aws_encryption_sdk.internal.crypto.authentication

Contains authentication primitives.

Classes

Signer(algorithm, key)

Abstract signing handler.

Verifier(algorithm, key)

Abstract signature verification handler.
class aws_encryption_sdk.internal.crypto.authentication.Signer(algorithm, key)

Bases: _PrehashingAuthenticator

Abstract signing handler.

Parameters

  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm on which to base signer

  • key (currently only Elliptic Curve Private Keys are supported) – Private key from which a signer can be generated

Prepares initial values.

classmethod from_key_bytes(algorithm, key_bytes, encoding=Encoding.DER)

Builds a Signer from an algorithm suite and a raw signing key.

Parameters

  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm on which to base signer

  • key_bytes (bytes) – Raw signing key

Return type

aws_encryption_sdk.internal.crypto.Signer

key_bytes()

Returns the raw signing key.

Return type

bytes

encoded_public_key()

Returns the encoded public key.

Note

For ECC curves, this will return the encoded compressed public point.

Returns

Encoded public key from signer

Return type

bytes

update(data)

Updates the cryptographic signer with the supplied data.

Parameters

data (bytes) – Data to be signed

finalize()

Finalizes the signer and returns the signature.

Returns

Calculated signer signature

Return type

bytes

class aws_encryption_sdk.internal.crypto.authentication.Verifier(algorithm, key)

Bases: _PrehashingAuthenticator

Abstract signature verification handler.

Note

For ECC curves, the signature must be DER encoded as specified in RFC 3279.

Parameters

  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm on which to base verifier

  • public_key (may vary) – Appropriate public key object for algorithm

Prepares initial values.

classmethod from_encoded_point(algorithm, encoded_point)

Creates a Verifier object based on the supplied algorithm and encoded compressed ECC curve point.

Parameters

  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm on which to base verifier

  • encoded_point (bytes) – ECC public point compressed and encoded with _ecc_encode_compressed_point

Returns

Instance of Verifier generated from encoded point

Return type

aws_encryption_sdk.internal.crypto.Verifier

classmethod from_key_bytes(algorithm, key_bytes)

Creates a Verifier object based on the supplied algorithm and raw verification key.

Parameters

  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm on which to base verifier

  • encoded_point (bytes) – Raw verification key

Returns

Instance of Verifier generated from encoded point

Return type

aws_encryption_sdk.internal.crypto.Verifier

key_bytes()

Returns the raw verification key.

Return type

bytes

update(data)

Updates the cryptographic verifier with the supplied data.

Parameters

data (bytes) – Data to verify using the signature

verify(signature)

Verifies the signature against the current cryptographic verifier state.

Parameters

signature (bytes) – The signature to verify