aws_encryption_sdk.streaming_client
High level AWS Encryption SDK client for streaming objects.
Classes
|
Configuration object for StreamDecryptor class. |
|
Configuration object for StreamEncryptor class. |
|
Provides a streaming decryptor for decrypting a stream source. |
|
Provides a streaming encryptor for encrypting a stream source. |
- class aws_encryption_sdk.streaming_client.DecryptorConfig(source, commitment_policy, signature_policy=SignaturePolicy.ALLOW_ENCRYPT_ALLOW_DECRYPT, max_encrypted_data_keys=None, materials_manager=None, key_provider=None, source_length=None, line_length=8192, max_body_length=None)
Bases:
_ClientConfig
Configuration object for StreamDecryptor class.
- Parameters
source (str, bytes, io.IOBase, or file) – Source data to encrypt or decrypt
materials_manager (aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager) – CryptoMaterialsManager from which to obtain cryptographic materials (either materials_manager or key_provider required)
key_provider (aws_encryption_sdk.key_providers.base.MasterKeyProvider) – MasterKeyProvider from which to obtain data keys for decryption (either materials_manager or key_provider required)
source_length (int) –
Length of source data (optional)
Note
If source_length is not provided and read() is called, will attempt to seek() to the end of the stream and tell() to find the length of source data.
max_body_length (int) – Maximum frame size (or content length for non-framed messages) in bytes to read from ciphertext message.
Method generated by attrs for class DecryptorConfig.
- class aws_encryption_sdk.streaming_client.EncryptorConfig(source, commitment_policy, signature_policy=SignaturePolicy.ALLOW_ENCRYPT_ALLOW_DECRYPT, max_encrypted_data_keys=None, materials_manager=None, key_provider=None, source_length=None, line_length=8192, encryption_context=_Nothing.NOTHING, algorithm=None, frame_length=4096)
Bases:
_ClientConfig
Configuration object for StreamEncryptor class.
- Parameters
source (str, bytes, io.IOBase, or file) – Source data to encrypt or decrypt
materials_manager (aws_encryption_sdk.materials_manager.base.CryptoMaterialsManager) – CryptoMaterialsManager from which to obtain cryptographic materials (either materials_manager or key_provider required)
key_provider (aws_encryption_sdk.key_providers.base.MasterKeyProvider) – MasterKeyProvider from which to obtain data keys for encryption (either materials_manager or key_provider required)
source_length (int) –
Length of source data (optional)
Note
If source_length is not provided and unframed message is being written or read() is called, will attempt to seek() to the end of the stream and tell() to find the length of source data.
Note
New in version 1.3.0.
If source_length and materials_manager are both provided, the total plaintext bytes encrypted will not be allowed to exceed source_length. To maintain backwards compatibility, this is not enforced if a key_provider is provided.
encryption_context (dict) – Dictionary defining encryption context
algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption (optional)
frame_length (int) – Frame length in bytes (optional)
Method generated by attrs for class EncryptorConfig.
- class aws_encryption_sdk.streaming_client.StreamDecryptor(**kwargs)
Bases:
_EncryptionStream
Provides a streaming decryptor for decrypting a stream source. Behaves as a standard file-like object.
Note
Take care when decrypting framed messages with large frame length and large non-framed messages. See
aws_encryption_sdk.stream
for more details.Note
If config is provided, all other parameters are ignored.
- Parameters
config (aws_encryption_sdk.streaming_client.DecryptorConfig) – Client configuration object (config or individual parameters required)
source (str, bytes, io.IOBase, or file) – Source data to encrypt or decrypt
materials_manager (aws_encryption_sdk.materials_managers.base.CryptoMaterialsManager) – CryptoMaterialsManager from which to obtain cryptographic materials (either materials_manager or key_provider required)
key_provider (aws_encryption_sdk.key_providers.base.MasterKeyProvider) – MasterKeyProvider from which to obtain data keys for decryption (either materials_manager or key_provider required)
source_length (int) –
Length of source data (optional)
Note
If source_length is not provided and read() is called, will attempt to seek() to the end of the stream and tell() to find the length of source data.
max_body_length (int) – Maximum frame size (or content length for non-framed messages) in bytes to read from ciphertext message.
Prepares necessary initial values.
- close()
Closes out the stream.
- class aws_encryption_sdk.streaming_client.StreamEncryptor(**kwargs)
Bases:
_EncryptionStream
Provides a streaming encryptor for encrypting a stream source. Behaves as a standard file-like object.
Note
Take care when encrypting framed messages with large frame length and large non-framed messages. See
aws_encryption_sdk.stream
for more details.Note
If config is provided, all other parameters are ignored.
- Parameters
config (aws_encryption_sdk.streaming_client.EncryptorConfig) – Client configuration object (config or individual parameters required)
source (str, bytes, io.IOBase, or file) – Source data to encrypt or decrypt
materials_manager (aws_encryption_sdk.materials_manager.base.CryptoMaterialsManager) – CryptoMaterialsManager from which to obtain cryptographic materials (either materials_manager or key_provider required)
key_provider (aws_encryption_sdk.key_providers.base.MasterKeyProvider) – MasterKeyProvider from which to obtain data keys for encryption (either materials_manager or key_provider required)
source_length (int) –
Length of source data (optional)
Note
If source_length is not provided and unframed message is being written or read() is called, will attempt to seek() to the end of the stream and tell() to find the length of source data.
Note
New in version 1.3.0.
If source_length and materials_manager are both provided, the total plaintext bytes encrypted will not be allowed to exceed source_length. To maintain backwards compatibility, this is not enforced if a key_provider is provided.
encryption_context (dict) – Dictionary defining encryption context
algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm to use for encryption
frame_length (int) – Frame length in bytes
Prepares necessary initial values.
- ciphertext_length()
Returns the length of the resulting ciphertext message in bytes.
- Return type
- generate_header(message_id)
Generates the header object.
- Parameters
message_id (bytes) – The randomly generated id for the message
- close()
Closes out the stream.