aws_encryption_sdk.structures¶
Public data structures for aws_encryption_sdk.
Classes
CryptoResult (result, header) |
Result container for one-shot cryptographic API results. |
DataKey (key_provider, data_key, …) |
Holds both the encrypted and unencrypted copies of a data key. |
EncryptedDataKey (key_provider, …) |
Holds only the encrypted copy of a data key. |
MasterKeyInfo (provider_id, key_info[, key_name]) |
Contains information necessary to identify a Master Key. |
MessageHeader (version, type, algorithm, …) |
Deserialized message header object. |
RawDataKey (key_provider, data_key) |
Hold only the unencrypted copy of a data key. |
-
class
aws_encryption_sdk.structures.
CryptoResult
(result, header)¶ Bases:
object
Result container for one-shot cryptographic API results.
New in version 2.0.0.
Note
For backwards compatibility, this container also unpacks like a 2-member tuple. This allows for backwards compatibility with the previous outputs.
Parameters: - result (bytes) – Binary results of the cryptographic operation
- header (MessageHeader) – Encrypted message metadata
-
class
aws_encryption_sdk.structures.
DataKey
(key_provider, data_key, encrypted_data_key)¶ Bases:
object
Holds both the encrypted and unencrypted copies of a data key.
Parameters: - key_provider (aws_encryption_sdk.structures.MasterKeyInfo) – Key Provider information
- data_key (bytes) – Plaintext data key
- encrypted_data_key (bytes) – Encrypted data key
-
class
aws_encryption_sdk.structures.
EncryptedDataKey
(key_provider, encrypted_data_key)¶ Bases:
object
Holds only the encrypted copy of a data key.
Parameters: - key_provider (aws_encryption_sdk.structures.MasterKeyInfo) – Key Provider information
- encrypted_data_key (bytes) – Encrypted data key
-
classmethod
from_data_key
(data_key)¶ Build an
EncryptedDataKey
from aDataKey
.New in version 2.0.0.
-
class
aws_encryption_sdk.structures.
MasterKeyInfo
(provider_id, key_info, key_name=None)¶ Bases:
object
Contains information necessary to identify a Master Key.
Note
The only keyring or master key that should need to set
key_name
is the Raw AES keyring/master key. For all other keyrings and master keys,key_info
andkey_name
should always be the same.New in version 2.0.0:
key_name
Parameters: -
key_namespace
¶ Access the key namespace value (previously, provider ID).
New in version 2.0.0.
-
-
class
aws_encryption_sdk.structures.
MessageHeader
(version, type, algorithm, message_id, encryption_context, encrypted_data_keys, content_type, content_aad_length, header_iv_length, frame_length)¶ Bases:
object
Deserialized message header object.
Parameters: - version (SerializationVersion) – Message format version, per spec
- type (ObjectType) – Message content type, per spec
- algorithm (AlgorithmSuite) – Algorithm to use for encryption
- message_id (bytes) – Message ID
- encryption_context (Dict[str,str]) – Dictionary defining encryption context
- encrypted_data_keys (Sequence[EncryptedDataKey]) – Encrypted data keys
- content_type (ContentType) – Message content framing type (framed/non-framed)
- content_aad_length (int) – empty
- header_iv_length (int) – Bytes in Initialization Vector value found in header
- frame_length (int) – Length of message frame in bytes
-
class
aws_encryption_sdk.structures.
RawDataKey
(key_provider, data_key)¶ Bases:
object
Hold only the unencrypted copy of a data key.
Parameters: - key_provider (aws_encryption_sdk.structures.MasterKeyInfo) – Key Provider information
- data_key (bytes) – Plaintext data key
-
classmethod
from_data_key
(data_key)¶ Build an
RawDataKey
from aDataKey
.New in version 2.0.0.