Wrapped Provider

Cryptographic materials provider to use ephemeral content encryption keys wrapped by delegated keys.

class dynamodb_encryption_sdk.material_providers.wrapped.WrappedCryptographicMaterialsProvider(signing_key, wrapping_key=None, unwrapping_key=None, material_description=None)[source]

Bases: dynamodb_encryption_sdk.material_providers.CryptographicMaterialsProvider

Cryptographic materials provider to use ephemeral content encryption keys wrapped by delegated keys.

Parameters:
  • signing_key (DelegatedKey) – Delegated key used as signing and verification key
  • wrapping_key (DelegatedKey) – Delegated key used to wrap content key

Note

wrapping_key must be provided if providing encryption materials

Parameters:unwrapping_key (DelegatedKey) – Delegated key used to unwrap content key

Note

unwrapping_key must be provided if providing decryption materials or loading materials from material description

encryption_materials(encryption_context)[source]

Provide encryption materials.

Parameters:encryption_context (EncryptionContext) – Encryption context for request
Returns:Encryption materials
Return type:WrappedCryptographicMaterials
Raises:WrappingError – if no wrapping key is available
decryption_materials(encryption_context)[source]

Provide decryption materials.

Parameters:encryption_context (EncryptionContext) – Encryption context for request
Returns:Decryption materials
Return type:WrappedCryptographicMaterials
Raises:UnwrappingError – if no unwrapping key is available