From 189cdfca4209085f36880f72ad24cd2514f073fa Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 12 Aug 2024 15:16:35 -0700 Subject: [PATCH 01/10] m --- .../src/aws_kms_discovery_keyring_example.py | 18 +++++---------- ...aws_kms_discovery_multi_keyring_example.py | 16 ++++---------- examples/src/aws_kms_keyring_example.py | 13 +++++------ .../aws_kms_mrk_discovery_keyring_example.py | 11 ++++------ ...kms_mrk_discovery_multi_keyring_example.py | 11 ++++------ examples/src/aws_kms_mrk_keyring_example.py | 13 +++++------ .../src/aws_kms_mrk_multi_keyring_example.py | 22 +++++++------------ examples/src/aws_kms_multi_keyring_example.py | 15 ++++++++++--- examples/src/aws_kms_rsa_keyring_example.py | 11 ++++------ ...cryptographic_materials_manager_example.py | 11 ++++------ examples/src/file_streaming_example.py | 6 ----- examples/src/hierarchical_keyring_example.py | 21 ++++++++++++++---- ...migration_set_commitment_policy_example.py | 11 ++++------ examples/src/multi_keyring_example.py | 15 ++++++++++--- examples/src/raw_aes_keyring_example.py | 11 ++++------ examples/src/raw_rsa_keyring_example.py | 11 ++++------ .../set_encryption_algorithm_suite_example.py | 11 ++++------ 17 files changed, 100 insertions(+), 127 deletions(-) diff --git a/examples/src/aws_kms_discovery_keyring_example.py b/examples/src/aws_kms_discovery_keyring_example.py index d78121bc3..758b785c9 100644 --- a/examples/src/aws_kms_discovery_keyring_example.py +++ b/examples/src/aws_kms_discovery_keyring_example.py @@ -155,20 +155,12 @@ def encrypt_and_decrypt_with_keyring( # If all calls to KMS fail, the decryption fails. plaintext_bytes, dec_header = client.decrypt( source=ciphertext, - keyring=discovery_keyring + keyring=discovery_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 9. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - - # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext. - # (This is an example for demonstration; you do not need to do this in your own code.) - assert plaintext_bytes == EXAMPLE_DATA, \ - "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" - # 11. Demonstrate that if a discovery keyring (Bob's) doesn't have the correct AWS Account ID's, # the decrypt will fail with an error message # Note that this assumes Account ID used here ('888888888888') is different than the one used @@ -192,7 +184,7 @@ def encrypt_and_decrypt_with_keyring( try: plaintext_bytes, _ = client.decrypt( source=ciphertext, - keyring=discovery_keyring_bob + keyring=discovery_keyring_bob, ) raise AssertionError("Decrypt using discovery keyring with wrong AWS Account ID should" diff --git a/examples/src/aws_kms_discovery_multi_keyring_example.py b/examples/src/aws_kms_discovery_multi_keyring_example.py index 9381a740b..835c704f9 100644 --- a/examples/src/aws_kms_discovery_multi_keyring_example.py +++ b/examples/src/aws_kms_discovery_multi_keyring_example.py @@ -153,16 +153,8 @@ def encrypt_and_decrypt_with_keyring( # KMS Discovery Keyrings will attempt to decrypt Multi Region Keys (MRKs) and regular KMS Keys. plaintext_bytes, dec_header = client.decrypt( source=ciphertext, - keyring=discovery_multi_keyring + keyring=discovery_multi_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - - # 9. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - - # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext. - # (This is an example for demonstration; you do not need to do this in your own code.) - assert plaintext_bytes == EXAMPLE_DATA, \ - "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" diff --git a/examples/src/aws_kms_keyring_example.py b/examples/src/aws_kms_keyring_example.py index 8977e3750..95fd46480 100644 --- a/examples/src/aws_kms_keyring_example.py +++ b/examples/src/aws_kms_keyring_example.py @@ -97,17 +97,14 @@ def encrypt_and_decrypt_with_keyring( "Ciphertext and plaintext data are the same. Invalid encryption" # 7. Decrypt your encrypted data using the same keyring you used on encrypt. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, - keyring=kms_keyring + keyring=kms_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 8. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ diff --git a/examples/src/aws_kms_mrk_discovery_keyring_example.py b/examples/src/aws_kms_mrk_discovery_keyring_example.py index 23d6cb322..1f7520b24 100644 --- a/examples/src/aws_kms_mrk_discovery_keyring_example.py +++ b/examples/src/aws_kms_mrk_discovery_keyring_example.py @@ -165,15 +165,12 @@ def encrypt_and_decrypt_with_keyring( # 7. Decrypt your encrypted data using the discovery keyring. plaintext_bytes, dec_header = client.decrypt( source=ciphertext, - keyring=decrypt_discovery_keyring + keyring=decrypt_discovery_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 8. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA diff --git a/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py b/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py index adb249e2a..588956bd8 100644 --- a/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py +++ b/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py @@ -174,15 +174,12 @@ def encrypt_and_decrypt_with_keyring( # Multi Region Keys (MRKs) and regular KMS Keys. plaintext_bytes, dec_header = client.decrypt( source=ciphertext, - keyring=decrypt_discovery_keyring + keyring=decrypt_discovery_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 8. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA diff --git a/examples/src/aws_kms_mrk_keyring_example.py b/examples/src/aws_kms_mrk_keyring_example.py index edb3cc410..5578b8816 100644 --- a/examples/src/aws_kms_mrk_keyring_example.py +++ b/examples/src/aws_kms_mrk_keyring_example.py @@ -132,17 +132,14 @@ def encrypt_and_decrypt_with_keyring( ) # 7. Decrypt your encrypted data using the same keyring you used on encrypt. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, - keyring=decrypt_keyring + keyring=decrypt_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 8. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ diff --git a/examples/src/aws_kms_mrk_multi_keyring_example.py b/examples/src/aws_kms_mrk_multi_keyring_example.py index 6b1e64eec..dc1dbf485 100644 --- a/examples/src/aws_kms_mrk_multi_keyring_example.py +++ b/examples/src/aws_kms_mrk_multi_keyring_example.py @@ -126,15 +126,12 @@ def encrypt_and_decrypt_with_keyring( # the first available KMS key on the keyring that is capable of decrypting the data. plaintext_bytes, dec_header = client.decrypt( source=ciphertext, - keyring=kms_mrk_multi_keyring + keyring=kms_mrk_multi_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 7. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ @@ -161,15 +158,12 @@ def encrypt_and_decrypt_with_keyring( # 10. Decrypt your encrypted data using the second region AwsKmsMrkKeyring plaintext_bytes_second_region, dec_header_second_region = client.decrypt( source=ciphertext, - keyring=second_region_mrk_keyring + keyring=second_region_mrk_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 11. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header_second_region.encryption_context[k], \ - "Encryption context does not match expected values" - # 12. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes_second_region == EXAMPLE_DATA diff --git a/examples/src/aws_kms_multi_keyring_example.py b/examples/src/aws_kms_multi_keyring_example.py index 7cba36167..26fa836bc 100644 --- a/examples/src/aws_kms_multi_keyring_example.py +++ b/examples/src/aws_kms_multi_keyring_example.py @@ -133,7 +133,10 @@ def encrypt_and_decrypt_with_keyring( # 6a. Decrypt your encrypted data using the same multi_keyring you used on encrypt. plaintext_bytes_multi_keyring, _ = client.decrypt( source=ciphertext, - keyring=kms_multi_keyring + keyring=kms_multi_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) # 6b. Demonstrate that the decrypted plaintext is identical to the original plaintext. @@ -164,7 +167,10 @@ def encrypt_and_decrypt_with_keyring( # 7c. Decrypt your encrypted data using the default_region_kms_keyring. plaintext_bytes_default_region_kms_keyring, _ = client.decrypt( source=ciphertext, - keyring=default_region_kms_keyring + keyring=default_region_kms_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) # 7d. Demonstrate that the decrypted plaintext is identical to the original plaintext. @@ -192,7 +198,10 @@ def encrypt_and_decrypt_with_keyring( # 8c. Decrypt your encrypted data using the second_region_kms_keyring. plaintext_bytes_second_region_kms_keyring, _ = client.decrypt( source=ciphertext, - keyring=second_region_kms_keyring + keyring=second_region_kms_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) # 8d. Demonstrate that the decrypted plaintext is identical to the original plaintext. diff --git a/examples/src/aws_kms_rsa_keyring_example.py b/examples/src/aws_kms_rsa_keyring_example.py index fd05fc20b..4d435a405 100644 --- a/examples/src/aws_kms_rsa_keyring_example.py +++ b/examples/src/aws_kms_rsa_keyring_example.py @@ -105,15 +105,12 @@ def encrypt_and_decrypt_with_keyring( # 7. Decrypt your encrypted data using the same keyring you used on encrypt. plaintext_bytes, dec_header = client.decrypt( source=ciphertext, - keyring=kms_rsa_keyring + keyring=kms_rsa_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 8. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ diff --git a/examples/src/default_cryptographic_materials_manager_example.py b/examples/src/default_cryptographic_materials_manager_example.py index 15a9f22cf..61101105c 100644 --- a/examples/src/default_cryptographic_materials_manager_example.py +++ b/examples/src/default_cryptographic_materials_manager_example.py @@ -111,15 +111,12 @@ def encrypt_and_decrypt_with_default_cmm( # 7. Decrypt your encrypted data using the same cmm you used on encrypt. plaintext_bytes, dec_header = client.decrypt( source=ciphertext, - materials_manager=cmm + materials_manager=cmm, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 8. