aws_encryption_sdk.identifiers

AWS Encryption SDK native data structures for defining implementation-specific characteristics.

Classes

Algorithm alias of aws_encryption_sdk.identifiers.AlgorithmSuite
AlgorithmSuite(algorithm_id, encryption, …) Static combinations of encryption, KDF, and authentication algorithms.
AuthenticationSuite(algorithm, …) Static definition of authentication algorithm details.
CommitmentPolicy Controls algorithm suites that can be used on encryption and decryption.
ContentAADString Body Additional Authenticated Data values for building the AAD for a message body.
ContentType Type of content framing contained in message.
EncryptionKeyType Identifies raw encryption key type.
EncryptionSuite(algorithm, mode, …[, …]) Static definition of encryption algorithm details.
EncryptionType Identifies symmetric vs asymmetric encryption.
KDFSuite(algorithm, input_length, hash_algorithm) Static definition of key derivation algorithm details.
ObjectType Valid Type values per the AWS Encryption SDK message format.
SequenceIdentifier Identifiers for specific sequence frames.
SerializationVersion Valid Versions of AWS Encryption SDK message format.
WrappingAlgorithm(encryption_type, …) Wrapping Algorithms for use by RawMasterKey objects.
class aws_encryption_sdk.identifiers.EncryptionSuite(algorithm, mode, data_key_length, iv_length, auth_length, auth_key_length=0)

Bases: enum.Enum

Static definition of encryption algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters:
  • algorithm (cryptography.io ciphers algorithm object) – Encryption algorithm to use
  • mode (cryptography.io ciphers modes object) – Encryption mode in which to operate
  • data_key_length (int) – Number of bytes in envelope encryption data key
  • iv_length (int) – Number of bytes in IV
  • auth_length (int) – Number of bytes in auth data (tag)
  • auth_key_length (int) – Number of bytes in auth key (not currently supported by any algorithms)

Prepare a new EncryptionSuite.

valid_kdf(kdf)

Determine whether a KDFSuite can be used with this EncryptionSuite.

Parameters:kdf (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to evaluate
Return type:bool
class aws_encryption_sdk.identifiers.KDFSuite(algorithm, input_length, hash_algorithm)

Bases: enum.Enum

Static definition of key derivation algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters:
  • algorithm (cryptography.io KDF object) – KDF algorithm to use
  • input_length (int) – Number of bytes of input data to feed into KDF function
  • hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in KDF

Prepare a new KDFSuite.

input_length(encryption)

Determine the correct KDF input value length for this KDFSuite when used with a specific EncryptionSuite.

Parameters:encryption (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use
Return type:int
class aws_encryption_sdk.identifiers.AuthenticationSuite(algorithm, hash_algorithm, signature_length)

Bases: enum.Enum

Static definition of authentication algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters:
  • algorithm (may vary (currently only ECC curve object)) – Information needed by signing algorithm to define behavior
  • hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in signature
  • signature_lenth (int) – Number of bytes in signature

Prepare a new AuthenticationSuite.

class aws_encryption_sdk.identifiers.AlgorithmSuite(algorithm_id, encryption, message_format_version, kdf=<KDFSuite.NONE: (None, None, None)>, authentication=<AuthenticationSuite.NONE: (None, None, 0)>, allowed=True)

Bases: enum.Enum

Static combinations of encryption, KDF, and authentication algorithms.

Warning

No AlgorithmSuites except those defined here are supported.

Parameters:

Prepare a new AlgorithmSuite.

kdf_input_len

Determine the correct KDF input value length for this algorithm suite.

id_as_bytes()

Return the algorithm suite ID as a 2-byte array

safe_to_cache()

Determine whether encryption materials for this algorithm suite should be cached.

is_committing()

Determine whether this algorithm suite offers key commitment.

is_signing()

Determine whether this algorithm suite includes signing.

message_id_length()

Returns the size of the message id.

algorithm_suite_data_length()

Returns the length of the Algorithm Suite Data field.

aws_encryption_sdk.identifiers.Algorithm

alias of aws_encryption_sdk.identifiers.AlgorithmSuite

class aws_encryption_sdk.identifiers.EncryptionType

Bases: enum.Enum

Identifies symmetric vs asymmetric encryption. Used to identify encryption type for WrappingAlgorithm.

class aws_encryption_sdk.identifiers.EncryptionKeyType

Bases: enum.Enum

Identifies raw encryption key type. Used to identify key capabilities for WrappingAlgorithm.

class aws_encryption_sdk.identifiers.WrappingAlgorithm(encryption_type, algorithm, padding_type, padding_algorithm, padding_mgf)

Bases: enum.Enum

Wrapping Algorithms for use by RawMasterKey objects.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Encryption algorithm to use for encryption of data keys
  • padding_type – Padding type to use for encryption of data keys
  • padding_algorithm – Padding algorithm to use for encryption of data keys
  • padding_mgf – Padding MGF to use for encryption of data keys

Prepares new WrappingAlgorithm.

class aws_encryption_sdk.identifiers.ObjectType

Bases: enum.Enum

Valid Type values per the AWS Encryption SDK message format.

class aws_encryption_sdk.identifiers.SequenceIdentifier

Bases: enum.Enum

Identifiers for specific sequence frames.

class aws_encryption_sdk.identifiers.SerializationVersion

Bases: enum.Enum

Valid Versions of AWS Encryption SDK message format.

class aws_encryption_sdk.identifiers.ContentType

Bases: enum.Enum

Type of content framing contained in message.

class aws_encryption_sdk.identifiers.ContentAADString

Bases: enum.Enum

Body Additional Authenticated Data values for building the AAD for a message body.

class aws_encryption_sdk.identifiers.CommitmentPolicy

Bases: enum.Enum

Controls algorithm suites that can be used on encryption and decryption.