cosmian-kms 4.10.0__cp37-abi3-win_amd64.whl → 4.11.0__cp37-abi3-win_amd64.whl

Sign up to get free protection for your applications and to get access to all the features.
cosmian_kms/__init__.py CHANGED
@@ -1,6 +1,11 @@
1
1
  # -*- coding: utf-8 -*-
2
+ from typing import List, Union
3
+
2
4
  from .cosmian_kms import *
3
5
 
6
+ UidOrTags = Union[str, List[str]]
7
+ """KMS Objects (e.g. keys) can either be referenced by an UID using a single string, or by a list of tags using a list of string."""
8
+
4
9
  __doc__ = cosmian_kms.__doc__
5
10
  if hasattr(cosmian_kms, '__all__'):
6
11
  __all__ = cosmian_kms.__all__
cosmian_kms/__init__.pyi CHANGED
@@ -3,6 +3,9 @@ from typing import List, Optional, Tuple, Union
3
3
 
4
4
  from cloudproof_cover_crypt import Attribute, Policy
5
5
 
6
+ UidOrTags = Union[str, List[str]]
7
+ """KMS Objects (e.g. keys) can either be referenced by an UID using a single string, or by a list of tags using a list of string."""
8
+
6
9
  class KmsObject:
7
10
  def object_type(self) -> str:
8
11
  """Get the type of the underlying KMIP object.
@@ -17,6 +20,53 @@ class KmsObject:
17
20
  bytes
18
21
  """
19
22
 
23
+ class KmsEncryptResponse:
24
+ """Represents the response from a KMS encryption operation."""
25
+
26
+ @staticmethod
27
+ def from_json(data: str) -> KmsEncryptResponse:
28
+ """
29
+ Creates an instance from a JSON string.
30
+
31
+ Args:
32
+ data (str): The JSON string representing the KmsEncryptResponse.
33
+ """
34
+ def unique_identifier(self) -> str:
35
+ """
36
+ Retrieves the unique identifier of the key used during encryption.
37
+
38
+ Returns:
39
+ str: The unique identifier of the key.
40
+ """
41
+ def data(self) -> bytes:
42
+ """
43
+ Retrieves the data bytes from the encryption response.
44
+
45
+ Returns:
46
+ bytes.
47
+ """
48
+ def iv_counter_nonce(self) -> bytes:
49
+ """
50
+ Retrieves the IV, Counter, or Nonce bytes from the encryption response.
51
+
52
+ Returns:
53
+ bytes
54
+ """
55
+ def authenticated_encryption_tag(self) -> bytes:
56
+ """
57
+ Retrieves the authentication tag bytes from the encryption response.
58
+
59
+ Returns:
60
+ bytes
61
+ """
62
+ def correlation_value(self) -> bytes:
63
+ """
64
+ Retrieves the correlation value bytes from the encryption response.
65
+
66
+ Returns:
67
+ bytes
68
+ """
69
+
20
70
  class KmsClient:
21
71
  """Python client for a Key Management System (KMS). The methods return Future object which
22
72
  can be used to track and manage the status of the requests asynchronously.
@@ -56,7 +106,7 @@ class KmsClient:
56
106
  Returns:
57
107
  Future[Tuple[str, str]]: (Public key UID, Master secret key UID)
58
108
  """
59
- def import_cover_crypt_master_private_key_request(
109
+ def import_cover_crypt_master_private_key(
60
110
  self,
61
111
  private_key: bytes,
62
112
  replace_existing: bool,
@@ -81,7 +131,7 @@ class KmsClient:
81
131
  Returns:
82
132
  Future[str]: the unique identifier of the key
83
133
  """
84
- def import_cover_crypt_public_key_request(
134
+ def import_cover_crypt_public_key(
85
135
  self,
86
136
  public_key: bytes,
87
137
  replace_existing: bool,
@@ -104,8 +154,7 @@ class KmsClient:
104
154
  def rotate_cover_crypt_attributes(
105
155
  self,
106
156
  attributes: List[Union[Attribute, str]],
107
- master_secret_key_identifier: Optional[str],
108
- tags: Optional[List[str]] = None,
157
+ master_secret_key_identifier: UidOrTags,
109
158
  ) -> Future[Tuple[str, str]]:
110
159
  """Rotate the given policy attributes. This will rekey in the KMS:
111
160
  - the Master Keys
@@ -113,8 +162,7 @@ class KmsClient:
113
162
 
