From 0d2963176e4b3d4d298876189870fd7f6fbc848e Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 18 Jun 2019 14:07:50 -0700 Subject: [PATCH 01/18] Adding Keyring API --- src/aws_encryption_sdk/keyring/__init__.py | 13 ++++++ src/aws_encryption_sdk/keyring/base.py | 40 +++++++++++++++++++ src/aws_encryption_sdk/keyring/raw_keyring.py | 0 3 files changed, 53 insertions(+) create mode 100644 src/aws_encryption_sdk/keyring/__init__.py create mode 100644 src/aws_encryption_sdk/keyring/base.py create mode 100644 src/aws_encryption_sdk/keyring/raw_keyring.py diff --git a/src/aws_encryption_sdk/keyring/__init__.py b/src/aws_encryption_sdk/keyring/__init__.py new file mode 100644 index 000000000..b9037ea16 --- /dev/null +++ b/src/aws_encryption_sdk/keyring/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""All provided keyrings.""" diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py new file mode 100644 index 000000000..0d6b9000c --- /dev/null +++ b/src/aws_encryption_sdk/keyring/base.py @@ -0,0 +1,40 @@ +# Copyright 2017 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. +"""Base class interface for Keyrings.""" + + +class Keyring(object): + def on_encrypt(self, encryption_materials): + """Generates a data key and encrypts it using all wrapping keys the Keyring is associated with. + + :param encryption_materials: Contains signing key, encryption context and algorithm suite + required to encrypt data key + :type : aws_encryption_sdk.materials_managers.EncryptionMaterials + :returns encryption_materials: Contains signing key, unencrypted data key, encrypted data keys, + encryption context and algorithm suite required to encrypt data key + :rtype : aws_encryption_sdk.materials_managers.EncryptionMaterials + :raises AttributeError: if encryption materials not available + """ + raise NotImplementedError("Keyring does not implement on_encrypt function") + + def on_decrypt(self, decryption_materials): + """Tries to decrypt one of the keys in the list of encrypted data keys using wrapping keys + the Keyring is associated with. + + :param decryption_materials: Contains verification key, list of encrypted data keys. + :type : aws_encryption_sdk.materials_managers.DecryptionMaterials + :returns decryption_materials: Contains verification key, list of encrypted data keys and decrypted data key. + :rtype : aws_encryption_sdk.materials_managers.DecryptionMaterials + :raises AttributeError: if decryption materials not available + """ + raise NotImplementedError("Keyring does not implement on_decrypt function") diff --git a/src/aws_encryption_sdk/keyring/raw_keyring.py b/src/aws_encryption_sdk/keyring/raw_keyring.py new file mode 100644 index 000000000..e69de29bb From 237a2af41266312a6bd0a374f683395e31b169c3 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 18 Jun 2019 14:51:28 -0700 Subject: [PATCH 02/18] Added docstring to public class --- src/aws_encryption_sdk/keyring/base.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index 0d6b9000c..575758edd 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -14,6 +14,8 @@ class Keyring(object): + """Parent interface for Keyring classes. + """ def on_encrypt(self, encryption_materials): """Generates a data key and encrypts it using all wrapping keys the Keyring is associated with. From 9bbdf835e40522a39581d20fbc780463f302f2e6 Mon Sep 17 00:00:00 2001 From: MeghaShetty Date: Tue, 18 Jun 2019 14:12:41 -0700 Subject: [PATCH 03/18] Delete __init__.py --- src/aws_encryption_sdk/keyring/__init__.py | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 src/aws_encryption_sdk/keyring/__init__.py diff --git a/src/aws_encryption_sdk/keyring/__init__.py b/src/aws_encryption_sdk/keyring/__init__.py deleted file mode 100644 index b9037ea16..000000000 --- a/src/aws_encryption_sdk/keyring/__init__.py +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"). You -# may not use this file except in compliance with the License. A copy of -# the License is located at -# -# http://aws.amazon.com/apache2.0/ -# -# or in the "license" file accompanying this file. This file is -# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF -# ANY KIND, either express or implied. See the License for the specific -# language governing permissions and limitations under the License. -"""All provided keyrings.""" From 1a14a3b82af0891b2190f294309b7573904dfd67 Mon Sep 17 00:00:00 2001 From: MeghaShetty Date: Tue, 18 Jun 2019 14:12:53 -0700 Subject: [PATCH 04/18] Delete raw_keyring.py --- src/aws_encryption_sdk/keyring/raw_keyring.