aws_encryption_sdk.internal.crypto.encryption

Contains encryption primitives and helper functions.

Functions

decrypt(algorithm, key, encrypted_data, ...)	Decrypts a frame body.
encrypt(algorithm, key, plaintext, ...)	Encrypts a frame body.

Classes

Decryptor(algorithm, key, associated_data, ...)	Abstract decryption handler.
Encryptor(algorithm, key, associated_data, iv)	Abstract encryption handler.

class aws_encryption_sdk.internal.crypto.encryption.Encryptor(algorithm, key, associated_data, iv)

Bases: object

Abstract encryption handler.

Parameters

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body

• key (bytes) – Encryption key

• associated_data (bytes) – Associated Data to send to encryption subsystem

• iv (bytes) – IV to use when encrypting message

Prepares initial values.

update(plaintext)

Updates _encryptor with provided plaintext.

Parameters

plaintext (bytes) – Plaintext to encrypt

Returns

Encrypted ciphertext

Return type

bytes

finalize()

Finalizes and closes _encryptor.

Returns

Final encrypted ciphertext

Return type

bytes

property tag

Returns the _encryptor tag from the encryption subsystem.

Returns

Encryptor tag

Return type

bytes

aws_encryption_sdk.internal.crypto.encryption.encrypt(algorithm, key, plaintext, associated_data, iv)

Encrypts a frame body.

Parameters

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body

• key (bytes) – Encryption key

• plaintext (bytes) – Body plaintext

• associated_data (bytes) – Body AAD Data

• iv (bytes) – IV to use when encrypting message

Returns

Deserialized object containing encrypted body

Return type

aws_encryption_sdk.internal.structures.EncryptedData

class aws_encryption_sdk.internal.crypto.encryption.Decryptor(algorithm, key, associated_data, iv, tag)

Bases: object

Abstract decryption handler.

Parameters

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body

• key (bytes) – Raw source key

• associated_data (bytes) – Associated Data to send to decryption subsystem

• iv (bytes) – IV value with which to initialize decryption subsystem

• tag (bytes) – Tag with which to validate ciphertext

Prepares initial values.

update(ciphertext)

Updates _decryptor with provided ciphertext.

Parameters

ciphertext (bytes) – Ciphertext to decrypt

Returns

Decrypted plaintext

Return type

bytes

finalize()

Finalizes and closes _decryptor.

Returns

Final decrypted plaintext

Return type

bytes

aws_encryption_sdk.internal.crypto.encryption.decrypt(algorithm, key, encrypted_data, associated_data)

Decrypts a frame body.

Parameters

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body

• key (bytes) – Plaintext data key

• encrypted_data (aws_encryption_sdk.internal.structures.EncryptedData, aws_encryption_sdk.internal.structures.FrameBody, or aws_encryption_sdk.internal.structures.MessageNoFrameBody) – EncryptedData containing body data

• associated_data (bytes) – AAD string generated for body

Returns

Plaintext of body

Return type

bytes