114
163
  Args:
115
164
  attributes (List[Union[Attribute, str]]): attributes to rotate e.g. ["Department::HR"]
116
- master_secret_key_identifier (Optional[str]): master secret key UID. Tags should be supplied if the ID is not given.
117
- tags (Optional[List[str]]): tags to retrieve the master secret key if it the id is not satisfied
165
+ master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
118
166
 
119
167
  Returns:
120
168
  Future[Tuple[str, str]]: (Public key UID, Master secret key UID)
@@ -122,8 +170,7 @@ class KmsClient:
122
170
  async def clear_cover_crypt_attributes_rotations(
123
171
  self,
124
172
  attributes: List[Union[Attribute, str]],
125
- master_secret_key_identifier: str,
126
- tags: Optional[List[str]] = None,
173
+ master_secret_key_identifier: UidOrTags,
127
174
  ) -> Tuple[str, str]:
128
175
  """
129
176
  Remove old rotations from the specified policy attributes.
@@ -133,9 +180,8 @@ class KmsClient:
133
180
  - all User Decryption Keys that contain one of these attributes in their policy.
134
181
 
135
182
  Args:
136
- - attributes (List[Union[Attribute, str]): Attributes to rotate e.g. ["Department::HR"]
137
- - master_secret_key_identifier (str): Master secret key UID
138
- - tags (List[str]): Tags to use when the master_secret_key_identifier is not provided (default: None)
183
+ attributes (List[Union[Attribute, str]): Attributes to rotate e.g. ["Department::HR"]
184
+ master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
139
185
 
140
186
  Returns:
141
187
  Tuple[str, str]: (Public key UID, Master secret key UID)
@@ -143,8 +189,7 @@ class KmsClient:
143
189
  async def remove_cover_crypt_attribute(
144
190
  self,
145
191
  attribute: Union[Attribute, str],
146
- master_secret_key_identifier: str,
147
- tags: Optional[List[str]] = None,
192
+ master_secret_key_identifier: UidOrTags,
148
193
  ) -> Tuple[str, str]:
149
194
  """
150
195
  Remove a specific attribute from a keypair's policy.
@@ -154,9 +199,8 @@ class KmsClient:
154
199
  - all User Decryption Keys that contain one of these attributes in their policy.
155
200
 
156
201
  Args:
157
- - attributes (List[Union[Attribute, str]): Attributes to remove e.g. "Department::HR"
158
- - master_secret_key_identifier (str): Master secret key UID
159
- - tags (List[str]): Tags to use when the master_secret_key_identifier is not provided (default: None)
202
+ attributes (List[Union[Attribute, str]): Attributes to remove e.g. "Department::HR"
203
+ master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
160
204
 
161
205
  Returns:
162
206
  Tuple[str, str]: (Public key UID, Master secret key UID)
@@ -164,8 +208,7 @@ class KmsClient:
164
208
  async def disable_cover_crypt_attribute(
165
209
  self,
166
210
  attribute: Union[Attribute, str],
167
- master_secret_key_identifier: str,
168
- tags: Optional[List[str]] = None,
211
+ master_secret_key_identifier: UidOrTags,
169
212
  ) -> Tuple[str, str]:
170
213
  """
171
214
  Disable a specific attribute from a keypair's policy.
@@ -175,9 +218,8 @@ class KmsClient:
175
218
  - all User Decryption Keys that contain one of these attributes in their policy.
176
219
 
177
220
  Args:
178
- - attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
179
- - master_secret_key_identifier (str): Master secret key UID
180
- - tags (List[str]): Tags to use when the master_secret_key_identifier is not provided (default: None)
221
+ attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
222
+ master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
181
223
 
182
224
  Returns:
183
225
  Tuple[str, str]: (Public key UID, Master secret key UID)
@@ -186,8 +228,7 @@ class KmsClient:
186
228
  self,
187
229
  attribute: Union[Attribute, str],
188
230
  is_hybridized: bool,
189
- master_secret_key_identifier: str,
190
- tags: Optional[List[str]] = None,
231
+ master_secret_key_identifier: UidOrTags,
191
232
  ) -> Tuple[str, str]:
192
233
  """
193
234
  Add a specific attribute to a keypair's policy.
@@ -197,10 +238,10 @@ class KmsClient:
197
238
  - all User Decryption Keys that contain one of these attributes in their policy.
198
239
 
