aws_encryption_sdk.materials_managers

Primitive structures for use when interacting with crypto material managers.

New in version 1.3.0.

Classes

DecryptionMaterials(data_key[, verification_key])	Decryption materials returned by a crypto material manager's decrypt_materials method.
DecryptionMaterialsRequest(algorithm, ...[, ...])	Request object to provide to a crypto material manager's decrypt_materials method.
EncryptionMaterials(algorithm, ...[, ...])	Encryption materials returned by a crypto material manager's get_encryption_materials method.
EncryptionMaterialsRequest(...[, ...])	Request object to provide to a crypto material manager's get_encryption_materials method.

class aws_encryption_sdk.materials_managers.EncryptionMaterialsRequest(encryption_context, frame_length, commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT, plaintext_rostream=None, algorithm=None, plaintext_length=None)

Bases: object

Request object to provide to a crypto material manager’s get_encryption_materials method.

New in version 1.3.0.

Warning

If plaintext_rostream seek position is modified, it must be returned before leaving method.

Parameters

• encryption_context (dict) – Encryption context passed to underlying master key provider and master keys

• frame_length (int) – Frame length to be used while encrypting stream

• plaintext_rostream (aws_encryption_sdk.internal.utils.streams.ROStream) – Source plaintext read-only stream (optional)

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm passed to underlying master key provider and master keys (optional)

• plaintext_length (int) – Length of source plaintext (optional)

Method generated by attrs for class EncryptionMaterialsRequest.

class aws_encryption_sdk.materials_managers.EncryptionMaterials(algorithm, data_encryption_key, encrypted_data_keys, encryption_context, signing_key=None)

Bases: object

Encryption materials returned by a crypto material manager’s get_encryption_materials method.

New in version 1.3.0.

Parameters

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encrypting message

• data_encryption_key (aws_encryption_sdk.structures.DataKey) – Plaintext data key to use for encrypting message

• encrypted_data_keys (list of aws_encryption_sdk.structures.EncryptedDataKey) – List of encrypted data keys

• encryption_context (dict) – Encryption context tied to encrypted_data_keys

• signing_key (bytes) – Encoded signing key

Method generated by attrs for class EncryptionMaterials.

class aws_encryption_sdk.materials_managers.DecryptionMaterialsRequest(algorithm, encrypted_data_keys, encryption_context, commitment_policy=CommitmentPolicy.FORBID_ENCRYPT_ALLOW_DECRYPT)

Bases: object

Request object to provide to a crypto material manager’s decrypt_materials method.

New in version 1.3.0.

Parameters

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to provide to master keys for underlying decrypt requests

• encrypted_data_keys (set of aws_encryption_sdk.structures.EncryptedDataKey) – Set of encrypted data keys

• encryption_context (dict) – Encryption context to provide to master keys for underlying decrypt requests

Method generated by attrs for class DecryptionMaterialsRequest.

class aws_encryption_sdk.materials_managers.DecryptionMaterials(data_key, verification_key=None)

Bases: object

Decryption materials returned by a crypto material manager’s decrypt_materials method.

New in version 1.3.0.

Parameters

• data_key (aws_encryption_sdk.structures.DataKey) – Plaintext data key to use with message decryption

• verification_key (bytes) – Raw signature verification key

Method generated by attrs for class DecryptionMaterials.