aws_encryption_sdk.internal.crypto.encryption

Contains encryption primitives and helper functions.

Functions

decrypt(algorithm, key, encrypted_data, …)	Decrypts a frame body.
encrypt(algorithm, key, plaintext, …)	Encrypts a frame body.

Classes

Decryptor(algorithm, key, associated_data, …)	Abstract decryption handler.
Encryptor(algorithm, key, associated_data, iv)	Abstract encryption handler.

class aws_encryption_sdk.internal.crypto.encryption.Encryptor(algorithm, key, associated_data, iv)

Bases: object

Abstract encryption handler.

Parameters:

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body
• key (bytes) – Encryption key
• associated_data (bytes) – Associated Data to send to encryption subsystem
• iv (bytes) – IV to use when encrypting message

Prepares initial values.

update(plaintext)

Updates _encryptor with provided plaintext.

Parameters:plaintext (bytes) – Plaintext to encrypt Returns:Encrypted ciphertext Return type:bytes

finalize()

Finalizes and closes _encryptor.

Returns:Final encrypted ciphertext Return type:bytes

tag

Returns the _encryptor tag from the encryption subsystem.

Returns:Encryptor tag Return type:bytes

aws_encryption_sdk.internal.crypto.encryption.encrypt(algorithm, key, plaintext, associated_data, iv)

Encrypts a frame body.

Parameters:

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body
• key (bytes) – Encryption key
• plaintext (bytes) – Body plaintext
• associated_data (bytes) – Body AAD Data
• iv (bytes) – IV to use when encrypting message

Returns:

Deserialized object containing encrypted body

Return type:

aws_encryption_sdk.internal.structures.EncryptedData

class aws_encryption_sdk.internal.crypto.encryption.Decryptor(algorithm, key, associated_data, iv, tag)

Bases: object

Abstract decryption handler.

Parameters:

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body
• key (bytes) – Raw source key
• associated_data (bytes) – Associated Data to send to decryption subsystem
• iv (bytes) – IV value with which to initialize decryption subsystem
• tag (bytes) – Tag with which to validate ciphertext

Prepares initial values.

update(ciphertext)

Updates _decryptor with provided ciphertext.

Parameters:ciphertext (bytes) – Ciphertext to decrypt Returns:Decrypted plaintext Return type:bytes

finalize()

Finalizes and closes _decryptor.

Returns:Final decrypted plaintext Return type:bytes

aws_encryption_sdk.internal.crypto.encryption.decrypt(algorithm, key, encrypted_data, associated_data)

Decrypts a frame body.

Parameters:

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Algorithm used to encrypt this body
• key (bytes) – Plaintext data key
• encrypted_data (aws_encryption_sdk.internal.structures.EncryptedData, aws_encryption_sdk.internal.structures.FrameBody, or aws_encryption_sdk.internal.structures.MessageNoFrameBody) – EncryptedData containing body data
• associated_data (bytes) – AAD string generated for body

Returns:

Plaintext of body

Return type:

bytes