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ diff --git a/examples/src/file_streaming_example.py b/examples/src/file_streaming_example.py index 3f547d220..c7c3cff05 100644 --- a/examples/src/file_streaming_example.py +++ b/examples/src/file_streaming_example.py @@ -134,12 +134,6 @@ def encrypt_and_decrypt_with_keyring( for chunk in decryptor: pt_file.write(chunk) - # 9. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == decryptor.header.encryption_context[k], \ - "Encryption context does not match expected values" - # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert filecmp.cmp(plaintext_filename, decrypted_filename), \ diff --git a/examples/src/hierarchical_keyring_example.py b/examples/src/hierarchical_keyring_example.py index 00dadf9d8..1a5af1b03 100644 --- a/examples/src/hierarchical_keyring_example.py +++ b/examples/src/hierarchical_keyring_example.py @@ -200,7 +200,10 @@ def encrypt_and_decrypt_with_keyring( try: client.decrypt( source=ciphertext_a, - keyring=hierarchical_keyring_b + keyring=hierarchical_keyring_b, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context_a, ) except AWSEncryptionSDKClientError: pass @@ -210,7 +213,10 @@ def encrypt_and_decrypt_with_keyring( try: client.decrypt( source=ciphertext_b, - keyring=hierarchical_keyring_a + keyring=hierarchical_keyring_a, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context_b, ) except AWSEncryptionSDKClientError: pass @@ -219,13 +225,20 @@ def encrypt_and_decrypt_with_keyring( # and that the decrypted data matches the input data. plaintext_bytes_a, _ = client.decrypt( source=ciphertext_a, - keyring=hierarchical_keyring_a + keyring=hierarchical_keyring_a, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context_a, ) assert plaintext_bytes_a == EXAMPLE_DATA, \ "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" + plaintext_bytes_b, _ = client.decrypt( source=ciphertext_b, - keyring=hierarchical_keyring_b + keyring=hierarchical_keyring_b, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context_b, ) assert plaintext_bytes_b == EXAMPLE_DATA, \ "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" diff --git a/examples/src/migration/migration_set_commitment_policy_example.py b/examples/src/migration/migration_set_commitment_policy_example.py index 3851df0e2..2cc81c444 100644 --- a/examples/src/migration/migration_set_commitment_policy_example.py +++ b/examples/src/migration/migration_set_commitment_policy_example.py @@ -107,15 +107,12 @@ def encrypt_and_decrypt_with_keyring( # 7. Decrypt your encrypted data using the same keyring you used on encrypt. plaintext_bytes, dec_header = client.decrypt( source=ciphertext, - keyring=kms_keyring + keyring=kms_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 8. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ diff --git a/examples/src/multi_keyring_example.py b/examples/src/multi_keyring_example.py index 20af7ba81..b00f0265a 100644 --- a/examples/src/multi_keyring_example.py +++ b/examples/src/multi_keyring_example.py @@ -164,7 +164,10 @@ def encrypt_and_decrypt_with_keyring( # 10a. Decrypt your encrypted data using the same multi_keyring you used on encrypt. plaintext_bytes_multi_keyring, _ = client.decrypt( source=ciphertext, - keyring=multi_keyring + keyring=multi_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) # 10b. Demonstrate that the decrypted plaintext is identical to the original plaintext. @@ -182,7 +185,10 @@ def encrypt_and_decrypt_with_keyring( # 11a. Decrypt your encrypted data using the kms_keyring. plaintext_bytes_kms_keyring, _ = client.decrypt( source=ciphertext, - keyring=kms_keyring + keyring=kms_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) # 11b. Demonstrate that the decrypted plaintext is identical to the original plaintext. @@ -197,7 +203,10 @@ def encrypt_and_decrypt_with_keyring( # 12a. Decrypt your encrypted data using the raw_aes_keyring. plaintext_bytes_raw_aes_keyring, _ = client.decrypt( source=ciphertext, - keyring=raw_aes_keyring + keyring=raw_aes_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) # 12b. Demonstrate that the decrypted plaintext is identical to the original plaintext. diff --git a/examples/src/raw_aes_keyring_example.py b/examples/src/raw_aes_keyring_example.py index ab9603af6..080316896 100644 --- a/examples/src/raw_aes_keyring_example.py +++ b/examples/src/raw_aes_keyring_example.py @@ -109,15 +109,12 @@ def encrypt_and_decrypt_with_keyring(): # 8. Decrypt your encrypted data using the same keyring you used on encrypt. plaintext_bytes, dec_header = client.decrypt( source=ciphertext, - keyring=raw_aes_keyring + keyring=raw_aes_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 9. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ diff --git a/examples/src/raw_rsa_keyring_example.py b/examples/src/raw_rsa_keyring_example.py index 1200a7c72..341111545 100644 --- a/examples/src/raw_rsa_keyring_example.py +++ b/examples/src/raw_rsa_keyring_example.py @@ -207,15 +207,12 @@ def encrypt_and_decrypt_with_keyring(public_key_file_name=None, private_key_file # 6. Decrypt your encrypted data using the same keyring you used on encrypt. plaintext_bytes, dec_header = client.decrypt( source=ciphertext, - keyring=raw_rsa_keyring + keyring=raw_rsa_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 7. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ diff --git a/examples/src/set_encryption_algorithm_suite_example.py b/examples/src/set_encryption_algorithm_suite_example.py index 75eaee85a..7bf851e15 100644 --- a/examples/src/set_encryption_algorithm_suite_example.py +++ b/examples/src/set_encryption_algorithm_suite_example.py @@ -130,15 +130,12 @@ def encrypt_and_decrypt_with_keyring(): # 8. Decrypt your encrypted data using the same keyring you used on encrypt. plaintext_bytes, dec_header = client.decrypt( source=ciphertext, - keyring=raw_aes_keyring + keyring=raw_aes_keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) - # 9. Demonstrate that the encryption context is correct in the decrypted message header - # (This is an example for demonstration; you do not need to do this in your own code.) - for k, v in encryption_context.items(): - assert v == dec_header.encryption_context[k], \ - "Encryption context does not match expected values" - # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ From 31d83aabfec54da955b0cbe89e01eb79873a9b93 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 12 Aug 2024 15:21:11 -0700 Subject: [PATCH 02/10] cleanup --- examples/src/aws_kms_discovery_keyring_example.py | 8 ++++++++ examples/src/aws_kms_discovery_multi_keyring_example.py | 5 +++++ examples/src/aws_kms_keyring_example.py | 2 +- examples/src/aws_kms_mrk_discovery_keyring_example.py | 2 +- .../src/aws_kms_mrk_discovery_multi_keyring_example.py | 2 +- examples/src/aws_kms_mrk_keyring_example.py | 2 +- examples/src/aws_kms_mrk_multi_keyring_example.py | 8 ++++---- examples/src/aws_kms_rsa_keyring_example.py | 2 +- .../default_cryptographic_materials_manager_example.py | 2 +- examples/src/hierarchical_keyring_example.py | 2 +- .../migration/migration_set_commitment_policy_example.py | 2 +- examples/src/raw_aes_keyring_example.py | 2 +- examples/src/raw_rsa_keyring_example.py | 6 +++--- examples/src/set_encryption_algorithm_suite_example.py | 2 +- 14 files changed, 30 insertions(+), 17 deletions(-) diff --git a/examples/src/aws_kms_discovery_keyring_example.py b/examples/src/aws_kms_discovery_keyring_example.py index 758b785c9..eb0fabf6a 100644 --- a/examples/src/aws_kms_discovery_keyring_example.py +++ b/examples/src/aws_kms_discovery_keyring_example.py @@ -161,6 +161,11 @@ def encrypt_and_decrypt_with_keyring( encryption_context=encryption_context, ) + # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # (This is an example for demonstration; you do not need to do this in your own code.) + assert plaintext_bytes == EXAMPLE_DATA, \ + "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" + # 11. Demonstrate that if a discovery keyring (Bob's) doesn't have the correct AWS Account ID's, # the decrypt will fail with an error message # Note that this assumes Account ID used here ('888888888888') is different than the one used @@ -185,6 +190,9 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=discovery_keyring_bob, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encryptData method + encryption_context=encryption_context, ) raise AssertionError("Decrypt using discovery keyring with wrong AWS Account ID should" diff --git a/examples/src/aws_kms_discovery_multi_keyring_example.py b/examples/src/aws_kms_discovery_multi_keyring_example.py index 835c704f9..e13ff15f1 100644 --- a/examples/src/aws_kms_discovery_multi_keyring_example.py +++ b/examples/src/aws_kms_discovery_multi_keyring_example.py @@ -158,3 +158,8 @@ def encrypt_and_decrypt_with_keyring( # encryption context supplied to the encryptData method encryption_context=encryption_context, ) + + # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # (This is an example for demonstration; you do not need to do this in your own code.) + assert plaintext_bytes == EXAMPLE_DATA, \ + "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" diff --git a/examples/src/aws_kms_keyring_example.py b/examples/src/aws_kms_keyring_example.py index 95fd46480..870cbbe9d 100644 --- a/examples/src/aws_kms_keyring_example.py +++ b/examples/src/aws_kms_keyring_example.py @@ -105,7 +105,7 @@ def encrypt_and_decrypt_with_keyring( encryption_context=encryption_context, ) - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" diff --git a/examples/src/aws_kms_mrk_discovery_keyring_example.py b/examples/src/aws_kms_mrk_discovery_keyring_example.py