aws_encryption_sdk.internal.formatting.serialize

Components for handling AWS Encryption SDK message serialization.

Functions

`serialize_encrypted_data_key`(encrypted_data_key)	Serializes an encrypted data key.
`serialize_footer`(signer)	Uses the signer object which has been used to sign the message to generate the signature, then serializes that signature.
`serialize_frame`(algorithm, plaintext, ...[, ...])	Receives a message plaintext, breaks off a frame, encrypts and serializes the frame, and returns the encrypted frame and the remaining plaintext.
`serialize_header`(header[, signer])	Serializes a header object.
`serialize_header_auth`(version, algorithm, ...)	Creates serialized header authentication data.
`serialize_non_framed_close`(tag[, signer])	Serializes the closing block for a non-framed message body.
`serialize_non_framed_open`(algorithm, iv, ...)	Serializes the opening block for a non-framed message body.
`serialize_raw_master_key_prefix`(raw_master_key)	Produces the prefix that a RawMasterKey will always use for the key_info value of keys which require additional information.
`serialize_wrapped_key`(key_provider, ...)	Serializes EncryptedData into a Wrapped EncryptedDataKey.

aws_encryption_sdk.internal.formatting.serialize.serialize_encrypted_data_key(encrypted_data_key)

Serializes an encrypted data key.

New in version 1.3.0.

Parameters: encrypted_data_key (aws_encryption_sdk.structures.EncryptedDataKey) – Encrypted data key to serialize
Returns: Serialized encrypted data key
Return type: bytes

aws_encryption_sdk.internal.formatting.serialize.serialize_header(header, signer=None)

Serializes a header object.

Parameters

header (aws_encryption_sdk.structures.MessageHeader) – Header to serialize
signer (aws_encryption_sdk.internal.crypto.Signer) – Cryptographic signer object (optional)

Returns

Serialized header

Return type

bytes

aws_encryption_sdk.internal.formatting.serialize.serialize_header_auth(version, algorithm, header, data_encryption_key, signer=None)

Creates serialized header authentication data.

Parameters

version (int) – The serialization version of the message
algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
header (bytes) – Serialized message header
data_encryption_key (bytes) – Data key with which to encrypt message
signer (aws_encryption_sdk.Signer) – Cryptographic signer object (optional)

Returns

Serialized header authentication data

Return type

bytes

aws_encryption_sdk.internal.formatting.serialize.serialize_non_framed_open(algorithm, iv, plaintext_length, signer=None)

Serializes the opening block for a non-framed message body.

Parameters

algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
iv (bytes) – IV value used to encrypt body
plaintext_length (int) – Length of plaintext (and thus ciphertext) in body
signer (aws_encryption_sdk.internal.crypto.Signer) – Cryptographic signer object (optional)

Returns

Serialized body start block

Return type

bytes

aws_encryption_sdk.internal.formatting.serialize.serialize_non_framed_close(tag, signer=None)

Serializes the closing block for a non-framed message body.

Parameters

tag (bytes) – Auth tag value from body encryptor
signer (aws_encryption_sdk.internal.crypto.Signer) – Cryptographic signer object (optional)

Returns

Serialized body close block

Return type

bytes

aws_encryption_sdk.internal.formatting.serialize.serialize_frame(algorithm, plaintext, message_id, data_encryption_key, frame_length, sequence_number, is_final_frame, signer=None)

Receives a message plaintext, breaks off a frame, encrypts and serializes the frame, and returns the encrypted frame and the remaining plaintext.

Parameters

algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
plaintext (bytes) – Source plaintext to encrypt and serialize
message_id (bytes) – Message ID
data_encryption_key (bytes) – Data key with which to encrypt message
frame_length (int) – Length of the framed data
sequence_number (int) – Sequence number for frame to be generated
is_final_frame (bool) – Boolean stating whether or not this frame is a final frame
signer (aws_encryption_sdk.Signer) – Cryptographic signer object (optional)

Returns

Serialized frame and remaining plaintext

Return type

tuple of bytes

Raises

SerializationError – if number of frames is too large

aws_encryption_sdk.internal.formatting.serialize.serialize_footer(signer)

Uses the signer object which has been used to sign the message to generate the signature, then serializes that signature.

Parameters: signer (aws_encryption_sdk.internal.crypto.Signer) – Cryptographic signer object
Returns: Serialized footer
Return type: bytes

aws_encryption_sdk.internal.formatting.serialize.serialize_raw_master_key_prefix(raw_master_key)

Produces the prefix that a RawMasterKey will always use for the key_info value of keys which require additional information.

Parameters: raw_master_key (aws_encryption_sdk.key_providers.raw.RawMasterKey) – RawMasterKey for which to produce a prefix
Returns: Serialized key_info prefix
Return type: bytes

aws_encryption_sdk.internal.formatting.serialize.serialize_wrapped_key(key_provider, wrapping_algorithm, wrapping_key_id, encrypted_wrapped_key)

Serializes EncryptedData into a Wrapped EncryptedDataKey.

Parameters

key_provider (aws_encryption_sdk.structures.MasterKeyInfo) – Info for Wrapping MasterKey
wrapping_algorithm (aws_encryption_sdk.identifiers.WrappingAlgorithm) – Wrapping Algorithm with which to wrap plaintext_data_key
wrapping_key_id (bytes) – Key ID of wrapping MasterKey
encrypted_wrapped_key (aws_encryption_sdk.internal.structures.EncryptedData) – Encrypted data key

Returns

Wrapped EncryptedDataKey

Return type

aws_encryption_sdk.structures.EncryptedDataKey