aws_encryption_sdk.internal.crypto.encryption

Contains encryption primitives and helper functions.

Functions

decrypt(algorithm, key, encrypted_data, ...)

Decrypts a frame body.

encrypt(algorithm, key, plaintext, ...)

Encrypts a frame body.

Classes

Decryptor(algorithm, key, associated_data, ...)

Abstract decryption handler.

Encryptor(algorithm, key, associated_data, iv)

Abstract encryption handler.

class aws_encryption_sdk.internal.crypto.encryption.Encryptor(algorithm, key, associated_data, iv)

Bases: object

Abstract encryption handler.

Parameters
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body

  • key (bytes) – Encryption key

  • associated_data (bytes) – Associated Data to send to encryption subsystem

  • iv (bytes) – IV to use when encrypting message

Prepares initial values.

update(plaintext)

Updates _encryptor with provided plaintext.

Parameters

plaintext (bytes) – Plaintext to encrypt

Returns

Encrypted ciphertext

Return type

bytes

finalize()

Finalizes and closes _encryptor.

Returns

Final encrypted ciphertext

Return type

bytes

property tag

Returns the _encryptor tag from the encryption subsystem.

Returns

Encryptor tag

Return type

bytes

aws_encryption_sdk.internal.crypto.encryption.encrypt(algorithm, key, plaintext, associated_data, iv)

Encrypts a frame body.

Parameters
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body

  • key (bytes) – Encryption key

  • plaintext (bytes) – Body plaintext

  • associated_data (bytes) – Body AAD Data

  • iv (bytes) – IV to use when encrypting message

Returns

Deserialized object containing encrypted body

Return type

aws_encryption_sdk.internal.structures.EncryptedData

class aws_encryption_sdk.internal.crypto.encryption.Decryptor(algorithm, key, associated_data, iv, tag)

Bases: object

Abstract decryption handler.

Parameters
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body

  • key (bytes) – Raw source key

  • associated_data (bytes) – Associated Data to send to decryption subsystem

  • iv (bytes) – IV value with which to initialize decryption subsystem

  • tag (bytes) – Tag with which to validate ciphertext

Prepares initial values.

update(ciphertext)

Updates _decryptor with provided ciphertext.

Parameters

ciphertext (bytes) – Ciphertext to decrypt

Returns

Decrypted plaintext

Return type

bytes

finalize()

Finalizes and closes _decryptor.

Returns

Final decrypted plaintext

Return type

bytes

aws_encryption_sdk.internal.crypto.encryption.decrypt(algorithm, key, encrypted_data, associated_data)

Decrypts a frame body.

Parameters
Returns

Plaintext of body

Return type

bytes