class aws_encryption_sdk.structures.MessageHeader(version, type, algorithm, message_id, encryption_context, encrypted_data_keys, content_type, content_aad_length, header_iv_length, frame_length)

Bases: object

Deserialized message header object.

Parameters:

• version (SerializationVersion) – Message format version, per spec
• type (ObjectType) – Message content type, per spec
• algorithm (AlgorithmSuite) – Algorithm to use for encryption
• message_id (bytes) – Message ID
• encryption_context (Dict[str,str]) – Dictionary defining encryption context
• encrypted_data_keys (Sequence[EncryptedDataKey]) – Encrypted data keys
• content_type (ContentType) – Message content framing type (framed/non-framed)
• content_aad_length (int) – empty
• header_iv_length (int) – Bytes in Initialization Vector value found in header
• frame_length (int) – Length of message frame in bytes

class aws_encryption_sdk.structures.RawDataKey(key_provider, data_key)

Bases: object

Hold only the unencrypted copy of a data key.

Parameters:

• key_provider (aws_encryption_sdk.structures.MasterKeyInfo) – Key Provider information
• data_key (bytes) – Plaintext data key

classmethod from_data_key(data_key)

Build an RawDataKey from a DataKey.

New in version 2.0.0.