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 src/aws_encryption_sdk/keyring/raw_keyring.py diff --git a/src/aws_encryption_sdk/keyring/raw_keyring.py b/src/aws_encryption_sdk/keyring/raw_keyring.py deleted file mode 100644 index e69de29bb..000000000 From c1a1c77e7c5a11f21825d3acb5c4be54e9247d1d Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 18 Jun 2019 15:36:18 -0700 Subject: [PATCH 05/18] Edited docstring --- src/aws_encryption_sdk/keyring/base.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index 575758edd..a1e77e905 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -16,6 +16,7 @@ class Keyring(object): """Parent interface for Keyring classes. """ + def on_encrypt(self, encryption_materials): """Generates a data key and encrypts it using all wrapping keys the Keyring is associated with. From 66b348f45f4edba14c313c8d315ca7da8286380f Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Tue, 18 Jun 2019 16:07:06 -0700 Subject: [PATCH 06/18] Edited docstring again --- src/aws_encryption_sdk/keyring/base.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index a1e77e905..88e3ae068 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -14,8 +14,7 @@ class Keyring(object): - """Parent interface for Keyring classes. - """ + """Parent interface for Keyring classes.""" def on_encrypt(self, encryption_materials): """Generates a data key and encrypts it using all wrapping keys the Keyring is associated with. From 7730e3e5186b60a251215066795eaa86eac26c24 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Wed, 19 Jun 2019 13:02:31 -0700 Subject: [PATCH 07/18] Changes in docstring statements --- src/aws_encryption_sdk/keyring/base.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index 88e3ae068..19f2ae169 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -17,7 +17,7 @@ class Keyring(object): """Parent interface for Keyring classes.""" def on_encrypt(self, encryption_materials): - """Generates a data key and encrypts it using all wrapping keys the Keyring is associated with. + """Generate a data key and encrypt it using all wrapping keys the Keyring is associated with. :param encryption_materials: Contains signing key, encryption context and algorithm suite required to encrypt data key @@ -30,8 +30,7 @@ def on_encrypt(self, encryption_materials): raise NotImplementedError("Keyring does not implement on_encrypt function") def on_decrypt(self, decryption_materials): - """Tries to decrypt one of the keys in the list of encrypted data keys using wrapping keys - the Keyring is associated with. + """Attempt to decrypt the encrypted data keys. :param decryption_materials: Contains verification key, list of encrypted data keys. :type : aws_encryption_sdk.materials_managers.DecryptionMaterials From ea8c9728fb6467e808c1dfb52fe3fd2eb7c13bd3 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Wed, 19 Jun 2019 13:05:16 -0700 Subject: [PATCH 08/18] Docstring changes --- src/aws_encryption_sdk/keyring/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index 19f2ae169..cdec0842a 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -17,7 +17,7 @@ class Keyring(object): """Parent interface for Keyring classes.""" def on_encrypt(self, encryption_materials): - """Generate a data key and encrypt it using all wrapping keys the Keyring is associated with. + """Generate a data key if not present and encrypt it using any available wrapping key. :param encryption_materials: Contains signing key, encryption context and algorithm suite required to encrypt data key From d7a965a5b18ff6d1456bb4aa25b0acb17078b230 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Thu, 20 Jun 2019 13:51:28 -0700 Subject: [PATCH 09/18] Changes in docstring --- src/aws_encryption_sdk/keyring/base.