index 1f7520b24..4c001fdd8 100644 --- a/examples/src/aws_kms_mrk_discovery_keyring_example.py +++ b/examples/src/aws_kms_mrk_discovery_keyring_example.py @@ -171,6 +171,6 @@ def encrypt_and_decrypt_with_keyring( encryption_context=encryption_context, ) - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA diff --git a/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py b/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py index 588956bd8..0f6b2daf0 100644 --- a/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py +++ b/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py @@ -180,6 +180,6 @@ def encrypt_and_decrypt_with_keyring( encryption_context=encryption_context, ) - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA diff --git a/examples/src/aws_kms_mrk_keyring_example.py b/examples/src/aws_kms_mrk_keyring_example.py index 5578b8816..a21e0c3db 100644 --- a/examples/src/aws_kms_mrk_keyring_example.py +++ b/examples/src/aws_kms_mrk_keyring_example.py @@ -140,7 +140,7 @@ def encrypt_and_decrypt_with_keyring( encryption_context=encryption_context, ) - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" diff --git a/examples/src/aws_kms_mrk_multi_keyring_example.py b/examples/src/aws_kms_mrk_multi_keyring_example.py index dc1dbf485..67045e844 100644 --- a/examples/src/aws_kms_mrk_multi_keyring_example.py +++ b/examples/src/aws_kms_mrk_multi_keyring_example.py @@ -132,7 +132,7 @@ def encrypt_and_decrypt_with_keyring( encryption_context=encryption_context, ) - # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 7. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" @@ -141,7 +141,7 @@ def encrypt_and_decrypt_with_keyring( # multi-keyring used to encrypt the data is also capable of decrypting the data. # (This is an example for demonstration; you do not need to do this in your own code.) - # 9. Create a single AwsKmsMrkKeyring with the replica KMS MRK from the second region. + # 8. Create a single AwsKmsMrkKeyring with the replica KMS MRK from the second region. # Create a boto3 client for KMS in the second region which is the region for mrk_replica_key_id. second_region_kms_client = boto3.client('kms', region_name=mrk_replica_decrypt_region) @@ -155,7 +155,7 @@ def encrypt_and_decrypt_with_keyring( input=second_region_mrk_keyring_input ) - # 10. Decrypt your encrypted data using the second region AwsKmsMrkKeyring + # 9. Decrypt your encrypted data using the second region AwsKmsMrkKeyring plaintext_bytes_second_region, dec_header_second_region = client.decrypt( source=ciphertext, keyring=second_region_mrk_keyring, @@ -164,7 +164,7 @@ def encrypt_and_decrypt_with_keyring( encryption_context=encryption_context, ) - # 12. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes_second_region == EXAMPLE_DATA diff --git a/examples/src/aws_kms_rsa_keyring_example.py b/examples/src/aws_kms_rsa_keyring_example.py index 4d435a405..0adb7719e 100644 --- a/examples/src/aws_kms_rsa_keyring_example.py +++ b/examples/src/aws_kms_rsa_keyring_example.py @@ -111,7 +111,7 @@ def encrypt_and_decrypt_with_keyring( encryption_context=encryption_context, ) - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" diff --git a/examples/src/default_cryptographic_materials_manager_example.py b/examples/src/default_cryptographic_materials_manager_example.py index 61101105c..d7e9700ec 100644 --- a/examples/src/default_cryptographic_materials_manager_example.py +++ b/examples/src/default_cryptographic_materials_manager_example.py @@ -117,7 +117,7 @@ def encrypt_and_decrypt_with_default_cmm( encryption_context=encryption_context, ) - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" diff --git a/examples/src/hierarchical_keyring_example.py b/examples/src/hierarchical_keyring_example.py index 1a5af1b03..53e042876 100644 --- a/examples/src/hierarchical_keyring_example.py +++ b/examples/src/hierarchical_keyring_example.py @@ -221,7 +221,7 @@ def encrypt_and_decrypt_with_keyring( except AWSEncryptionSDKClientError: pass - # 10. Demonstrate that data encrypted by one tenant's branch key can be decrypted by that tenant, + # 11. Demonstrate that data encrypted by one tenant's branch key can be decrypted by that tenant, # and that the decrypted data matches the input data. plaintext_bytes_a, _ = client.decrypt( source=ciphertext_a, diff --git a/examples/src/migration/migration_set_commitment_policy_example.py b/examples/src/migration/migration_set_commitment_policy_example.py index 2cc81c444..936def9c8 100644 --- a/examples/src/migration/migration_set_commitment_policy_example.py +++ b/examples/src/migration/migration_set_commitment_policy_example.py @@ -113,7 +113,7 @@ def encrypt_and_decrypt_with_keyring( encryption_context=encryption_context, ) - # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" diff --git a/examples/src/raw_aes_keyring_example.py b/examples/src/raw_aes_keyring_example.py index 080316896..a5020e8bd 100644 --- a/examples/src/raw_aes_keyring_example.py +++ b/examples/src/raw_aes_keyring_example.py @@ -115,7 +115,7 @@ def encrypt_and_decrypt_with_keyring(): encryption_context=encryption_context, ) - # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" diff --git a/examples/src/raw_rsa_keyring_example.py b/examples/src/raw_rsa_keyring_example.py index 341111545..02ae58e8f 100644 --- a/examples/src/raw_rsa_keyring_example.py +++ b/examples/src/raw_rsa_keyring_example.py @@ -213,7 +213,7 @@ def encrypt_and_decrypt_with_keyring(public_key_file_name=None, private_key_file encryption_context=encryption_context, ) - # 8. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 7. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" @@ -222,14 +222,14 @@ def encrypt_and_decrypt_with_keyring(public_key_file_name=None, private_key_file # decryption of the original ciphertext is not possible with a different keyring (Bob's). # (This is an example for demonstration; you do not need to do this in your own code.) - # 9. Create a new Raw RSA keyring for Bob + # 8. Create a new Raw RSA keyring for Bob # Generate new keys public_key_bob, private_key_bob = generate_rsa_keys() # Create the keyring raw_rsa_keyring_bob = create_rsa_keyring(public_key=public_key_bob, private_key=private_key_bob) - # 10. Test decrypt for the original ciphertext using raw_rsa_keyring_bob + # 9. Test decrypt for the original ciphertext using raw_rsa_keyring_bob try: plaintext_bytes_bob, _ = client.decrypt( # pylint: disable=unused-variable source=ciphertext, diff --git a/examples/src/set_encryption_algorithm_suite_example.py b/examples/src/set_encryption_algorithm_suite_example.py index 7bf851e15..61c2bd824 100644 --- a/examples/src/set_encryption_algorithm_suite_example.py +++ b/examples/src/set_encryption_algorithm_suite_example.py @@ -136,7 +136,7 @@ def encrypt_and_decrypt_with_keyring(): encryption_context=encryption_context, ) - # 10. Demonstrate that the decrypted plaintext is identical to the original plaintext. + # 9. Demonstrate that the decrypted plaintext is identical to the original plaintext. # (This is an example for demonstration; you do not need to do this in your own code.) assert plaintext_bytes == EXAMPLE_DATA, \ "Decrypted plaintext should be identical to the original plaintext. Invalid decryption" From 0ca1c28ef9f60b410e44a34f36e16e196a2d898b Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 12 Aug 2024 15:23:31 -0700 Subject: [PATCH 03/10] cleanup --- examples/src/aws_kms_discovery_keyring_example.py | 2 +- examples/src/aws_kms_discovery_multi_keyring_example.py | 2 +- examples/src/aws_kms_mrk_discovery_keyring_example.py | 2 +- examples/src/aws_kms_mrk_discovery_multi_keyring_example.py | 2 +- examples/src/aws_kms_mrk_multi_keyring_example.py | 4 ++-- examples/src/aws_kms_rsa_keyring_example.py | 2 +- .../src/default_cryptographic_materials_manager_example.py | 2 +- .../src/migration/migration_set_commitment_policy_example.py | 2 +- examples/src/raw_aes_keyring_example.py | 2 +- examples/src/raw_rsa_keyring_example.py | 2 +- examples/src/set_encryption_algorithm_suite_example.py | 2 +- 11 files changed, 12 insertions(+), 12 deletions(-) diff --git a/examples/src/aws_kms_discovery_keyring_example.py b/examples/src/aws_kms_discovery_keyring_example.py index eb0fabf6a..41aa06c78 100644 --- a/examples/src/aws_kms_discovery_keyring_example.py +++ b/examples/src/aws_kms_discovery_keyring_example.py @@ -153,7 +153,7 @@ def encrypt_and_decrypt_with_keyring( # successfully decrypted. The resulting data key is used to decrypt the # ciphertext's message. # If all calls to KMS fail, the decryption fails. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=discovery_keyring, # Verify that the encryption context in the result contains the diff --git a/examples/src/aws_kms_discovery_multi_keyring_example.py b/examples/src/aws_kms_discovery_multi_keyring_example.py index e13ff15f1..a4d65cce7 100644 --- a/examples/src/aws_kms_discovery_multi_keyring_example.py +++ b/examples/src/aws_kms_discovery_multi_keyring_example.py @@ -151,7 +151,7 @@ def encrypt_and_decrypt_with_keyring( # All of this is done serially, until a success occurs or all keyrings have # failed all (filtered) EDKs. # KMS Discovery Keyrings will attempt to decrypt Multi Region Keys (MRKs) and regular KMS Keys. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=discovery_multi_keyring, # Verify that the encryption context in the result contains the diff --git a/examples/src/aws_kms_mrk_discovery_keyring_example.py b/examples/src/aws_kms_mrk_discovery_keyring_example.py index 4c001fdd8..3b26a181e 100644 --- a/examples/src/aws_kms_mrk_discovery_keyring_example.py +++ b/examples/src/aws_kms_mrk_discovery_keyring_example.py @@ -163,7 +163,7 @@ def encrypt_and_decrypt_with_keyring( ) # 7. Decrypt your encrypted data using the discovery keyring. