aws_encryption_sdk.internal.crypto.encryption

Contains encryption primitives and helper functions.

Functions

decrypt(algorithm, key, encrypted_data, …) Decrypts a frame body.
encrypt(algorithm, key, plaintext, …) Encrypts a frame body.

Classes

Decryptor(algorithm, key, associated_data, …) Abstract decryption handler.
Encryptor(algorithm, key, associated_data, iv) Abstract encryption handler.
class aws_encryption_sdk.internal.crypto.encryption.Encryptor(algorithm, key, associated_data, iv)

Bases: object

Abstract encryption handler.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body
  • key (bytes) – Encryption key
  • associated_data (bytes) – Associated Data to send to encryption subsystem
  • iv (bytes) – IV to use when encrypting message

Prepares initial values.

update(plaintext)

Updates _encryptor with provided plaintext.

Parameters:plaintext (bytes) – Plaintext to encrypt
Returns:Encrypted ciphertext
Return type:bytes
finalize()

Finalizes and closes _encryptor.

Returns:Final encrypted ciphertext
Return type:bytes
tag

Returns the _encryptor tag from the encryption subsystem.

Returns:Encryptor tag
Return type:bytes
aws_encryption_sdk.internal.crypto.encryption.encrypt(algorithm, key, plaintext, associated_data, iv)

Encrypts a frame body.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body
  • key (bytes) – Encryption key
  • plaintext (bytes) – Body plaintext
  • associated_data (bytes) – Body AAD Data
  • iv (bytes) – IV to use when encrypting message
Returns:

Deserialized object containing encrypted body

Return type:

aws_encryption_sdk.internal.structures.EncryptedData

class aws_encryption_sdk.internal.crypto.encryption.Decryptor(algorithm, key, associated_data, iv, tag)

Bases: object

Abstract decryption handler.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body
  • key (bytes) – Raw source key
  • associated_data (bytes) – Associated Data to send to decryption subsystem
  • iv (bytes) – IV value with which to initialize decryption subsystem
  • tag (bytes) – Tag with which to validate ciphertext

Prepares initial values.

update(ciphertext)

Updates _decryptor with provided ciphertext.

Parameters:ciphertext (bytes) – Ciphertext to decrypt
Returns:Decrypted plaintext
Return type:bytes
finalize()

Finalizes and closes _decryptor.

Returns:Final decrypted plaintext
Return type:bytes
aws_encryption_sdk.internal.crypto.encryption.decrypt(algorithm, key, encrypted_data, associated_data)

Decrypts a frame body.

Parameters:
Returns:

Plaintext of body

Return type:

bytes