aws_encryption_sdk.identifiers
AWS Encryption SDK native data structures for defining implementation-specific characteristics.
Classes
|
Static combinations of encryption, KDF, and authentication algorithms. |
|
Static definition of authentication algorithm details. |
|
Controls algorithm suites that can be used on encryption and decryption. |
|
Body Additional Authenticated Data values for building the AAD for a message body. |
|
Type of content framing contained in message. |
|
Identifies raw encryption key type. |
|
Static definition of encryption algorithm details. |
|
Identifies symmetric vs asymmetric encryption. |
|
Static definition of key derivation algorithm details. |
|
Valid Type values per the AWS Encryption SDK message format. |
|
Identifiers for specific sequence frames. |
|
Valid Versions of AWS Encryption SDK message format. |
|
Wrapping Algorithms for use by RawMasterKey objects. |
- class aws_encryption_sdk.identifiers.EncryptionSuite(value)
Bases:
enum.EnumStatic definition of encryption algorithm details.
Warning
These members must only be used as part of an AlgorithmSuite.
- Parameters
algorithm (cryptography.io ciphers algorithm object) – Encryption algorithm to use
mode (cryptography.io ciphers modes object) – Encryption mode in which to operate
data_key_length (int) – Number of bytes in envelope encryption data key
iv_length (int) – Number of bytes in IV
auth_length (int) – Number of bytes in auth data (tag)
auth_key_length (int) – Number of bytes in auth key (not currently supported by any algorithms)
Prepare a new EncryptionSuite.
- valid_kdf(kdf)
Determine whether a KDFSuite can be used with this EncryptionSuite.
- Parameters
kdf (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to evaluate
- Return type
- class aws_encryption_sdk.identifiers.KDFSuite(value)
Bases:
enum.EnumStatic definition of key derivation algorithm details.
Warning
These members must only be used as part of an AlgorithmSuite.
- Parameters
algorithm (cryptography.io KDF object) – KDF algorithm to use
input_length (int) – Number of bytes of input data to feed into KDF function
hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in KDF
Prepare a new KDFSuite.
- input_length(encryption: aws_encryption_sdk.identifiers.EncryptionSuite) int
Determine the correct KDF input value length for this KDFSuite when used with a specific EncryptionSuite.
- Parameters
encryption (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use
- Return type
- class aws_encryption_sdk.identifiers.AuthenticationSuite(value)
Bases:
enum.EnumStatic definition of authentication algorithm details.
Warning
These members must only be used as part of an AlgorithmSuite.
- Parameters
algorithm (may vary (currently only ECC curve object)) – Information needed by signing algorithm to define behavior
hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in signature
signature_lenth (int) – Number of bytes in signature
Prepare a new AuthenticationSuite.
- class aws_encryption_sdk.identifiers.AlgorithmSuite(value)
Bases:
enum.EnumStatic combinations of encryption, KDF, and authentication algorithms.
Warning
No AlgorithmSuites except those defined here are supported.
- Parameters
algorithm_id (int) – KMS Encryption Algorithm ID
encryption_suite (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use with this AlgorithmSuite
kdf_suite (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to use with this AlgorithmSuite
authentication_suite (aws_encryption_sdk.identifiers.AuthenticationSuite) – AuthenticationSuite to use with this AlgorithmSuite
Prepare a new AlgorithmSuite.
- property kdf_input_len
Determine the correct KDF input value length for this algorithm suite.
- classmethod get_by_id(algorithm_id)
Return the correct member based on the algorithm_id value.
- Parameters
algorithm_id (int) – Value of algorithm_id field with which to retrieve Algorithm
- Returns
Algorithm with ID algorithm_id
- Return type
aws_encryption_sdk.identifiers.Algorithm
- id_as_bytes()
Return the algorithm suite ID as a 2-byte array
- safe_to_cache()
Determine whether encryption materials for this algorithm suite should be cached.
- is_committing()
Determine whether this algorithm suite offers key commitment.
- is_signing()
Determine whether this algorithm suite includes signing.
- message_id_length()
Returns the size of the message id.
- algorithm_suite_data_length()
Returns the length of the Algorithm Suite Data field.
- aws_encryption_sdk.identifiers.Algorithm
- class aws_encryption_sdk.identifiers.EncryptionType(value)
Bases:
enum.EnumIdentifies symmetric vs asymmetric encryption. Used to identify encryption type for WrappingAlgorithm.
- class aws_encryption_sdk.identifiers.EncryptionKeyType(value)
Bases:
enum.EnumIdentifies raw encryption key type. Used to identify key capabilities for WrappingAlgorithm.
- class aws_encryption_sdk.identifiers.WrappingAlgorithm(value)
Bases:
enum.EnumWrapping Algorithms for use by RawMasterKey objects.
- Parameters
algorithm (aws_encryption_sdk.identifiers.Algorithm) – Encryption algorithm to use for encryption of data keys
padding_type – Padding type to use for encryption of data keys
padding_algorithm – Padding algorithm to use for encryption of data keys
padding_mgf – Padding MGF to use for encryption of data keys
Prepares new WrappingAlgorithm.
- class aws_encryption_sdk.identifiers.ObjectType(value)
Bases:
enum.EnumValid Type values per the AWS Encryption SDK message format.
- class aws_encryption_sdk.identifiers.SequenceIdentifier(value)
Bases:
enum.EnumIdentifiers for specific sequence frames.
- class aws_encryption_sdk.identifiers.SerializationVersion(value)
Bases:
enum.EnumValid Versions of AWS Encryption SDK message format.
- class aws_encryption_sdk.identifiers.ContentType(value)
Bases:
enum.EnumType of content framing contained in message.