aws_encryption_sdk.identifiers¶
AWS Encryption SDK native data structures for defining implementation-specific characteristics.
Classes
Body Additional Authenticated Data values for building the AAD for a message body. |
|
Type of content framing contained in message. |
|
Identifies raw encryption key type. |
|
Identifies symmetric vs asymmetric encryption. |
|
Valid Type values per the AWS Encryption SDK message format. |
|
Identifiers for specific sequence frames. |
|
Valid Versions of AWS Encryption SDK message format. |
|
|
Wrapping Algorithms for use by RawMasterKey objects. |
-
class
aws_encryption_sdk.identifiers.
EncryptionSuite
(algorithm, mode, data_key_length, iv_length, auth_length, auth_key_length=0)¶ Bases:
enum.Enum
Static definition of encryption algorithm details.
Warning
These members must only be used as part of an AlgorithmSuite.
- Parameters
algorithm (cryptography.io ciphers algorithm object) – Encryption algorithm to use
mode (cryptography.io ciphers modes object) – Encryption mode in which to operate
data_key_length (int) – Number of bytes in envelope encryption data key
iv_length (int) – Number of bytes in IV
auth_length (int) – Number of bytes in auth data (tag)
auth_key_length (int) – Number of bytes in auth key (not currently supported by any algorithms)
Prepare a new EncryptionSuite.
-
valid_kdf
(kdf)¶ Determine whether a KDFSuite can be used with this EncryptionSuite.
- Parameters
kdf (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to evaluate
- Return type
-
class
aws_encryption_sdk.identifiers.
KDFSuite
(algorithm, input_length, hash_algorithm)¶ Bases:
enum.Enum
Static definition of key derivation algorithm details.
Warning
These members must only be used as part of an AlgorithmSuite.
- Parameters
algorithm (cryptography.io KDF object) – KDF algorithm to use
input_length (int) – Number of bytes of input data to feed into KDF function
hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in KDF
Prepare a new KDFSuite.
-
input_length
(encryption)¶ Determine the correct KDF input value length for this KDFSuite when used with a specific EncryptionSuite.
- Parameters
encryption (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use
- Return type
-
class
aws_encryption_sdk.identifiers.
AuthenticationSuite
(algorithm, hash_algorithm, signature_length)¶ Bases:
enum.Enum
Static definition of authentication algorithm details.
Warning
These members must only be used as part of an AlgorithmSuite.
- Parameters
algorithm (may vary (currently only ECC curve object)) – Information needed by signing algorithm to define behavior
hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in signature
signature_lenth (int) – Number of bytes in signature
Prepare a new AuthenticationSuite.
-
class
aws_encryption_sdk.identifiers.
AlgorithmSuite
(algorithm_id, encryption, kdf=<KDFSuite.NONE: (None, None, None)>, authentication=<AuthenticationSuite.NONE: (None, None, 0)>, allowed=True)¶ Bases:
enum.Enum
Static combinations of encryption, KDF, and authentication algorithms.
Warning
No AlgorithmSuites except those defined here are supported.
- Parameters
algorithm_id (int) – KMS Encryption Algorithm ID
encryption_suite (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use with this AlgorithmSuite
kdf_suite (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to use with this AlgorithmSuite
authentication_suite (aws_encryption_sdk.identifiers.AuthenticationSuite) – AuthenticationSuite to use with this AlgorithmSuite
Prepare a new AlgorithmSuite.
-
property
kdf_input_len
¶ Determine the correct KDF input value length for this algorithm suite.
-
id_as_bytes
()¶ Return the algorithm suite ID as a 2-byte array
-
safe_to_cache
()¶ Determine whether encryption materials for this algorithm suite should be cached.
-
aws_encryption_sdk.identifiers.
Algorithm
¶
-
class
aws_encryption_sdk.identifiers.
EncryptionType
¶ Bases:
enum.Enum
Identifies symmetric vs asymmetric encryption. Used to identify encryption type for WrappingAlgorithm.
-
class
aws_encryption_sdk.identifiers.
EncryptionKeyType
¶ Bases:
enum.Enum
Identifies raw encryption key type. Used to identify key capabilities for WrappingAlgorithm.
-
class
aws_encryption_sdk.identifiers.
WrappingAlgorithm
(encryption_type, algorithm, padding_type, padding_algorithm, padding_mgf)¶ Bases:
enum.Enum
Wrapping Algorithms for use by RawMasterKey objects.
- Parameters
algorithm (aws_encryption_sdk.identifiers.Algorithm) – Encryption algorithm to use for encryption of data keys
padding_type – Padding type to use for encryption of data keys
padding_algorithm – Padding algorithm to use for encryption of data keys
padding_mgf – Padding MGF to use for encryption of data keys
Prepares new WrappingAlgorithm.
-
class
aws_encryption_sdk.identifiers.
ObjectType
¶ Bases:
enum.Enum
Valid Type values per the AWS Encryption SDK message format.
-
class
aws_encryption_sdk.identifiers.
SequenceIdentifier
¶ Bases:
enum.Enum
Identifiers for specific sequence frames.
-
class
aws_encryption_sdk.identifiers.
SerializationVersion
¶ Bases:
enum.Enum
Valid Versions of AWS Encryption SDK message format.