aws_encryption_sdk.internal.crypto.authentication

Contains authentication primitives.

Classes

Signer(algorithm, key) Abstract signing handler.
Verifier(algorithm, key) Abstract signature verification handler.
class aws_encryption_sdk.internal.crypto.authentication.Signer(algorithm, key)

Bases: aws_encryption_sdk.internal.crypto.authentication._PrehashingAuthenticator

Abstract signing handler.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm on which to base signer
  • key (currently only Elliptic Curve Private Keys are supported) – Private key from which a signer can be generated

Prepares initial values.

encoded_public_key()

Returns the encoded public key.

Note

For ECC curves, this will return the encoded compressed public point.

Returns:Encoded public key from signer
Return type:bytes
finalize()

Finalizes the signer and returns the signature.

Returns:Calculated signer signature
Return type:bytes
classmethod from_key_bytes(algorithm, key_bytes)

Builds a Signer from an algorithm suite and a raw signing key.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm on which to base signer
  • key_bytes (bytes) – Raw signing key
Return type:

aws_encryption_sdk.internal.crypto.Signer

key_bytes()

Returns the raw signing key.

Return type:bytes
update(data)

Updates the cryptographic signer with the supplied data.

Parameters:data (bytes) – Data to be signed
class aws_encryption_sdk.internal.crypto.authentication.Verifier(algorithm, key)

Bases: aws_encryption_sdk.internal.crypto.authentication._PrehashingAuthenticator

Abstract signature verification handler.

Note

For ECC curves, the signature must be DER encoded as specified in RFC 3279.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm on which to base verifier
  • public_key (may vary) – Appropriate public key object for algorithm

Prepares initial values.

classmethod from_encoded_point(algorithm, encoded_point)

Creates a Verifier object based on the supplied algorithm and encoded compressed ECC curve point.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm on which to base verifier
  • encoded_point (bytes) – ECC public point compressed and encoded with _ecc_encode_compressed_point
Returns:

Instance of Verifier generated from encoded point

Return type:

aws_encryption_sdk.internal.crypto.Verifier

classmethod from_key_bytes(algorithm, key_bytes)

Creates a Verifier object based on the supplied algorithm and raw verification key.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm on which to base verifier
  • encoded_point (bytes) – Raw verification key
Returns:

Instance of Verifier generated from encoded point

Return type:

aws_encryption_sdk.internal.crypto.Verifier

key_bytes()

Returns the raw verification key.

Return type:bytes
update(data)

Updates the cryptographic verifier with the supplied data.

Parameters:data (bytes) – Data to verify using the signature
verify(signature)

Verifies the signature against the current cryptographic verifier state.

Parameters:signature (bytes) – The signature to verify