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=decrypt_discovery_keyring, # Verify that the encryption context in the result contains the diff --git a/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py b/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py index 0f6b2daf0..6a4cb33fc 100644 --- a/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py +++ b/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py @@ -172,7 +172,7 @@ def encrypt_and_decrypt_with_keyring( # All of this is done serially, until a success occurs or all keyrings have failed # all (filtered) EDKs. KMS MRK Discovery Keyrings will attempt to decrypt # Multi Region Keys (MRKs) and regular KMS Keys. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=decrypt_discovery_keyring, # Verify that the encryption context in the result contains the diff --git a/examples/src/aws_kms_mrk_multi_keyring_example.py b/examples/src/aws_kms_mrk_multi_keyring_example.py index 67045e844..365870d27 100644 --- a/examples/src/aws_kms_mrk_multi_keyring_example.py +++ b/examples/src/aws_kms_mrk_multi_keyring_example.py @@ -124,7 +124,7 @@ def encrypt_and_decrypt_with_keyring( # 6. Decrypt your encrypted data using the same AwsKmsMrkMultiKeyring you used on encrypt. # It will decrypt the data using the generator key (in this case, the MRK), since that is # the first available KMS key on the keyring that is capable of decrypting the data. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=kms_mrk_multi_keyring, # Verify that the encryption context in the result contains the @@ -156,7 +156,7 @@ def encrypt_and_decrypt_with_keyring( ) # 9. Decrypt your encrypted data using the second region AwsKmsMrkKeyring - plaintext_bytes_second_region, dec_header_second_region = client.decrypt( + plaintext_bytes_second_region, _ = client.decrypt( source=ciphertext, keyring=second_region_mrk_keyring, # Verify that the encryption context in the result contains the diff --git a/examples/src/aws_kms_rsa_keyring_example.py b/examples/src/aws_kms_rsa_keyring_example.py index 0adb7719e..29ad53053 100644 --- a/examples/src/aws_kms_rsa_keyring_example.py +++ b/examples/src/aws_kms_rsa_keyring_example.py @@ -103,7 +103,7 @@ def encrypt_and_decrypt_with_keyring( "Ciphertext and plaintext data are the same. Invalid encryption" # 7. Decrypt your encrypted data using the same keyring you used on encrypt. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=kms_rsa_keyring, # Verify that the encryption context in the result contains the diff --git a/examples/src/default_cryptographic_materials_manager_example.py b/examples/src/default_cryptographic_materials_manager_example.py index d7e9700ec..a87c8a57d 100644 --- a/examples/src/default_cryptographic_materials_manager_example.py +++ b/examples/src/default_cryptographic_materials_manager_example.py @@ -109,7 +109,7 @@ def encrypt_and_decrypt_with_default_cmm( "Ciphertext and plaintext data are the same. Invalid encryption" # 7. Decrypt your encrypted data using the same cmm you used on encrypt. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, materials_manager=cmm, # Verify that the encryption context in the result contains the diff --git a/examples/src/migration/migration_set_commitment_policy_example.py b/examples/src/migration/migration_set_commitment_policy_example.py index 936def9c8..a40820eec 100644 --- a/examples/src/migration/migration_set_commitment_policy_example.py +++ b/examples/src/migration/migration_set_commitment_policy_example.py @@ -105,7 +105,7 @@ def encrypt_and_decrypt_with_keyring( "Ciphertext and plaintext data are the same. Invalid encryption" # 7. Decrypt your encrypted data using the same keyring you used on encrypt. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=kms_keyring, # Verify that the encryption context in the result contains the diff --git a/examples/src/raw_aes_keyring_example.py b/examples/src/raw_aes_keyring_example.py index a5020e8bd..03a1d32d2 100644 --- a/examples/src/raw_aes_keyring_example.py +++ b/examples/src/raw_aes_keyring_example.py @@ -107,7 +107,7 @@ def encrypt_and_decrypt_with_keyring(): "Ciphertext and plaintext data are the same. Invalid encryption" # 8. Decrypt your encrypted data using the same keyring you used on encrypt. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=raw_aes_keyring, # Verify that the encryption context in the result contains the diff --git a/examples/src/raw_rsa_keyring_example.py b/examples/src/raw_rsa_keyring_example.py index 02ae58e8f..34110088a 100644 --- a/examples/src/raw_rsa_keyring_example.py +++ b/examples/src/raw_rsa_keyring_example.py @@ -205,7 +205,7 @@ def encrypt_and_decrypt_with_keyring(public_key_file_name=None, private_key_file "Ciphertext and plaintext data are the same. Invalid encryption" # 6. Decrypt your encrypted data using the same keyring you used on encrypt. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=raw_rsa_keyring, # Verify that the encryption context in the result contains the diff --git a/examples/src/set_encryption_algorithm_suite_example.py b/examples/src/set_encryption_algorithm_suite_example.py index 61c2bd824..480dbb2df 100644 --- a/examples/src/set_encryption_algorithm_suite_example.py +++ b/examples/src/set_encryption_algorithm_suite_example.py @@ -128,7 +128,7 @@ def encrypt_and_decrypt_with_keyring(): "Ciphertext and plaintext data are the same. Invalid encryption" # 8. Decrypt your encrypted data using the same keyring you used on encrypt. - plaintext_bytes, dec_header = client.decrypt( + plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=raw_aes_keyring, # Verify that the encryption context in the result contains the From d489af9f642d98d813a30c471ff89e28f31fd2a2 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 12 Aug 2024 15:24:49 -0700 Subject: [PATCH 04/10] cleanup --- examples/src/aws_kms_discovery_keyring_example.py | 4 ++-- examples/src/aws_kms_discovery_multi_keyring_example.py | 2 +- examples/src/aws_kms_keyring_example.py | 2 +- examples/src/aws_kms_mrk_discovery_keyring_example.py | 2 +- .../src/aws_kms_mrk_discovery_multi_keyring_example.py | 2 +- examples/src/aws_kms_mrk_keyring_example.py | 2 +- examples/src/aws_kms_mrk_multi_keyring_example.py | 4 ++-- examples/src/aws_kms_multi_keyring_example.py | 6 +++--- examples/src/aws_kms_rsa_keyring_example.py | 2 +- .../default_cryptographic_materials_manager_example.py | 2 +- examples/src/hierarchical_keyring_example.py | 8 ++++---- .../migration/migration_set_commitment_policy_example.py | 2 +- examples/src/multi_keyring_example.py | 6 +++--- examples/src/raw_aes_keyring_example.py | 2 +- examples/src/raw_rsa_keyring_example.py | 2 +- examples/src/set_encryption_algorithm_suite_example.py | 2 +- 16 files changed, 25 insertions(+), 25 deletions(-) diff --git a/examples/src/aws_kms_discovery_keyring_example.py b/examples/src/aws_kms_discovery_keyring_example.py index 41aa06c78..fcbf0ca91 100644 --- a/examples/src/aws_kms_discovery_keyring_example.py +++ b/examples/src/aws_kms_discovery_keyring_example.py @@ -157,7 +157,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=discovery_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) @@ -191,7 +191,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=discovery_keyring_bob, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_discovery_multi_keyring_example.py b/examples/src/aws_kms_discovery_multi_keyring_example.py index a4d65cce7..6cd1d02dd 100644 --- a/examples/src/aws_kms_discovery_multi_keyring_example.py +++ b/examples/src/aws_kms_discovery_multi_keyring_example.py @@ -155,7 +155,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=discovery_multi_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_keyring_example.py b/examples/src/aws_kms_keyring_example.py index 870cbbe9d..c112aa26d 100644 --- a/examples/src/aws_kms_keyring_example.py +++ b/examples/src/aws_kms_keyring_example.py @@ -101,7 +101,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=kms_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_mrk_discovery_keyring_example.py b/examples/src/aws_kms_mrk_discovery_keyring_example.py index 3b26a181e..c5f223043 100644 --- a/examples/src/aws_kms_mrk_discovery_keyring_example.py +++ b/examples/src/aws_kms_mrk_discovery_keyring_example.py @@ -167,7 +167,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=decrypt_discovery_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py b/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py index 6a4cb33fc..46f8b6b06 100644 --- a/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py +++ b/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py @@ -176,7 +176,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=decrypt_discovery_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_mrk_keyring_example.py b/examples/src/aws_kms_mrk_keyring_example.py index a21e0c3db..5d4490672 100644 --- a/examples/src/aws_kms_mrk_keyring_example.py +++ b/examples/src/aws_kms_mrk_keyring_example.py @@ -136,7 +136,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=decrypt_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_mrk_multi_keyring_example.py b/examples/src/aws_kms_mrk_multi_keyring_example.py index 365870d27..a4d4d649b 100644 --- a/examples/src/aws_kms_mrk_multi_keyring_example.py +++ b/examples/src/aws_kms_mrk_multi_keyring_example.py @@ -128,7 +128,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=kms_mrk_multi_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) @@ -160,7 +160,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=second_region_mrk_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_multi_keyring_example.py b/examples/src/aws_kms_multi_keyring_example.py index 26fa836bc..79246abcb 100644 --- a/examples/src/aws_kms_multi_keyring_example.py +++ b/examples/src/aws_kms_multi_keyring_example.py @@ -135,7 +135,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=kms_multi_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) @@ -169,7 +169,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=default_region_kms_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) @@ -200,7 +200,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=second_region_kms_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_rsa_keyring_example.py b/examples/src/aws_kms_rsa_keyring_example.py index 29ad53053..251a791b6 100644 --- a/examples/src/aws_kms_rsa_keyring_example.py +++ b/examples/src/aws_kms_rsa_keyring_example.py @@ -107,7 +107,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=kms_rsa_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/default_cryptographic_materials_manager_example.py b/examples/src/default_cryptographic_materials_manager_example.py index a87c8a57d..e4788068d 100644 --- a/examples/src/default_cryptographic_materials_manager_example.py +++ b/examples/src/default_cryptographic_materials_manager_example.py @@ -113,7 +113,7 @@ def encrypt_and_decrypt_with_default_cmm( source=ciphertext, materials_manager=cmm, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/hierarchical_keyring_example.py b/examples/src/hierarchical_keyring_example.py index 53e042876..a11605a3b 100644 --- a/examples/src/hierarchical_keyring_example.py +++ b/examples/src/hierarchical_keyring_example.py @@ -202,7 +202,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext_a, keyring=hierarchical_keyring_b, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context_a, ) except AWSEncryptionSDKClientError: @@ -215,7 +215,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext_b, keyring=hierarchical_keyring_a, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context_b, ) except AWSEncryptionSDKClientError: @@ -227,7 +227,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext_a, keyring=hierarchical_keyring_a, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context_a, ) assert plaintext_bytes_a == EXAMPLE_DATA, \ @@ -237,7 +237,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext_b, keyring=hierarchical_keyring_b, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context_b, ) assert plaintext_bytes_b == EXAMPLE_DATA, \ diff --git a/examples/src/migration/migration_set_commitment_policy_example.py b/examples/src/migration/migration_set_commitment_policy_example.py index a40820eec..58ea005df 100644 --- a/examples/src/migration/migration_set_commitment_policy_example.py +++ b/examples/src/migration/migration_set_commitment_policy_example.py @@ -109,7 +109,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=kms_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/multi_keyring_example.py b/examples/src/multi_keyring_example.py index b00f0265a..58ed55d13 100644 --- a/examples/src/multi_keyring_example.py +++ b/examples/src/multi_keyring_example.py @@ -166,7 +166,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=multi_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) @@ -187,7 +187,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=kms_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) @@ -205,7 +205,7 @@ def encrypt_and_decrypt_with_keyring( source=ciphertext, keyring=raw_aes_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/raw_aes_keyring_example.py b/examples/src/raw_aes_keyring_example.py index 03a1d32d2..da3e2ba81 100644 --- a/examples/src/raw_aes_keyring_example.py +++ b/examples/src/raw_aes_keyring_example.py @@ -111,7 +111,7 @@ def encrypt_and_decrypt_with_keyring(): source=ciphertext, keyring=raw_aes_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/raw_rsa_keyring_example.py b/examples/src/raw_rsa_keyring_example.py index 34110088a..f4c615a29 100644 --- a/examples/src/raw_rsa_keyring_example.py +++ b/examples/src/raw_rsa_keyring_example.py @@ -209,7 +209,7 @@ def encrypt_and_decrypt_with_keyring(public_key_file_name=None, private_key_file source=ciphertext, keyring=raw_rsa_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/set_encryption_algorithm_suite_example.py b/examples/src/set_encryption_algorithm_suite_example.py index 480dbb2df..2a90b13e7 100644 --- a/examples/src/set_encryption_algorithm_suite_example.py +++ b/examples/src/set_encryption_algorithm_suite_example.py @@ -132,7 +132,7 @@ def encrypt_and_decrypt_with_keyring(): source=ciphertext, keyring=raw_aes_keyring, # Verify that the encryption context in the result contains the - # encryption context supplied to the encryptData method + # encryption context supplied to the encrypt method encryption_context=encryption_context, ) From 9b06e3f82ad55e554a794fc3d7cfba2b5994984d Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 12 Aug 2024 15:27:37 -0700 Subject: [PATCH 05/10] cleanup --- examples/src/multithreading/__init__.py | 5 ++++- examples/src/raw_rsa_keyring_example.py | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/examples/src/multithreading/__init__.py b/examples/src/multithreading/__init__.py index 32210a0ab..9902f9c7b 100644 --- a/examples/src/multithreading/__init__.py +++ b/examples/src/multithreading/__init__.py @@ -42,7 +42,10 @@ def encrypt_and_decrypt_with_keyring( decrypted_plaintext_data, _ = client.decrypt( source=ciphertext_data, - keyring=keyring + keyring=keyring, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encrypt method + encryption_context=encryption_context, ) return decrypted_plaintext_data diff --git a/examples/src/raw_rsa_keyring_example.py b/examples/src/raw_rsa_keyring_example.py index f4c615a29..7834870ce 100644 --- a/examples/src/raw_rsa_keyring_example.py +++ b/examples/src/raw_rsa_keyring_example.py @@ -233,7 +233,10 @@ def encrypt_and_decrypt_with_keyring(public_key_file_name=None, private_key_file try: plaintext_bytes_bob, _ = client.decrypt( # pylint: disable=unused-variable source=ciphertext, - keyring=raw_rsa_keyring_bob + keyring=raw_rsa_keyring_bob, + # Verify that the encryption context in the result contains the + # encryption context supplied to the encrypt method + encryption_context=encryption_context, ) raise AssertionError("client.decrypt should throw an error of type AWSEncryptionSDKClientError!") From 0dcf93bb9c0449d532220593e68ec2b619a99fa3 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Fri, 16 Aug 2024 14:46:43 -0700 Subject: [PATCH 06/10] cleanup --- .../src/aws_kms_discovery_keyring_example.py | 3 +- ...aws_kms_discovery_multi_keyring_example.py | 3 +- examples/src/aws_kms_keyring_example.py | 3 +- .../aws_kms_mrk_discovery_keyring_example.py | 3 +- ...kms_mrk_discovery_multi_keyring_example.py | 3 +- examples/src/aws_kms_mrk_keyring_example.py | 3 +- .../src/aws_kms_mrk_multi_keyring_example.py | 6 ++-- examples/src/aws_kms_multi_keyring_example.py | 9 ++---- examples/src/aws_kms_rsa_keyring_example.py | 3 +- ...cryptographic_materials_manager_example.py | 3 +- examples/src/hierarchical_keyring_example.py | 6 ++-- .../migration_aws_kms_key_example.py | 32 +++++++++++++++---- .../migration_raw_aes_key_example.py | 32 +++++++++++++++---- .../migration_raw_rsa_key_example.py | 32 +++++++++++++++---- ...migration_set_commitment_policy_example.py | 3 +- examples/src/multi_keyring_example.py | 9 ++---- examples/src/multithreading/__init__.py | 3 +- examples/src/raw_aes_keyring_example.py | 3 +- examples/src/raw_rsa_keyring_example.py | 3 +- .../set_encryption_algorithm_suite_example.py | 3 +- 20 files changed, 101 insertions(+), 64 deletions(-) diff --git a/examples/src/aws_kms_discovery_keyring_example.py b/examples/src/aws_kms_discovery_keyring_example.py index fcbf0ca91..cef894360 100644 --- a/examples/src/aws_kms_discovery_keyring_example.py +++ b/examples/src/aws_kms_discovery_keyring_example.py @@ -156,8 +156,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=discovery_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_discovery_multi_keyring_example.py b/examples/src/aws_kms_discovery_multi_keyring_example.py index 6cd1d02dd..82454cc34 100644 --- a/examples/src/aws_kms_discovery_multi_keyring_example.py +++ b/examples/src/aws_kms_discovery_multi_keyring_example.py @@ -154,8 +154,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=discovery_multi_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_keyring_example.py b/examples/src/aws_kms_keyring_example.py index c112aa26d..5b07e5210 100644 --- a/examples/src/aws_kms_keyring_example.py +++ b/examples/src/aws_kms_keyring_example.py @@ -100,8 +100,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=kms_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_mrk_discovery_keyring_example.py b/examples/src/aws_kms_mrk_discovery_keyring_example.py index c5f223043..fecc332f9 100644 --- a/examples/src/aws_kms_mrk_discovery_keyring_example.py +++ b/examples/src/aws_kms_mrk_discovery_keyring_example.py @@ -166,8 +166,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=decrypt_discovery_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py b/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py index 46f8b6b06..ef02caa61 100644 --- a/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py +++ b/examples/src/aws_kms_mrk_discovery_multi_keyring_example.py @@ -175,8 +175,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=decrypt_discovery_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_mrk_keyring_example.py b/examples/src/aws_kms_mrk_keyring_example.py index 5d4490672..ee7f570f0 100644 --- a/examples/src/aws_kms_mrk_keyring_example.py +++ b/examples/src/aws_kms_mrk_keyring_example.py @@ -135,8 +135,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=decrypt_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_mrk_multi_keyring_example.py b/examples/src/aws_kms_mrk_multi_keyring_example.py index a4d4d649b..71ee0f00b 100644 --- a/examples/src/aws_kms_mrk_multi_keyring_example.py +++ b/examples/src/aws_kms_mrk_multi_keyring_example.py @@ -127,8 +127,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=kms_mrk_multi_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) @@ -159,8 +158,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes_second_region, _ = client.decrypt( source=ciphertext, keyring=second_region_mrk_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_multi_keyring_example.py b/examples/src/aws_kms_multi_keyring_example.py index 79246abcb..4e74eafc8 100644 --- a/examples/src/aws_kms_multi_keyring_example.py +++ b/examples/src/aws_kms_multi_keyring_example.py @@ -134,8 +134,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes_multi_keyring, _ = client.decrypt( source=ciphertext, keyring=kms_multi_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) @@ -168,8 +167,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes_default_region_kms_keyring, _ = client.decrypt( source=ciphertext, keyring=default_region_kms_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) @@ -199,8 +197,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes_second_region_kms_keyring, _ = client.decrypt( source=ciphertext, keyring=second_region_kms_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/aws_kms_rsa_keyring_example.py b/examples/src/aws_kms_rsa_keyring_example.py index 251a791b6..81c613c99 100644 --- a/examples/src/aws_kms_rsa_keyring_example.py +++ b/examples/src/aws_kms_rsa_keyring_example.py @@ -106,8 +106,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=kms_rsa_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/default_cryptographic_materials_manager_example.py b/examples/src/default_cryptographic_materials_manager_example.py index e4788068d..f6312e208 100644 --- a/examples/src/default_cryptographic_materials_manager_example.py +++ b/examples/src/default_cryptographic_materials_manager_example.py @@ -112,8 +112,7 @@ def encrypt_and_decrypt_with_default_cmm( plaintext_bytes, _ = client.decrypt( source=ciphertext, materials_manager=cmm, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/hierarchical_keyring_example.py b/examples/src/hierarchical_keyring_example.py index a11605a3b..92efa2865 100644 --- a/examples/src/hierarchical_keyring_example.py +++ b/examples/src/hierarchical_keyring_example.py @@ -226,8 +226,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes_a, _ = client.decrypt( source=ciphertext_a, keyring=hierarchical_keyring_a, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context_a, ) assert plaintext_bytes_a == EXAMPLE_DATA, \ @@ -236,8 +235,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes_b, _ = client.decrypt( source=ciphertext_b, keyring=hierarchical_keyring_b, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context_b, ) assert plaintext_bytes_b == EXAMPLE_DATA, \ diff --git a/examples/src/migration/migration_aws_kms_key_example.py b/examples/src/migration/migration_aws_kms_key_example.py index 28b8193e3..464e52689 100644 --- a/examples/src/migration/migration_aws_kms_key_example.py +++ b/examples/src/migration/migration_aws_kms_key_example.py @@ -115,14 +115,14 @@ def migration_aws_kms_key( aws_kms_master_key_provider = create_key_provider(kms_key_id=kms_key_id) # 2a. Encrypt EXAMPLE_DATA using AWS KMS Keyring - ciphertext_keyring, _ = client.encrypt( + ciphertext_keyring, enc_header_keyring = client.encrypt( source=EXAMPLE_DATA, keyring=aws_kms_keyring, encryption_context=DEFAULT_ENCRYPTION_CONTEXT ) # 2b. Encrypt EXAMPLE_DATA using AWS KMS Master Key Provider - ciphertext_mkp, _ = client.encrypt( + ciphertext_mkp, enc_header_mkp = client.encrypt( source=EXAMPLE_DATA, key_provider=aws_kms_master_key_provider, encryption_context=DEFAULT_ENCRYPTION_CONTEXT @@ -137,14 +137,24 @@ def migration_aws_kms_key( # resulting plaintext is the same and also equal to EXAMPLE_DATA decrypted_ciphertext_keyring_using_keyring, _ = client.decrypt( source=ciphertext_keyring, - keyring=aws_kms_keyring + keyring=aws_kms_keyring, + # Provide the encryption context that was supplied to the encrypt method + encryption_context=DEFAULT_ENCRYPTION_CONTEXT, ) - decrypted_ciphertext_keyring_using_mkp, _ = client.decrypt( + decrypted_ciphertext_keyring_using_mkp, decrypted_header_keyring_using_mkp = client.decrypt( source=ciphertext_keyring, key_provider=aws_kms_master_key_provider ) + # Legacy MasterKeyProviders do not support providing encryption context on decrypt. + # If decrypting with a legacy MasterKeyProvider, you should manually verify + # that the encryption context used in the decrypt operation + # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) + assert all( + pair in decrypted_header_keyring_using_mkp.encryption_context.items() for pair in enc_header_keyring.encryption_context.items() + ) + assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ and decrypted_ciphertext_keyring_using_keyring == EXAMPLE_DATA, \ "Decrypted outputs using keyring and master key provider are not the same" @@ -153,14 +163,24 @@ def migration_aws_kms_key( # resulting plaintext is the same and also equal to EXAMPLE_DATA decrypted_ciphertext_mkp_using_keyring, _ = client.decrypt( source=ciphertext_mkp, - keyring=aws_kms_keyring + keyring=aws_kms_keyring, + # Provide the encryption context that was supplied to the encrypt method + encryption_context=DEFAULT_ENCRYPTION_CONTEXT, ) - decrypted_ciphertext_mkp_using_mkp, _ = client.decrypt( + decrypted_ciphertext_mkp_using_mkp, decrypted_header_mkp_using_mkp = client.decrypt( source=ciphertext_mkp, key_provider=aws_kms_master_key_provider ) + # Legacy MasterKeyProviders do not support providing encryption context on decrypt. + # If decrypting with a legacy MasterKeyProvider, you should manually verify + # that the encryption context used in the decrypt operation + # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) + assert all( + pair in decrypted_header_mkp_using_mkp.encryption_context.items() for pair in enc_header_mkp.encryption_context.items() + ) + assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \ and decrypted_ciphertext_mkp_using_keyring == EXAMPLE_DATA, \ "Decrypted outputs using keyring and master key provider are not the same" diff --git a/examples/src/migration/migration_raw_aes_key_example.py b/examples/src/migration/migration_raw_aes_key_example.py index 772f83cf5..1b7c649eb 100644 --- a/examples/src/migration/migration_raw_aes_key_example.py +++ b/examples/src/migration/migration_raw_aes_key_example.py @@ -156,14 +156,14 @@ def migration_raw_aes_key(): raw_aes_master_key_provider = create_key_provider() # 2a. Encrypt EXAMPLE_DATA using Raw AES Keyring - ciphertext_keyring, _ = client.encrypt( + ciphertext_keyring, enc_header_keyring = client.encrypt( source=EXAMPLE_DATA, keyring=raw_aes_keyring, encryption_context=DEFAULT_ENCRYPTION_CONTEXT ) # 2b. Encrypt EXAMPLE_DATA using Raw AES Master Key Provider - ciphertext_mkp, _ = client.encrypt( + ciphertext_mkp, enc_header_mkp = client.encrypt( source=EXAMPLE_DATA, key_provider=raw_aes_master_key_provider, encryption_context=DEFAULT_ENCRYPTION_CONTEXT @@ -178,14 +178,24 @@ def migration_raw_aes_key(): # resulting plaintext is the same and also equal to EXAMPLE_DATA decrypted_ciphertext_keyring_using_keyring, _ = client.decrypt( source=ciphertext_keyring, - keyring=raw_aes_keyring + keyring=raw_aes_keyring, + # Provide the encryption context that was supplied to the encrypt method + encryption_context=DEFAULT_ENCRYPTION_CONTEXT, ) - decrypted_ciphertext_keyring_using_mkp, _ = client.decrypt( + decrypted_ciphertext_keyring_using_mkp, decrypted_header_keyring_using_mkp = client.decrypt( source=ciphertext_keyring, key_provider=raw_aes_master_key_provider ) + # Legacy MasterKeyProviders do not support providing encryption context on decrypt. + # If decrypting with a legacy MasterKeyProvider, you should manually verify + # that the encryption context used in the decrypt operation + # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) + assert all( + pair in decrypted_header_keyring_using_mkp.encryption_context.items() for pair in enc_header_keyring.encryption_context.items() + ) + assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ and decrypted_ciphertext_keyring_using_keyring == EXAMPLE_DATA, \ "Decrypted outputs using keyring and master key provider are not the same" @@ -194,14 +204,24 @@ def migration_raw_aes_key(): # resulting plaintext is the same and also equal to EXAMPLE_DATA decrypted_ciphertext_mkp_using_keyring, _ = client.decrypt( source=ciphertext_mkp, - keyring=raw_aes_keyring + keyring=raw_aes_keyring, + # Provide the encryption context that was supplied to the encrypt method + encryption_context=DEFAULT_ENCRYPTION_CONTEXT, ) - decrypted_ciphertext_mkp_using_mkp, _ = client.decrypt( + decrypted_ciphertext_mkp_using_mkp, decrypted_header_mkp_using_mkp = client.decrypt( source=ciphertext_mkp, key_provider=raw_aes_master_key_provider ) + # Legacy MasterKeyProviders do not support providing encryption context on decrypt. + # If decrypting with a legacy MasterKeyProvider, you should manually verify + # that the encryption context used in the decrypt operation + # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) + assert all( + pair in decrypted_header_mkp_using_mkp.encryption_context.items() for pair in enc_header_mkp.encryption_context.items() + ) + assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \ and decrypted_ciphertext_mkp_using_keyring == EXAMPLE_DATA, \ "Decrypted outputs using keyring and master key provider are not the same" diff --git a/examples/src/migration/migration_raw_rsa_key_example.py b/examples/src/migration/migration_raw_rsa_key_example.py index 7c6020a53..6b957b75e 100644 --- a/examples/src/migration/migration_raw_rsa_key_example.py +++ b/examples/src/migration/migration_raw_rsa_key_example.py @@ -208,14 +208,14 @@ def