dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives

Cryptographic primitive resources for JCE bridge.

Warning

No guarantee is provided on the modules and APIs within this namespace staying consistent. Directly reference at your own risk.

Functions

load_rsa_key(key, key_type, key_encoding)

Load an RSA key object from the provided raw key bytes.

Classes

`BlockSizePadding`(java_name, padding)	Padding types that require a block size input.
`JavaAsymmetricEncryptionAlgorithm`(java_name, ...)	JavaEncryptionAlgorithm for asymmetric algorithms.
`JavaEncryptionAlgorithm`(java_name, cipher)	Bridge the gap from the Java encryption algorithm names and Python resources.
`JavaMode`(java_name, mode)	Bridge the gap from the Java encryption mode names and Python resources.
`JavaPadding`()	Bridge the gap from the Java padding names and Python resources.
`JavaSymmetricEncryptionAlgorithm`(java_name, ...)	JavaEncryptionAlgorithm for symmetric algorithms.
`OaepPadding`(java_name, padding, digest, mgf, ...)	OAEP padding types.
`SimplePadding`(java_name, padding)	Padding types that do not require any preparation.

class dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.JavaPadding[source]

Bases: object

Bridge the gap from the Java padding names and Python resources. https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#Cipher

abstract build(block_size)[source]: Build an instance of this padding type.

class dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.SimplePadding(java_name: str, padding: Callable)[source]

Bases: dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.JavaPadding

Padding types that do not require any preparation.

build(block_size: Optional[int] = None) → Any[source]

Build an instance of this padding type.

Parameters: block_size (int) – Not used by SimplePadding. Ignored and not required.
Returns: Padding instance

class dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.BlockSizePadding(java_name: str, padding: Callable)[source]

Bases: dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.JavaPadding

Padding types that require a block size input.

build(block_size: int) → Any[source]

Build an instance of this padding type.

Parameters: block_size (int) – Block size of algorithm for which to build padder.
Returns: Padding instance

class dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.OaepPadding(java_name: str, padding: Callable, digest: Callable, mgf: Callable, mgf_digest: Callable)[source]

Bases: dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.JavaPadding

OAEP padding types. These require more complex setup.

Warning

By default, Java incorrectly implements RSA OAEP for all hash functions besides SHA1. The same hashing algorithm should be used by both OAEP and the MGF, but by default Java always uses SHA1 for the MGF.

Because we need to match this behavior, all OaepPadding instances should be created with MGF1-SHA1.

build(block_size: Optional[int] = None) → Any[source]

Build an instance of this padding type.

Parameters: block_size (int) – Not used by OaepPadding. Ignored and not required.
Returns: Padding instance

class dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.JavaMode(java_name: str, mode: Callable)[source]

Bases: object

Bridge the gap from the Java encryption mode names and Python resources. https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#Cipher

build(iv: int) → Any[source]

Build an instance of this mode type.

Parameters: iv (bytes) – Initialization vector bytes
Returns: Mode instance

class dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.JavaEncryptionAlgorithm(java_name: str, cipher: Callable)[source]

Bases: object

Bridge the gap from the Java encryption algorithm names and Python resources. https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#Cipher

validate_algorithm(algorithm: str) → None[source]: Determine whether the requested algorithm name is compatible with this cipher

class dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.JavaSymmetricEncryptionAlgorithm(java_name: str, cipher: Callable)[source]

Bases: dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.JavaEncryptionAlgorithm

JavaEncryptionAlgorithm for symmetric algorithms. https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#Cipher

load_key(key, key_type, key_encoding)[source]

Load a key from bytes.

Parameters

key (bytes) – Key bytes
key_type (EncryptionKeyType) – Type of key
key_encoding (KeyEncodingType) – Encoding used to serialize key

Returns

Loaded key

wrap(wrapping_key: bytes, key_to_wrap: bytes) → bytes[source]

Wrap key using AES keywrap.

Parameters

wrapping_key (bytes) – Loaded key with which to wrap
key_to_wrap (bytes) – Raw key to wrap

Returns

Wrapped key

Return type

bytes

unwrap(wrapping_key: bytes, wrapped_key: bytes) → bytes[source]

Unwrap key using AES keywrap.

Parameters

wrapping_key (bytes) – Loaded key with which to unwrap
wrapped_key (bytes) – Wrapped key to unwrap

Returns

Unwrapped key

Return type

bytes

encrypt(key, data, mode, padding)[source]

Encrypt data using the supplied values.

Parameters

key (bytes) – Loaded encryption key
data (bytes) – Data to encrypt
mode (JavaMode) – Encryption mode to use
padding (JavaPadding) – Padding mode to use

Returns

IV prepended to encrypted data

Return type

bytes

decrypt(key, data, mode, padding)[source]

Decrypt data using the supplied values.

Parameters

key (bytes) – Loaded decryption key
data (bytes) – IV prepended to encrypted data
mode (JavaMode) – Decryption mode to use
padding (JavaPadding) – Padding mode to use

Returns

Decrypted data

Return type

bytes

class dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.JavaAsymmetricEncryptionAlgorithm(java_name: str, cipher: Callable)[source]

Bases: dynamodb_encryption_sdk.internal.crypto.jce_bridge.primitives.JavaEncryptionAlgorithm

JavaEncryptionAlgorithm for asymmetric algorithms.

https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#Cipher

load_key(key, key_type, key_encoding)[source]

Load a key from bytes.

Parameters

key (bytes) – Key bytes
key_type (EncryptionKeyType) – Type of key
key_encoding (KeyEncodingType) – Encoding used to serialize key

Returns

Loaded key

encrypt(key, data, mode, padding)[source]

Encrypt data using the supplied values.

Parameters

key (bytes) – Loaded encryption key
data (bytes) – Data to encrypt
mode (JavaMode) – Encryption mode to use (not used by JavaAsymmetricEncryptionAlgorithm)
padding (JavaPadding) – Padding mode to use

Returns

Encrypted data

Return type

bytes

decrypt(key, data, mode, padding)[source]

Decrypt data using the supplied values.

Parameters

key (bytes) – Loaded decryption key
data (bytes) – IV prepended to encrypted data
mode (JavaMode) – Decryption mode to use (not used by JavaAsymmetricEncryptionAlgorithm)
padding (JavaPadding) – Padding mode to use

Returns

Decrypted data

Return type

bytes