aws_encryption_sdk.internal.formatting.serialize

Components for handling AWS Encryption SDK message serialization.

Functions

serialize_encrypted_data_key(encrypted_data_key) Serializes an encrypted data key.
serialize_footer(signer) Uses the signer object which has been used to sign the message to generate the signature, then serializes that signature.
serialize_frame(algorithm, plaintext, …[, …]) Receives a message plaintext, breaks off a frame, encrypts and serializes the frame, and returns the encrypted frame and the remaining plaintext.
serialize_header(header[, signer]) Serializes a header object.
serialize_header_auth(version, algorithm, …) Creates serialized header authentication data.
serialize_non_framed_close(tag[, signer]) Serializes the closing block for a non-framed message body.
serialize_non_framed_open(algorithm, iv, …) Serializes the opening block for a non-framed message body.
serialize_raw_master_key_prefix(raw_master_key) Produces the prefix that a RawMasterKey will always use for the key_info value of keys which require additional information.
serialize_wrapped_key(key_provider, …) Serializes EncryptedData into a Wrapped EncryptedDataKey.
aws_encryption_sdk.internal.formatting.serialize.serialize_encrypted_data_key(encrypted_data_key)

Serializes an encrypted data key.

New in version 1.3.0.

Parameters:encrypted_data_key (aws_encryption_sdk.structures.EncryptedDataKey) – Encrypted data key to serialize
Returns:Serialized encrypted data key
Return type:bytes

Uses the signer object which has been used to sign the message to generate the signature, then serializes that signature.

Parameters:signer (aws_encryption_sdk.internal.crypto.Signer) – Cryptographic signer object
Returns:Serialized footer
Return type:bytes
aws_encryption_sdk.internal.formatting.serialize.serialize_frame(algorithm, plaintext, message_id, data_encryption_key, frame_length, sequence_number, is_final_frame, signer=None)

Receives a message plaintext, breaks off a frame, encrypts and serializes the frame, and returns the encrypted frame and the remaining plaintext.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
  • plaintext (bytes) – Source plaintext to encrypt and serialize
  • message_id (bytes) – Message ID
  • data_encryption_key (bytes) – Data key with which to encrypt message
  • frame_length (int) – Length of the framed data
  • sequence_number (int) – Sequence number for frame to be generated
  • is_final_frame (bool) – Boolean stating whether or not this frame is a final frame
  • signer (aws_encryption_sdk.Signer) – Cryptographic signer object (optional)
Returns:

Serialized frame and remaining plaintext

Return type:

tuple of bytes

Raises:

SerializationError – if number of frames is too large

aws_encryption_sdk.internal.formatting.serialize.serialize_header(header, signer=None)

Serializes a header object.

Parameters:
Returns:

Serialized header

Return type:

bytes

aws_encryption_sdk.internal.formatting.serialize.serialize_header_auth(version, algorithm, header, data_encryption_key, signer=None)

Creates serialized header authentication data.

Parameters:
  • version (int) – The serialization version of the message
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
  • header (bytes) – Serialized message header
  • data_encryption_key (bytes) – Data key with which to encrypt message
  • signer (aws_encryption_sdk.Signer) – Cryptographic signer object (optional)
Returns:

Serialized header authentication data

Return type:

bytes

aws_encryption_sdk.internal.formatting.serialize.serialize_non_framed_close(tag, signer=None)

Serializes the closing block for a non-framed message body.

Parameters:
  • tag (bytes) – Auth tag value from body encryptor
  • signer (aws_encryption_sdk.internal.crypto.Signer) – Cryptographic signer object (optional)
Returns:

Serialized body close block

Return type:

bytes

aws_encryption_sdk.internal.formatting.serialize.serialize_non_framed_open(algorithm, iv, plaintext_length, signer=None)

Serializes the opening block for a non-framed message body.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
  • iv (bytes) – IV value used to encrypt body
  • plaintext_length (int) – Length of plaintext (and thus ciphertext) in body
  • signer (aws_encryption_sdk.internal.crypto.Signer) – Cryptographic signer object (optional)
Returns:

Serialized body start block

Return type:

bytes

aws_encryption_sdk.internal.formatting.serialize.serialize_raw_master_key_prefix(raw_master_key)

Produces the prefix that a RawMasterKey will always use for the key_info value of keys which require additional information.

Parameters:raw_master_key (aws_encryption_sdk.key_providers.raw.RawMasterKey) – RawMasterKey for which to produce a prefix
Returns:Serialized key_info prefix
Return type:bytes
aws_encryption_sdk.internal.formatting.serialize.serialize_wrapped_key(key_provider, wrapping_algorithm, wrapping_key_id, encrypted_wrapped_key)

Serializes EncryptedData into a Wrapped EncryptedDataKey.

Parameters:
Returns:

Wrapped EncryptedDataKey

Return type:

aws_encryption_sdk.structures.EncryptedDataKey