aws_encryption_sdk.identifiers

AWS Encryption SDK native data structures for defining implementation-specific characteristics.

Classes

Algorithm(algorithm_id, …) IDs of cryptographic algorithms this library knows about.
ContentAADString Body Additional Authenticated Data values for building the AAD for a message body.
ContentType Type of content framing contained in message.
EncryptionKeyType Identifies raw encryption key type.
EncryptionType Identifies symmetric vs asymmetric encryption.
ObjectType Valid Type values per the AWS Encryption SDK message format.
SequenceIdentifier Identifiers for specific sequence frames.
SerializationVersion Valid Versions of AWS Encryption SDK message format.
WrappingAlgorithm(encryption_type, …) Wrapping Algorithms for use by RawMasterKey objects.
class aws_encryption_sdk.identifiers.Algorithm(algorithm_id, encryption_algorithm, encryption_mode, iv_len, auth_len, auth_key_len, data_key_len, kdf_type, kdf_input_len, kdf_hash_type, signing_algorithm_info, signing_hash_type, signature_len)

Bases: enum.Enum

IDs of cryptographic algorithms this library knows about.

Parameters:
  • algorithm_id (int) – KMS Encryption Algorithm ID
  • encryption_algorithm (cryptography.io ciphers algorithm object) – Encryption algorithm to use
  • encryption_mode (cryptography.io ciphers modes object) – Encryption mode in which to operate
  • iv_len (int) – Number of bytes in IV
  • auth_len (int) – Number of bytes in auth data (tag)
  • auth_key_len (int) – Number of bytes in auth key (not currently supported by any algorithms)
  • data_key_len (int) – Number of bytes in envelope encryption data key
  • kdf_type (cryptography.io KDF object) – KDF algorithm to use
  • kdf_input_len (int) – Number of bytes of input data to feed into KDF function
  • kdf_hash_type (cryptography.io hashes object) – Hash algorithm to use in KDF
  • signing_algorithm_info (may vary (currently only ECC curve object)) – Information needed by signing algorithm to define behavior
  • signature_hash_type (cryptography.io hashes object) – Hash algorithm to use in signature
  • signature_len (int) – Number of bytes in signature

Prepares new Algorithm.

classmethod get_by_id(algorithm_id)

Returns the correct member based on the algorithm_id value.

Parameters:algorithm_id (int) – Value of algorithm_id field with which to retrieve Algorithm
Returns:Algorithm with ID algorithm_id
Return type:aws_encryption_sdk.identifiers.Algorithm
id_as_bytes()

Returns the algorithm suite ID as a 2-byte array

safe_to_cache()

Determines whether encryption materials for this algorithm suite should be cached.

class aws_encryption_sdk.identifiers.EncryptionType

Bases: enum.Enum

Identifies symmetric vs asymmetric encryption. Used to identify encryption type for WrappingAlgorithm.

class aws_encryption_sdk.identifiers.EncryptionKeyType

Bases: enum.Enum

Identifies raw encryption key type. Used to identify key capabilities for WrappingAlgorithm.

class aws_encryption_sdk.identifiers.WrappingAlgorithm(encryption_type, algorithm, padding_type, padding_algorithm, padding_mgf)

Bases: enum.Enum

Wrapping Algorithms for use by RawMasterKey objects.

Parameters:
  • algorithm (aws_encryption_sdk.identifiers.Algorithm) – Encryption algorithm to use for encryption of data keys
  • padding_type – Padding type to use for encryption of data keys
  • padding_algorithm – Padding algorithm to use for encryption of data keys
  • padding_mgf – Padding MGF to use for encryption of data keys

Prepares new WrappingAlgorithm.

class aws_encryption_sdk.identifiers.ObjectType

Bases: enum.Enum

Valid Type values per the AWS Encryption SDK message format.

class aws_encryption_sdk.identifiers.SequenceIdentifier

Bases: enum.Enum

Identifiers for specific sequence frames.

class aws_encryption_sdk.identifiers.SerializationVersion

Bases: enum.Enum

Valid Versions of AWS Encryption SDK message format.

class aws_encryption_sdk.identifiers.ContentType

Bases: enum.Enum

Type of content framing contained in message.

class aws_encryption_sdk.identifiers.ContentAADString

Bases: enum.Enum

Body Additional Authenticated Data values for building the AAD for a message body.