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index cdec0842a..3c4689d70 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -21,11 +21,11 @@ def on_encrypt(self, encryption_materials): :param encryption_materials: Contains signing key, encryption context and algorithm suite required to encrypt data key - :type : aws_encryption_sdk.materials_managers.EncryptionMaterials - :returns encryption_materials: Contains signing key, unencrypted data key, encrypted data keys, + :type encryption_materials: aws_encryption_sdk.materials_managers.EncryptionMaterials + :returns: Contains signing key, unencrypted data key, encrypted data keys, encryption context and algorithm suite required to encrypt data key - :rtype : aws_encryption_sdk.materials_managers.EncryptionMaterials - :raises AttributeError: if encryption materials not available + :rtype: aws_encryption_sdk.materials_managers.EncryptionMaterials + :raises NotImplementedError: if method is not implemented """ raise NotImplementedError("Keyring does not implement on_encrypt function") @@ -33,9 +33,9 @@ def on_decrypt(self, decryption_materials): """Attempt to decrypt the encrypted data keys. :param decryption_materials: Contains verification key, list of encrypted data keys. - :type : aws_encryption_sdk.materials_managers.DecryptionMaterials - :returns decryption_materials: Contains verification key, list of encrypted data keys and decrypted data key. - :rtype : aws_encryption_sdk.materials_managers.DecryptionMaterials - :raises AttributeError: if decryption materials not available + :type decryption_materials: aws_encryption_sdk.materials_managers.DecryptionMaterials + :returns: Contains verification key, list of encrypted data keys and decrypted data key. + :rtype: aws_encryption_sdk.materials_managers.DecryptionMaterials + :raises NotImplementedError: if method is not implemented """ raise NotImplementedError("Keyring does not implement on_decrypt function") From 28fa1038f322745bd1cf4095625dc81618111b46 Mon Sep 17 00:00:00 2001 From: MeghaShetty Date: Fri, 21 Jun 2019 15:37:58 -0700 Subject: [PATCH 10/18] Update src/aws_encryption_sdk/keyring/base.py Co-Authored-By: Matt Bullock --- src/aws_encryption_sdk/keyring/base.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index 3c4689d70..735dcab62 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -14,7 +14,10 @@ class Keyring(object): - """Parent interface for Keyring classes.""" + """Parent interface for Keyring classes. + + .. versionadded:: 1.5.0 + """ def on_encrypt(self, encryption_materials): """Generate a data key if not present and encrypt it using any available wrapping key. From 60bed0afe52ab1476a697ae1cacb5dfc408e869a Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Mon, 24 Jun 2019 09:48:53 -0700 Subject: [PATCH 11/18] Fixed indentation errors --- src/aws_encryption_sdk/keyring/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index 735dcab62..b9389519f 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -15,7 +15,7 @@ class Keyring(object): """Parent interface for Keyring classes. - + .. versionadded:: 1.5.0 """ From ca4bf3417ec61388f59c17bdde32409b6f684e55 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Mon, 24 Jun 2019 10:41:38 -0700 Subject: [PATCH 12/18] Fixed another indentation error --- src/aws_encryption_sdk/keyring/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index b9389519f..e18cd9e45 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -16,7 +16,7 @@ class Keyring(object): """Parent interface for Keyring classes. - .. versionadded:: 1.5.0 + .. versionadded:: 1.5.0 """ def on_encrypt(self, encryption_materials): From 5d3b96e71dcb08630b469379006c784c3048002d Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Thu, 27 Jun 2019 14:27:18 -0700 Subject: [PATCH 13/18] Added encrypted data keys as a parameter --- src/aws_encryption_sdk/keyring/base.py | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index e18cd9e45..3192a5688 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -25,19 +25,22 @@ def on_encrypt(self, encryption_materials): :param encryption_materials: Contains signing key, encryption context and algorithm suite required to encrypt data key :type encryption_materials: aws_encryption_sdk.materials_managers.EncryptionMaterials - :returns: Contains signing key, unencrypted data key, encrypted data keys, + :returns: Encryption materials containing signing key, unencrypted data key, encrypted data keys, encryption context and algorithm suite required to encrypt data key :rtype: aws_encryption_sdk.materials_managers.EncryptionMaterials :raises NotImplementedError: if method is not implemented """ raise NotImplementedError("Keyring does not implement on_encrypt function") - def on_decrypt(self, decryption_materials): + def on_decrypt(self, decryption_materials, encrypted_data_keys): """Attempt to decrypt the encrypted data keys. - :param decryption_materials: Contains verification key, list of encrypted data keys. + :param decryption_materials: May contain verification key, algorithm, encryption context and keyring trace. :type decryption_materials: aws_encryption_sdk.materials_managers.DecryptionMaterials - :returns: Contains verification key, list of encrypted data keys and decrypted data key. + :param encrypted_data_keys: List of encrypted data keys. + :type: Iterable of `aws_encryption_sdk.structures.EncryptedDataKey` + :returns: Decryption materials containing verification key, algorithm, data_encryption_key, + encryption context and keyring trace. :rtype: aws_encryption_sdk.materials_managers.DecryptionMaterials :raises NotImplementedError: if method is not implemented """ From 252c483ecdef05fe35d19b9d6a3c4d983be84007 Mon Sep 17 00:00:00 2001 From: MeghaShetty Date: Fri, 28 Jun 2019 12:26:22 -0700 Subject: [PATCH 14/18] Update src/aws_encryption_sdk/keyring/base.py Co-Authored-By: Matt Bullock --- src/aws_encryption_sdk/keyring/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index 3192a5688..ef31b9850 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -38,7 +38,7 @@ def on_decrypt(self, decryption_materials, encrypted_data_keys): :param decryption_materials: May contain verification key, algorithm, encryption context and keyring trace. :type decryption_materials: aws_encryption_sdk.materials_managers.DecryptionMaterials :param encrypted_data_keys: List of encrypted data keys. - :type: Iterable of `aws_encryption_sdk.structures.EncryptedDataKey` + :type: Iterable of :class:`aws_encryption_sdk.structures.EncryptedDataKey` :returns: Decryption materials containing verification key, algorithm, data_encryption_key, encryption context and keyring trace. :rtype: aws_encryption_sdk.materials_managers.DecryptionMaterials From acc320f8f7b6c2528e2c88bb8eb8c629f2ac42ab Mon Sep 17 00:00:00 2001 From: MeghaShetty Date: Fri, 28 Jun 2019 12:28:01 -0700 Subject: [PATCH 15/18] Update src/aws_encryption_sdk/keyring/base.py Co-Authored-By: Matt Bullock --- src/aws_encryption_sdk/keyring/base.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index ef31b9850..d30d4c5db 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -20,6 +20,7 @@ class Keyring(object): """ def on_encrypt(self, encryption_materials): + # type: (EncryptionMaterials) -> EncryptionMaterials """Generate a data key if not present and encrypt it using any available wrapping key. :param encryption_materials: Contains signing key, encryption context and algorithm suite From 9fded7fd20f9fdf6724d39574a0e73734aae3d68 Mon Sep 17 00:00:00 2001 From: MeghaShetty Date: Fri, 28 Jun 2019 12:29:43 -0700 Subject: [PATCH 16/18] Update src/aws_encryption_sdk/keyring/base.py Co-Authored-By: Matt Bullock --- src/aws_encryption_sdk/keyring/base.