aws_encryption_sdk.identifiers

AWS Encryption SDK native data structures for defining implementation-specific characteristics.

Classes

Algorithm	alias of aws_encryption_sdk.identifiers.AlgorithmSuite
ContentAADString	Body Additional Authenticated Data values for building the AAD for a message body.
ContentType	Type of content framing contained in message.
EncryptionKeyType	Identifies raw encryption key type.
EncryptionType	Identifies symmetric vs asymmetric encryption.
ObjectType	Valid Type values per the AWS Encryption SDK message format.
SequenceIdentifier	Identifiers for specific sequence frames.
SerializationVersion	Valid Versions of AWS Encryption SDK message format.
WrappingAlgorithm(encryption_type, …)	Wrapping Algorithms for use by RawMasterKey objects.

class aws_encryption_sdk.identifiers.EncryptionSuite(algorithm, mode, data_key_length, iv_length, auth_length, auth_key_length=0)

Bases: enum.Enum

Static definition of encryption algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters

• algorithm (cryptography.io ciphers algorithm object) – Encryption algorithm to use

• mode (cryptography.io ciphers modes object) – Encryption mode in which to operate

• data_key_length (int) – Number of bytes in envelope encryption data key

• iv_length (int) – Number of bytes in IV

• auth_length (int) – Number of bytes in auth data (tag)

• auth_key_length (int) – Number of bytes in auth key (not currently supported by any algorithms)

Prepare a new EncryptionSuite.

valid_kdf(kdf)

Determine whether a KDFSuite can be used with this EncryptionSuite.

Parameters

kdf (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to evaluate

Return type

bool

class aws_encryption_sdk.identifiers.KDFSuite(algorithm, input_length, hash_algorithm)

Bases: enum.Enum

Static definition of key derivation algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters

• algorithm (cryptography.io KDF object) – KDF algorithm to use

• input_length (int) – Number of bytes of input data to feed into KDF function

• hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in KDF

Prepare a new KDFSuite.

input_length(encryption)

Determine the correct KDF input value length for this KDFSuite when used with a specific EncryptionSuite.

Parameters

encryption (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use

Return type

int

class aws_encryption_sdk.identifiers.AuthenticationSuite(algorithm, hash_algorithm, signature_length)

Bases: enum.Enum

Static definition of authentication algorithm details.

Warning

These members must only be used as part of an AlgorithmSuite.

Parameters

• algorithm (may vary (currently only ECC curve object)) – Information needed by signing algorithm to define behavior

• hash_algorithm (cryptography.io hashes object) – Hash algorithm to use in signature

• signature_lenth (int) – Number of bytes in signature

Prepare a new AuthenticationSuite.

class aws_encryption_sdk.identifiers.AlgorithmSuite(algorithm_id, encryption, kdf=<KDFSuite.NONE: (None, None, None)>, authentication=<AuthenticationSuite.NONE: (None, None, 0)>, allowed=True)

Bases: enum.Enum

Static combinations of encryption, KDF, and authentication algorithms.

Warning

No AlgorithmSuites except those defined here are supported.

Parameters

• algorithm_id (int) – KMS Encryption Algorithm ID

• encryption_suite (aws_encryption_sdk.identifiers.EncryptionSuite) – EncryptionSuite to use with this AlgorithmSuite

• kdf_suite (aws_encryption_sdk.identifiers.KDFSuite) – KDFSuite to use with this AlgorithmSuite

• authentication_suite (aws_encryption_sdk.identifiers.AuthenticationSuite) – AuthenticationSuite to use with this AlgorithmSuite

Prepare a new AlgorithmSuite.

kdf_input_len

Determine the correct KDF input value length for this algorithm suite.

id_as_bytes()

Return the algorithm suite ID as a 2-byte array

safe_to_cache()

Determine whether encryption materials for this algorithm suite should be cached.

aws_encryption_sdk.identifiers.Algorithm

alias of aws_encryption_sdk.identifiers.AlgorithmSuite

class aws_encryption_sdk.identifiers.EncryptionType

Bases: enum.Enum

Identifies symmetric vs asymmetric encryption. Used to identify encryption type for WrappingAlgorithm.

class aws_encryption_sdk.identifiers.EncryptionKeyType

Bases: enum.Enum

Identifies raw encryption key type. Used to identify key capabilities for WrappingAlgorithm.

class aws_encryption_sdk.identifiers.WrappingAlgorithm(encryption_type, algorithm, padding_type, padding_algorithm, padding_mgf)

Bases: enum.Enum

Wrapping Algorithms for use by RawMasterKey objects.

Parameters

• algorithm (aws_encryption_sdk.identifiers.Algorithm) – Encryption algorithm to use for encryption of data keys

• padding_type – Padding type to use for encryption of data keys

• padding_algorithm – Padding algorithm to use for encryption of data keys

• padding_mgf – Padding MGF to use for encryption of data keys

Prepares new WrappingAlgorithm.

class aws_encryption_sdk.identifiers.ObjectType

Bases: enum.Enum

Valid Type values per the AWS Encryption SDK message format.

class aws_encryption_sdk.identifiers.SequenceIdentifier

Bases: enum.Enum

Identifiers for specific sequence frames.

class aws_encryption_sdk.identifiers.SerializationVersion

Bases: enum.Enum

Valid Versions of AWS Encryption SDK message format.

class aws_encryption_sdk.identifiers.ContentType

Bases: enum.Enum

Type of content framing contained in message.

class aws_encryption_sdk.identifiers.ContentAADString

Bases: enum.Enum

Body Additional Authenticated Data values for building the AAD for a message body.