migration_raw_rsa_key( raw_rsa_master_key_provider = create_key_provider() # 2a. Encrypt EXAMPLE_DATA using Raw RSA Keyring - ciphertext_keyring, _ = client.encrypt( + ciphertext_keyring, enc_header_keyring = client.encrypt( source=EXAMPLE_DATA, keyring=raw_rsa_keyring, encryption_context=DEFAULT_ENCRYPTION_CONTEXT ) # 2b. Encrypt EXAMPLE_DATA using Raw RSA Master Key Provider - ciphertext_mkp, _ = client.encrypt( + ciphertext_mkp, enc_header_mkp = client.encrypt( source=EXAMPLE_DATA, key_provider=raw_rsa_master_key_provider, encryption_context=DEFAULT_ENCRYPTION_CONTEXT @@ -230,14 +230,24 @@ def migration_raw_rsa_key( # resulting plaintext is the same and also equal to EXAMPLE_DATA decrypted_ciphertext_keyring_using_keyring, _ = client.decrypt( source=ciphertext_keyring, - keyring=raw_rsa_keyring + keyring=raw_rsa_keyring, + # Provide the encryption context that was supplied to the encrypt method + encryption_context=DEFAULT_ENCRYPTION_CONTEXT, ) - decrypted_ciphertext_keyring_using_mkp, _ = client.decrypt( + decrypted_ciphertext_keyring_using_mkp, decrypted_header_keyring_using_mkp = client.decrypt( source=ciphertext_keyring, key_provider=raw_rsa_master_key_provider ) + # Legacy MasterKeyProviders do not support providing encryption context on decrypt. + # If decrypting with a legacy MasterKeyProvider, you should manually verify + # that the encryption context used in the decrypt operation + # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) + assert all( + pair in decrypted_header_keyring_using_mkp.encryption_context.items() for pair in enc_header_keyring.encryption_context.items() + ) + assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ and decrypted_ciphertext_keyring_using_keyring == EXAMPLE_DATA, \ "Decrypted outputs using keyring and master key provider are not the same" @@ -246,14 +256,24 @@ def migration_raw_rsa_key( # resulting plaintext is the same and also equal to EXAMPLE_DATA decrypted_ciphertext_mkp_using_keyring, _ = client.decrypt( source=ciphertext_mkp, - keyring=raw_rsa_keyring + keyring=raw_rsa_keyring, + # Provide the encryption context that was supplied to the encrypt method + encryption_context=DEFAULT_ENCRYPTION_CONTEXT, ) - decrypted_ciphertext_mkp_using_mkp, _ = client.decrypt( + decrypted_ciphertext_mkp_using_mkp, decrypted_header_mkp_using_mkp = client.decrypt( source=ciphertext_mkp, key_provider=raw_rsa_master_key_provider ) + # Legacy MasterKeyProviders do not support providing encryption context on decrypt. + # If decrypting with a legacy MasterKeyProvider, you should manually verify + # that the encryption context used in the decrypt operation + # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) + assert all( + pair in decrypted_header_mkp_using_mkp.encryption_context.items() for pair in enc_header_mkp.encryption_context.items() + ) + assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \ and decrypted_ciphertext_mkp_using_keyring == EXAMPLE_DATA, \ "Decrypted outputs using keyring and master key provider are not the same" diff --git a/examples/src/migration/migration_set_commitment_policy_example.py b/examples/src/migration/migration_set_commitment_policy_example.py index 58ea005df..5598e9575 100644 --- a/examples/src/migration/migration_set_commitment_policy_example.py +++ b/examples/src/migration/migration_set_commitment_policy_example.py @@ -108,8 +108,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=kms_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/multi_keyring_example.py b/examples/src/multi_keyring_example.py index 58ed55d13..f55b2aeca 100644 --- a/examples/src/multi_keyring_example.py +++ b/examples/src/multi_keyring_example.py @@ -165,8 +165,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes_multi_keyring, _ = client.decrypt( source=ciphertext, keyring=multi_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) @@ -186,8 +185,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes_kms_keyring, _ = client.decrypt( source=ciphertext, keyring=kms_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) @@ -204,8 +202,7 @@ def encrypt_and_decrypt_with_keyring( plaintext_bytes_raw_aes_keyring, _ = client.decrypt( source=ciphertext, keyring=raw_aes_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/multithreading/__init__.py b/examples/src/multithreading/__init__.py index 9902f9c7b..4fdad58fd 100644 --- a/examples/src/multithreading/__init__.py +++ b/examples/src/multithreading/__init__.py @@ -43,8 +43,7 @@ def encrypt_and_decrypt_with_keyring( decrypted_plaintext_data, _ = client.decrypt( source=ciphertext_data, keyring=keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/raw_aes_keyring_example.py b/examples/src/raw_aes_keyring_example.py index da3e2ba81..8d6dd9513 100644 --- a/examples/src/raw_aes_keyring_example.py +++ b/examples/src/raw_aes_keyring_example.py @@ -110,8 +110,7 @@ def encrypt_and_decrypt_with_keyring(): plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=raw_aes_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/raw_rsa_keyring_example.py b/examples/src/raw_rsa_keyring_example.py index 7834870ce..3a47dfe8e 100644 --- a/examples/src/raw_rsa_keyring_example.py +++ b/examples/src/raw_rsa_keyring_example.py @@ -208,8 +208,7 @@ def encrypt_and_decrypt_with_keyring(public_key_file_name=None, private_key_file plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=raw_rsa_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) diff --git a/examples/src/set_encryption_algorithm_suite_example.py b/examples/src/set_encryption_algorithm_suite_example.py index 2a90b13e7..bbe5be58a 100644 --- a/examples/src/set_encryption_algorithm_suite_example.py +++ b/examples/src/set_encryption_algorithm_suite_example.py @@ -131,8 +131,7 @@ def encrypt_and_decrypt_with_keyring(): plaintext_bytes, _ = client.decrypt( source=ciphertext, keyring=raw_aes_keyring, - # Verify that the encryption context in the result contains the - # encryption context supplied to the encrypt method + # Provide the encryption context that was supplied to the encrypt method encryption_context=encryption_context, ) From 677d6b3aebcbe72e39c96d4962d454224e42610a Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Fri, 16 Aug 2024 14:48:51 -0700 Subject: [PATCH 07/10] cleanup --- examples/src/migration/migration_aws_kms_key_example.py | 6 ++++-- examples/src/migration/migration_raw_aes_key_example.py | 6 ++++-- examples/src/migration/migration_raw_rsa_key_example.py | 6 ++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/examples/src/migration/migration_aws_kms_key_example.py b/examples/src/migration/migration_aws_kms_key_example.py index 464e52689..167f01ef5 100644 --- a/examples/src/migration/migration_aws_kms_key_example.py +++ b/examples/src/migration/migration_aws_kms_key_example.py @@ -152,7 +152,8 @@ def migration_aws_kms_key( # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_keyring_using_mkp.encryption_context.items() for pair in enc_header_keyring.encryption_context.items() + pair in decrypted_header_keyring_using_mkp.encryption_context.items() \ + for pair in enc_header_keyring.encryption_context.items() ) assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ @@ -178,7 +179,8 @@ def migration_aws_kms_key( # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_mkp_using_mkp.encryption_context.items() for pair in enc_header_mkp.encryption_context.items() + pair in decrypted_header_mkp_using_mkp.encryption_context.items() \ + for pair in enc_header_mkp.encryption_context.items() ) assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \ diff --git a/examples/src/migration/migration_raw_aes_key_example.py b/examples/src/migration/migration_raw_aes_key_example.py index 1b7c649eb..8a519e18a 100644 --- a/examples/src/migration/migration_raw_aes_key_example.py +++ b/examples/src/migration/migration_raw_aes_key_example.py @@ -193,7 +193,8 @@ def migration_raw_aes_key(): # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_keyring_using_mkp.encryption_context.items() for pair in enc_header_keyring.encryption_context.items() + pair in decrypted_header_keyring_using_mkp.encryption_context.items() \ + for pair in enc_header_keyring.encryption_context.items() ) assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ @@ -219,7 +220,8 @@ def migration_raw_aes_key(): # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_mkp_using_mkp.encryption_context.items() for pair in enc_header_mkp.encryption_context.items() + pair in decrypted_header_mkp_using_mkp.encryption_context.items() \ + for pair in enc_header_mkp.encryption_context.items() ) assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \ diff --git a/examples/src/migration/migration_raw_rsa_key_example.py b/examples/src/migration/migration_raw_rsa_key_example.py index 6b957b75e..829636570 100644 --- a/examples/src/migration/migration_raw_rsa_key_example.py +++ b/examples/src/migration/migration_raw_rsa_key_example.py @@ -245,7 +245,8 @@ def migration_raw_rsa_key( # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_keyring_using_mkp.encryption_context.items() for pair in enc_header_keyring.encryption_context.items() + pair in decrypted_header_keyring_using_mkp.encryption_context.items() \ + for pair in enc_header_keyring.encryption_context.items() ) assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ @@ -271,7 +272,8 @@ def migration_raw_rsa_key( # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_mkp_using_mkp.encryption_context.items() for pair in enc_header_mkp.encryption_context.items() + pair in decrypted_header_mkp_using_mkp.encryption_context.items() \ + for pair in enc_header_mkp.encryption_context.items() ) assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \ From 0286742ec60a3380504a2537033d5c15dc8bc7ec Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Fri, 16 Aug 2024 14:50:57 -0700 