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index d30d4c5db..484fb2c0f 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -11,6 +11,14 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Base class interface for Keyrings.""" +from aws_encryption_sdk.material_managers import DecryptionMaterials, EncryptionMaterials +from aws_encryption_sdk.structures import EncryptedDataKey + +try: # Python 3.5.0 and 3.5.1 have incompatible typing modules + from typing import Iterable # noqa pylint: disable=unused-import +except ImportError: # pragma: no cover + # We only actually need these imports when running the mypy checks + pass class Keyring(object): From 20cad30e88f8c58286850a616e26061dc39dda7a Mon Sep 17 00:00:00 2001 From: MeghaShetty Date: Fri, 28 Jun 2019 12:29:54 -0700 Subject: [PATCH 17/18] Update src/aws_encryption_sdk/keyring/base.py Co-Authored-By: Matt Bullock --- src/aws_encryption_sdk/keyring/base.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index 484fb2c0f..d98e954c5 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -42,6 +42,7 @@ def on_encrypt(self, encryption_materials): raise NotImplementedError("Keyring does not implement on_encrypt function") def on_decrypt(self, decryption_materials, encrypted_data_keys): + # type: (DecryptionMaterials, Iterable[EncryptedDataKey]) -> DecryptionMaterials """Attempt to decrypt the encrypted data keys. :param decryption_materials: May contain verification key, algorithm, encryption context and keyring trace. From 050ae86a8611a14aa77b87220199a82781f5dd87 Mon Sep 17 00:00:00 2001 From: Megha Vasant Shetty Date: Fri, 28 Jun 2019 14:24:10 -0700 Subject: [PATCH 18/18] Changes in docstrings --- src/aws_encryption_sdk/keyring/base.py | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/src/aws_encryption_sdk/keyring/base.py b/src/aws_encryption_sdk/keyring/base.py index d98e954c5..770b53c0b 100644 --- a/src/aws_encryption_sdk/keyring/base.py +++ b/src/aws_encryption_sdk/keyring/base.py @@ -11,7 +11,7 @@ # ANY KIND, either express or implied. See the License for the specific # language governing permissions and limitations under the License. """Base class interface for Keyrings.""" -from aws_encryption_sdk.material_managers import DecryptionMaterials, EncryptionMaterials +from aws_encryption_sdk.materials_managers import DecryptionMaterials, EncryptionMaterials from aws_encryption_sdk.structures import EncryptedDataKey try: # Python 3.5.0 and 3.5.1 have incompatible typing modules @@ -28,29 +28,26 @@ class Keyring(object): """ def on_encrypt(self, encryption_materials): - # type: (EncryptionMaterials) -> EncryptionMaterials + # type: (EncryptionMaterials) -> EncryptionMaterials """Generate a data key if not present and encrypt it using any available wrapping key. - :param encryption_materials: Contains signing key, encryption context and algorithm suite - required to encrypt data key + :param encryption_materials: Encryption materials for the keyring to modify. :type encryption_materials: aws_encryption_sdk.materials_managers.EncryptionMaterials - :returns: Encryption materials containing signing key, unencrypted data key, encrypted data keys, - encryption context and algorithm suite required to encrypt data key + :returns: Optionally modified encryption materials. :rtype: aws_encryption_sdk.materials_managers.EncryptionMaterials :raises NotImplementedError: if method is not implemented """ raise NotImplementedError("Keyring does not implement on_encrypt function") def on_decrypt(self, decryption_materials, encrypted_data_keys): - # type: (DecryptionMaterials, Iterable[EncryptedDataKey]) -> DecryptionMaterials + # type: (DecryptionMaterials, Iterable[EncryptedDataKey]) -> DecryptionMaterials """Attempt to decrypt the encrypted data keys. - :param decryption_materials: May contain verification key, algorithm, encryption context and keyring trace. + :param decryption_materials: Decryption materials for the keyring to modify. :type decryption_materials: aws_encryption_sdk.materials_managers.DecryptionMaterials :param encrypted_data_keys: List of encrypted data keys. :type: Iterable of :class:`aws_encryption_sdk.structures.EncryptedDataKey` - :returns: Decryption materials containing verification key, algorithm, data_encryption_key, - encryption context and keyring trace. + :returns: Optionally modified decryption materials. :rtype: aws_encryption_sdk.materials_managers.DecryptionMaterials :raises NotImplementedError: if method is not implemented """