Wrapped Cryptographic Materials

Cryptographic materials to use ephemeral content encryption keys wrapped by delegated keys.

class dynamodb_encryption_sdk.materials.wrapped.WrappedCryptographicMaterials(signing_key, wrapping_key=None, unwrapping_key=None, material_description=None)[source]

Bases: dynamodb_encryption_sdk.materials.CryptographicMaterials

Encryption/decryption key is a content key stored in the material description, wrapped by the wrapping key.

  • signing_key (DelegatedKey) – Delegated key used as signing and verification key
  • wrapping_key (DelegatedKey) – Delegated key used to wrap content key


wrapping_key must be provided if material description contains a wrapped content key

Parameters:unwrapping_key (DelegatedKey) – Delegated key used to unwrap content key


unwrapping_key must be provided if material description does not contain a wrapped content key

Parameters:material_description (dict) – Material description to use with these cryptographic materials

Material description to use with these cryptographic materials.

Returns:Material description
Return type:dict

Content key used for encrypting attributes.

Returns:Encryption key
Return type:DelegatedKey

Content key used for decrypting attributes.

Returns:Decryption key
Return type:DelegatedKey

Delegated key used for calculating digital signatures.

Returns:Signing key
Return type:DelegatedKey

Delegated key used for verifying digital signatures.

Returns:Verification key
Return type:DelegatedKey