Subject: [PATCH 08/10] cleanup --- examples/src/migration/migration_aws_kms_key_example.py | 8 ++++---- examples/src/migration/migration_raw_aes_key_example.py | 6 +++--- examples/src/migration/migration_raw_rsa_key_example.py | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/examples/src/migration/migration_aws_kms_key_example.py b/examples/src/migration/migration_aws_kms_key_example.py index 167f01ef5..f4ced963e 100644 --- a/examples/src/migration/migration_aws_kms_key_example.py +++ b/examples/src/migration/migration_aws_kms_key_example.py @@ -152,8 +152,8 @@ def migration_aws_kms_key( # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_keyring_using_mkp.encryption_context.items() \ - for pair in enc_header_keyring.encryption_context.items() + pair in decrypted_header_keyring_using_mkp.encryption_context.items() + for pair in enc_header_keyring.encryption_context.items() ) assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ @@ -179,8 +179,8 @@ def migration_aws_kms_key( # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_mkp_using_mkp.encryption_context.items() \ - for pair in enc_header_mkp.encryption_context.items() + pair in decrypted_header_mkp_using_mkp.encryption_context.items() + for pair in enc_header_mkp.encryption_context.items() ) assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \ diff --git a/examples/src/migration/migration_raw_aes_key_example.py b/examples/src/migration/migration_raw_aes_key_example.py index 8a519e18a..73bd3f526 100644 --- a/examples/src/migration/migration_raw_aes_key_example.py +++ b/examples/src/migration/migration_raw_aes_key_example.py @@ -193,7 +193,7 @@ def migration_raw_aes_key(): # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_keyring_using_mkp.encryption_context.items() \ + pair in decrypted_header_keyring_using_mkp.encryption_context.items() for pair in enc_header_keyring.encryption_context.items() ) @@ -220,8 +220,8 @@ def migration_raw_aes_key(): # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_mkp_using_mkp.encryption_context.items() \ - for pair in enc_header_mkp.encryption_context.items() + pair in decrypted_header_mkp_using_mkp.encryption_context.items() + for pair in enc_header_mkp.encryption_context.items() ) assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \ diff --git a/examples/src/migration/migration_raw_rsa_key_example.py b/examples/src/migration/migration_raw_rsa_key_example.py index 829636570..09e32e5f5 100644 --- a/examples/src/migration/migration_raw_rsa_key_example.py +++ b/examples/src/migration/migration_raw_rsa_key_example.py @@ -245,8 +245,8 @@ def migration_raw_rsa_key( # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_keyring_using_mkp.encryption_context.items() \ - for pair in enc_header_keyring.encryption_context.items() + pair in decrypted_header_keyring_using_mkp.encryption_context.items() + for pair in enc_header_keyring.encryption_context.items() ) assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ @@ -272,8 +272,8 @@ def migration_raw_rsa_key( # that the encryption context used in the decrypt operation # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( - pair in decrypted_header_mkp_using_mkp.encryption_context.items() \ - for pair in enc_header_mkp.encryption_context.items() + pair in decrypted_header_mkp_using_mkp.encryption_context.items() + for pair in enc_header_mkp.encryption_context.items() ) assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \ From 55ee26f82378ead2a0fa288835f792eb4bd19ee2 Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Fri, 16 Aug 2024 14:52:50 -0700 Subject: [PATCH 09/10] cleanup --- examples/src/migration/migration_raw_aes_key_example.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/src/migration/migration_raw_aes_key_example.py b/examples/src/migration/migration_raw_aes_key_example.py index 73bd3f526..21283ecb8 100644 --- a/examples/src/migration/migration_raw_aes_key_example.py +++ b/examples/src/migration/migration_raw_aes_key_example.py @@ -194,7 +194,7 @@ def migration_raw_aes_key(): # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( pair in decrypted_header_keyring_using_mkp.encryption_context.items() - for pair in enc_header_keyring.encryption_context.items() + for pair in enc_header_keyring.encryption_context.items() ) assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ From bc13ae4c94645ca8b4a97098180cbbe398cc9e5d Mon Sep 17 00:00:00 2001 From: Lucas McDonald Date: Mon, 19 Aug 2024 10:44:20 -0700 Subject: [PATCH 10/10] clean --- examples/src/migration/migration_aws_kms_key_example.py | 8 ++++---- examples/src/migration/migration_raw_aes_key_example.py | 8 ++++---- examples/src/migration/migration_raw_rsa_key_example.py | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/examples/src/migration/migration_aws_kms_key_example.py b/examples/src/migration/migration_aws_kms_key_example.py index f4ced963e..e0a577d20 100644 --- a/examples/src/migration/migration_aws_kms_key_example.py +++ b/examples/src/migration/migration_aws_kms_key_example.py @@ -115,14 +115,14 @@ def migration_aws_kms_key( aws_kms_master_key_provider = create_key_provider(kms_key_id=kms_key_id) # 2a. Encrypt EXAMPLE_DATA using AWS KMS Keyring - ciphertext_keyring, enc_header_keyring = client.encrypt( + ciphertext_keyring, encrypted_header_keyring = client.encrypt( source=EXAMPLE_DATA, keyring=aws_kms_keyring, encryption_context=DEFAULT_ENCRYPTION_CONTEXT ) # 2b. Encrypt EXAMPLE_DATA using AWS KMS Master Key Provider - ciphertext_mkp, enc_header_mkp = client.encrypt( + ciphertext_mkp, encrypted_header_mkp = client.encrypt( source=EXAMPLE_DATA, key_provider=aws_kms_master_key_provider, encryption_context=DEFAULT_ENCRYPTION_CONTEXT @@ -153,7 +153,7 @@ def migration_aws_kms_key( # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( pair in decrypted_header_keyring_using_mkp.encryption_context.items() - for pair in enc_header_keyring.encryption_context.items() + for pair in encrypted_header_keyring.encryption_context.items() ) assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ @@ -180,7 +180,7 @@ def migration_aws_kms_key( # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( pair in decrypted_header_mkp_using_mkp.encryption_context.items() - for pair in enc_header_mkp.encryption_context.items() + for pair in encrypted_header_mkp.encryption_context.items() ) assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \ diff --git a/examples/src/migration/migration_raw_aes_key_example.py b/examples/src/migration/migration_raw_aes_key_example.py index 21283ecb8..4bd15d1f9 100644 --- a/examples/src/migration/migration_raw_aes_key_example.py +++ b/examples/src/migration/migration_raw_aes_key_example.py @@ -156,14 +156,14 @@ def migration_raw_aes_key(): raw_aes_master_key_provider = create_key_provider() # 2a. Encrypt EXAMPLE_DATA using Raw AES Keyring - ciphertext_keyring, enc_header_keyring = client.encrypt( + ciphertext_keyring, encrypted_header_keyring = client.encrypt( source=EXAMPLE_DATA, keyring=raw_aes_keyring, encryption_context=DEFAULT_ENCRYPTION_CONTEXT ) # 2b. Encrypt EXAMPLE_DATA using Raw AES Master Key Provider - ciphertext_mkp, enc_header_mkp = client.encrypt( + ciphertext_mkp, encrypted_header_mkp = client.encrypt( source=EXAMPLE_DATA, key_provider=raw_aes_master_key_provider, encryption_context=DEFAULT_ENCRYPTION_CONTEXT @@ -194,7 +194,7 @@ def migration_raw_aes_key(): # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( pair in decrypted_header_keyring_using_mkp.encryption_context.items() - for pair in enc_header_keyring.encryption_context.items() + for pair in encrypted_header_keyring.encryption_context.items() ) assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ @@ -221,7 +221,7 @@ def migration_raw_aes_key(): # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( pair in decrypted_header_mkp_using_mkp.encryption_context.items() - for pair in enc_header_mkp.encryption_context.items() + for pair in encrypted_header_mkp.encryption_context.items() ) assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \ diff --git a/examples/src/migration/migration_raw_rsa_key_example.py b/examples/src/migration/migration_raw_rsa_key_example.py index 09e32e5f5..22c9512ec 100644 --- a/examples/src/migration/migration_raw_rsa_key_example.py +++ b/examples/src/migration/migration_raw_rsa_key_example.py @@ -208,14 +208,14 @@ def migration_raw_rsa_key( raw_rsa_master_key_provider = create_key_provider() # 2a. Encrypt EXAMPLE_DATA using Raw RSA Keyring - ciphertext_keyring, enc_header_keyring = client.encrypt( + ciphertext_keyring, encrypted_header_keyring = client.encrypt( source=EXAMPLE_DATA, keyring=raw_rsa_keyring, encryption_context=DEFAULT_ENCRYPTION_CONTEXT ) # 2b. Encrypt EXAMPLE_DATA using Raw RSA Master Key Provider - ciphertext_mkp, enc_header_mkp = client.encrypt( + ciphertext_mkp, encrypted_header_mkp = client.encrypt( source=EXAMPLE_DATA, key_provider=raw_rsa_master_key_provider, encryption_context=DEFAULT_ENCRYPTION_CONTEXT @@ -246,7 +246,7 @@ def migration_raw_rsa_key( # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( pair in decrypted_header_keyring_using_mkp.encryption_context.items() - for pair in enc_header_keyring.encryption_context.items() + for pair in encrypted_header_keyring.encryption_context.items() ) assert decrypted_ciphertext_keyring_using_keyring == decrypted_ciphertext_keyring_using_mkp \ @@ -273,7 +273,7 @@ def migration_raw_rsa_key( # includes all key pairs from the encrypt operation. (The SDK can add pairs, so don't require an exact match.) assert all( pair in decrypted_header_mkp_using_mkp.encryption_context.items() - for pair in enc_header_mkp.encryption_context.items() + for pair in encrypted_header_mkp.encryption_context.items() ) assert decrypted_ciphertext_mkp_using_keyring == decrypted_ciphertext_mkp_using_mkp \