dynamodb_encryption_sdk.internal.crypto.jce_bridge.authentication

Cryptographic authentication resources for JCE bridge.

Warning

No guarantee is provided on the modules and APIs within this namespace staying consistent. Directly reference at your own risk.

Classes

`JavaAuthenticator`()	Parent class for all Java bridges that provide authentication characteristics.
`JavaMac`(java_name, algorithm_type, hash_type)	Symmetric MAC authenticators.
`JavaSignature`(java_name, algorithm_type, ...)	Asymmetric signature authenticators.

class dynamodb_encryption_sdk.internal.crypto.jce_bridge.authentication.JavaAuthenticator[source]

Bases: object

Parent class for all Java bridges that provide authentication characteristics.

abstract load_key(key, key_type, key_encoding)[source]

Load a key from bytes.

Parameters

key (bytes) – Raw key bytes to load
key_type (EncryptionKeyType) – Type of key to load
key_encoding (KeyEncodingType) – Encoding used to serialize key

Returns

Loaded key

Return type

bytes

abstract validate_algorithm(algorithm: str) → None[source]

Determine whether the requested algorithm name is compatible with this authenticator.

Parameters: algorithm (str) – Algorithm name
Raises: InvalidAlgorithmError – if specified algorithm name is not compatible with this authenticator

abstract sign(key: Any, data: bytes) → bytes[source]

Sign data using loaded key.

Parameters

key – Loaded key
data (bytes) – Data to sign

Returns

Calculated signature

Return type

bytes

Raises

SigningError – if unable to sign data with key

abstract verify(key: Any, signature: bytes, data: bytes) → None[source]

Verify signature over data using key.

Parameters

key – Loaded key
signature (bytes) – Signature to verify
data (bytes) – Data over which to verify signature

Raises

SignatureVerificationError – if unable to verify signature

class dynamodb_encryption_sdk.internal.crypto.jce_bridge.authentication.JavaMac(java_name: str, algorithm_type: Callable, hash_type: Callable)[source]

Bases: dynamodb_encryption_sdk.internal.crypto.jce_bridge.authentication.JavaAuthenticator

Symmetric MAC authenticators.

https://docs.oracle.com/javase/8/docs/api/javax/crypto/Mac.html https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#Mac

load_key(key, key_type, key_encoding)[source]

Load a raw key from bytes.

Parameters

key (bytes) – Raw key bytes to load
key_type (EncryptionKeyType) – Type of key to load
key_encoding (KeyEncodingType) – Encoding used to serialize key

Returns

Loaded key

Return type

bytes

Raises

ValueError – if key_type is not symmetric or key_encoding is not raw

validate_algorithm(algorithm: str) → None[source]

Determine whether the requested algorithm name is compatible with this authenticator.

Parameters: algorithm (str) – Algorithm name
Raises: InvalidAlgorithmError – if specified algorithm name is not compatible with this authenticator

sign(key: bytes, data: bytes) → bytes[source]

Sign data using loaded key.

Parameters

key (bytes) – Loaded key
data (bytes) – Data to sign

Returns

Calculated signature

Return type

bytes

Raises

SigningError – if unable to sign data with key

verify(key: bytes, signature: bytes, data: bytes) → None[source]

Verify signature over data using key.

Parameters

key (bytes) – Loaded key
signature (bytes) – Signature to verify
data (bytes) – Data over which to verify signature

Raises

SignatureVerificationError – if unable to verify signature

class dynamodb_encryption_sdk.internal.crypto.jce_bridge.authentication.JavaSignature(java_name: str, algorithm_type: Any, hash_type: Callable, padding_type: Callable)[source]

Bases: dynamodb_encryption_sdk.internal.crypto.jce_bridge.authentication.JavaAuthenticator

Asymmetric signature authenticators.

https://docs.oracle.com/javase/8/docs/api/java/security/Signature.html https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#Signature

validate_algorithm(algorithm: str) → None[source]

Determine whether the requested algorithm name is compatible with this authenticator.

Parameters: algorithm (str) – Algorithm name
Raises: InvalidAlgorithmError – if specified algorithm name is not compatible with this authenticator

load_key(key, key_type, key_encoding)[source]

Load a key object from the provided raw key bytes.

Parameters

key (bytes) – Raw key bytes to load
key_type (EncryptionKeyType) – Type of key to load
key_encoding (KeyEncodingType) – Encoding used to serialize key

Returns

Loaded key

Raises

ValueError – if key_type and key_encoding are not a valid pairing

sign(key: Any, data: bytes) → bytes[source]

Sign data using loaded key.

Parameters

key – Loaded key
data (bytes) – Data to sign

Returns

Calculated signature

Return type

bytes

Raises

SigningError – if unable to sign data with key

verify(key: Any, signature: bytes, data: bytes) → None[source]

Verify signature over data using key.

Parameters

key – Loaded key
signature (bytes) – Signature to verify
data (bytes) – Data over which to verify signature

Raises

SignatureVerificationError – if unable to verify signature