aws_encryption_sdk.streaming_client

High level AWS Encryption SDK client for streaming objects.

Classes

DecryptorConfig(source, commitment_policy[, ...])

Configuration object for StreamDecryptor class.

EncryptorConfig(source, commitment_policy[, ...])

Configuration object for StreamEncryptor class.

StreamDecryptor(**kwargs)

Provides a streaming decryptor for decrypting a stream source.

StreamEncryptor(**kwargs)

Provides a streaming encryptor for encrypting a stream source.

class aws_encryption_sdk.streaming_client.DecryptorConfig(source, commitment_policy, signature_policy=SignaturePolicy.ALLOW_ENCRYPT_ALLOW_DECRYPT, max_encrypted_data_keys=None, materials_manager=None, key_provider=None, source_length=None, line_length=8192, max_body_length=None)

Bases: _ClientConfig

Configuration object for StreamDecryptor class.

Parameters
  • source (str, bytes, io.IOBase, or file) – Source data to encrypt or decrypt

  • materials_manager (aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager) – CryptoMaterialsManager from which to obtain cryptographic materials (either materials_manager or key_provider required)

  • key_provider (aws_encryption_sdk.key_providers.base.MasterKeyProvider) – MasterKeyProvider from which to obtain data keys for decryption (either materials_manager or key_provider required)

  • source_length (int) –

    Length of source data (optional)

    Note

    If source_length is not provided and read() is called, will attempt to seek() to the end of the stream and tell() to find the length of source data.

  • max_body_length (int) – Maximum frame size (or content length for non-framed messages) in bytes to read from ciphertext message.

Method generated by attrs for class DecryptorConfig.

class aws_encryption_sdk.streaming_client.EncryptorConfig(source, commitment_policy, signature_policy=SignaturePolicy.ALLOW_ENCRYPT_ALLOW_DECRYPT, max_encrypted_data_keys=None, materials_manager=None, key_provider=None, source_length=None, line_length=8192, encryption_context=_Nothing.NOTHING, algorithm=None, frame_length=4096)

Bases: _ClientConfig

Configuration object for StreamEncryptor class.

Parameters
  • source (str, bytes, io.IOBase, or file) – Source data to encrypt or decrypt

  • materials_manager (aws_encryption_sdk.materials_manager.base.CryptoMaterialsManager) – CryptoMaterialsManager from which to obtain cryptographic materials (either materials_manager or key_provider required)

  • key_provider (aws_encryption_sdk.key_providers.base.MasterKeyProvider) – MasterKeyProvider from which to obtain data keys for encryption (either materials_manager or key_provider required)

  • source_length (int) –

    Length of source data (optional)

    Note

    If source_length is not provided and unframed message is being written or read() is called, will attempt to seek() to the end of the stream and tell() to find the length of source data.

    Note

    New in version 1.3.0.

    If source_length and materials_manager are both provided, the total plaintext bytes encrypted will not be allowed to exceed source_length. To maintain backwards compatibility, this is not enforced if a key_provider is provided.

  • encryption_context (dict) – Dictionary defining encryption context

  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption (optional)

  • frame_length (int) – Frame length in bytes (optional)

Method generated by attrs for class EncryptorConfig.

class aws_encryption_sdk.streaming_client.StreamDecryptor(**kwargs)

Bases: _EncryptionStream

Provides a streaming decryptor for decrypting a stream source. Behaves as a standard file-like object.

Note

Take care when decrypting framed messages with large frame length and large non-framed messages. See aws_encryption_sdk.stream for more details.

Note

If config is provided, all other parameters are ignored.

Parameters

Prepares necessary initial values.

close()

Closes out the stream.

class aws_encryption_sdk.streaming_client.StreamEncryptor(**kwargs)

Bases: _EncryptionStream

Provides a streaming encryptor for encrypting a stream source. Behaves as a standard file-like object.

Note

Take care when encrypting framed messages with large frame length and large non-framed messages. See aws_encryption_sdk.stream for more details.

Note

If config is provided, all other parameters are ignored.

Parameters
  • config (aws_encryption_sdk.streaming_client.EncryptorConfig) – Client configuration object (config or individual parameters required)

  • source (str, bytes, io.IOBase, or file) – Source data to encrypt or decrypt

  • materials_manager (aws_encryption_sdk.materials_manager.base.CryptoMaterialsManager) – CryptoMaterialsManager from which to obtain cryptographic materials (either materials_manager or key_provider required)

  • key_provider (aws_encryption_sdk.key_providers.base.MasterKeyProvider) – MasterKeyProvider from which to obtain data keys for encryption (either materials_manager or key_provider required)

  • source_length (int) –

    Length of source data (optional)

    Note

    If source_length is not provided and unframed message is being written or read() is called, will attempt to seek() to the end of the stream and tell() to find the length of source data.

    Note

    New in version 1.3.0.

    If source_length and materials_manager are both provided, the total plaintext bytes encrypted will not be allowed to exceed source_length. To maintain backwards compatibility, this is not enforced if a key_provider is provided.

  • encryption_context (dict) – Dictionary defining encryption context

  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption

  • frame_length (int) – Frame length in bytes

Prepares necessary initial values.

ciphertext_length()

Returns the length of the resulting ciphertext message in bytes.

Return type

int

generate_header(message_id)

Generates the header object.

Parameters

message_id (bytes) – The randomly generated id for the message

close()

Closes out the stream.