aws_encryption_sdk.identifiers

AWS Encryption SDK native data structures for defining implementation-specific characteristics.

Classes

Algorithm

alias of AlgorithmSuite

AlgorithmSuite(value)

Static combinations of encryption, KDF, and authentication algorithms.

AuthenticationSuite(value)

Static definition of authentication algorithm details.

CommitmentPolicy(value)

Controls algorithm suites that can be used on encryption and decryption.

ContentAADString(value)

Body Additional Authenticated Data values for building the AAD for a message body.

ContentType(value)

Type of content framing contained in message.

EncryptionKeyType(value)

Identifies raw encryption key type.

EncryptionSuite(value)

Static definition of encryption algorithm details.

EncryptionType(value)

Identifies symmetric vs asymmetric encryption.

KDFSuite(value)

Static definition of key derivation algorithm details.

ObjectType(value)

Valid Type values per the AWS Encryption SDK message format.

SequenceIdentifier(value)

Identifiers for specific sequence frames.

SerializationVersion(value)

Valid Versions of AWS Encryption SDK message format.

WrappingAlgorithm(value)

Wrapping Algorithms for use by RawMasterKey objects.

class aws_encryption_sdk.identifiers.EncryptionSuite(value)

Bases: Enum

Static definition of encryption algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters
  • algorithm (cryptography.io ciphers algorithm object) – Encryption algorithm to use

  • mode (cryptography.io ciphers modes object) – Encryption mode in which to operate

  • data_key_length (int) – Number of bytes in envelope encryption data key

  • iv_length (int) – Number of bytes in IV

  • auth_length (int) – Number of bytes in auth data (tag)

  • auth_key_length (int) – Number of bytes in auth key (not currently supported by any algorithms)

Prepare a new EncryptionSuite.

valid_kdf(kdf)

Determine whether a KDFSuite can be used with this EncryptionSuite.

Parameters

kdf (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to evaluate

Return type

bool

class aws_encryption_sdk.identifiers.KDFSuite(value)

Bases: Enum

Static definition of key derivation algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters
  • algorithm (cryptography.io KDF object) – KDF algorithm to use

  • input_length (int) – Number of bytes of input data to feed into KDF function

  • hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in KDF

Prepare a new KDFSuite.

input_length(encryption: EncryptionSuite) int

Determine the correct KDF input value length for this KDFSuite when used with a specific EncryptionSuite.

Parameters

encryption (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use

Return type

int

class aws_encryption_sdk.identifiers.AuthenticationSuite(value)

Bases: Enum

Static definition of authentication algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters
  • algorithm (may vary (currently only ECC curve object)) – Information needed by signing algorithm to define behavior

  • hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in signature

  • signature_lenth (int) – Number of bytes in signature

Prepare a new AuthenticationSuite.

class aws_encryption_sdk.identifiers.AlgorithmSuite(value)

Bases: Enum

Static combinations of encryption, KDF, and authentication algorithms.

Warning

No AlgorithmSuites except those defined here are supported.

Parameters

Prepare a new AlgorithmSuite.

property kdf_input_len

Determine the correct KDF input value length for this algorithm suite.

classmethod get_by_id(algorithm_id)

Return the correct member based on the algorithm_id value.

Parameters

algorithm_id (int) – Value of algorithm_id field with which to retrieve Algorithm

Returns

Algorithm with ID algorithm_id

Return type

aws_encryption_sdk.identifiers.Algorithm

id_as_bytes()

Return the algorithm suite ID as a 2-byte array

safe_to_cache()

Determine whether encryption materials for this algorithm suite should be cached.

is_committing()

Determine whether this algorithm suite offers key commitment.

is_signing()

Determine whether this algorithm suite includes signing.

message_id_length()

Returns the size of the message id.

algorithm_suite_data_length()

Returns the length of the Algorithm Suite Data field.

aws_encryption_sdk.identifiers.Algorithm

alias of AlgorithmSuite

class aws_encryption_sdk.identifiers.EncryptionType(value)

Bases: Enum

Identifies symmetric vs asymmetric encryption. Used to identify encryption type for WrappingAlgorithm.

class aws_encryption_sdk.identifiers.EncryptionKeyType(value)

Bases: Enum

Identifies raw encryption key type. Used to identify key capabilities for WrappingAlgorithm.

class aws_encryption_sdk.identifiers.WrappingAlgorithm(value)

Bases: Enum

Wrapping Algorithms for use by RawMasterKey objects.

Parameters
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Encryption algorithm to use for encryption of data keys

  • padding_type – Padding type to use for encryption of data keys

  • padding_algorithm – Padding algorithm to use for encryption of data keys

  • padding_mgf – Padding MGF to use for encryption of data keys

Prepares new WrappingAlgorithm.

class aws_encryption_sdk.identifiers.ObjectType(value)

Bases: Enum

Valid Type values per the AWS Encryption SDK message format.

class aws_encryption_sdk.identifiers.SequenceIdentifier(value)

Bases: Enum

Identifiers for specific sequence frames.

class aws_encryption_sdk.identifiers.SerializationVersion(value)

Bases: Enum

Valid Versions of AWS Encryption SDK message format.

class aws_encryption_sdk.identifiers.ContentType(value)

Bases: Enum

Type of content framing contained in message.

class aws_encryption_sdk.identifiers.ContentAADString(value)

Bases: Enum

Body Additional Authenticated Data values for building the AAD for a message body.

class aws_encryption_sdk.identifiers.CommitmentPolicy(value)

Bases: Enum

Controls algorithm suites that can be used on encryption and decryption.