199
240
  Args:
200
- - attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
201
- - is_hybridized (bool): hint for encryption
202
- - master_secret_key_identifier (str): Master secret key UID
203
- - tags (List[str]): Tags to use when the master_secret_key_identifier is not provided (default: None)
241
+ attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
242
+ is_hybridized (bool): hint for encryption
243
+ master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
244
+
204
245
 
205
246
  Returns:
206
247
  Tuple[str, str]: (Public key UID, Master secret key UID)
@@ -209,8 +250,7 @@ class KmsClient:
209
250
  self,
210
251
  attribute: Union[Attribute, str],
211
252
  new_name: str,
212
- master_secret_key_identifier: str,
213
- tags: Optional[List[str]] = None,
253
+ master_secret_key_identifier: UidOrTags,
214
254
  ) -> Tuple[str, str]:
215
255
  """
216
256
  Add a specific attribute to a keypair's policy.
@@ -220,16 +260,18 @@ class KmsClient:
220
260
  - all User Decryption Keys that contain one of these attributes in their policy.
221
261
 
222
262
  Args:
223
- - attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
224
- - new_name (str): the new name for the attribute
225
- - master_secret_key_identifier (str): Master secret key UID
226
- - tags (List[str]): Tags to use when the master_secret_key_identifier is not provided (default: None)
263
+ attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
264
+ new_name (str): the new name for the attribute
265
+ master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
227
266
 
228
267
  Returns:
229
268
  Tuple[str, str]: (Public key UID, Master secret key UID)
230
269
  """
231
270
  def create_cover_crypt_user_decryption_key(
232
- self, access_policy_str: str, master_secret_key_identifier: str
271
+ self,
272
+ access_policy_str: str,
273
+ master_secret_key_identifier: str,
274
+ tags: Optional[str] = None,
233
275
  ) -> Future[str]:
234
276
  """Generate a user secret key.
235
277
  A new user secret key does NOT include to old (i.e. rotated) partitions.
@@ -237,11 +279,12 @@ class KmsClient:
237
279
  Args:
238
280
  access_policy_str (str): user access policy
239
281
  master_secret_key_identifier (str): master secret key UID
282
+ tags (Optional[List[str]]): optional tags to use with the keys
240
283
 
241
284
  Returns:
242
285
  Future[str]: User secret key UID
243
286
  """
244
- def import_cover_crypt_user_decryption_key_request(
287
+ def import_cover_crypt_user_decryption_key(
245
288
  self,
246
289
  private_key: bytes,
247
290
  replace_existing: bool,
@@ -271,8 +314,7 @@ class KmsClient:
271
314
  self,
272
315
  encryption_policy_str: str,
273
316
  data: bytes,
274
- public_key_identifier: Optional[str],
275
- tags: Optional[List[str]] = None,
317
+ public_key_identifier: UidOrTags,
276
318
  header_metadata: Optional[bytes] = None,
277
319
  authentication_data: Optional[bytes] = None,
278
320
  ) -> Future[bytes]:
@@ -282,8 +324,7 @@ class KmsClient:
282
324
  Args:
283
325
  encryption_policy_str (str): the access policy to use for encryption
284
326
  data (bytes): data to encrypt
285
- public_key_identifier (str): identifier of the public key. If not specified, tags must be provided.
286
- tags (Optional[List[str]]): tags to use to find the public key
327
+ public_key_identifier (Union[str, List[str]]): public key unique id or associated tags
287
328
  header_metadata (Optional[bytes]): additional data to symmetrically encrypt in the header
288
329
  authentication_data (Optional[bytes]): authentication data to use in symmetric encryptions
289
330
 
@@ -293,57 +334,99 @@ class KmsClient:
293
334
  def cover_crypt_decryption(
294
335
  self,
295
336
  encrypted_data: bytes,
296
- user_key_identifier: Optional[str],
297
- tags: Optional[List[str]] = None,
337
+ user_key_identifier: UidOrTags,
298
338
  authentication_data: Optional[bytes] = None,
299
339
  ) -> Future[Tuple[bytes, bytes]]:
300
340
  """Hybrid decryption.
301
341
 
302
342
  Args:
303
343
  encrypted_data (bytes): encrypted header || symmetric ciphertext
304
- user_key_identifier (str): identifier of the user key. If not specified, tags must be provided.
305
- tags (Optional[List[str]]): tags to use to find the user key
344
+ user_key_identifier (Union[str, List[str]]): user secret key unique id or associated tags
306
345
  authentication_data (Optional[bytes]): authentication data to use in symmetric decryption
307
346
 
308
347
  Returns:
309
348
  Future[Tuple[bytes, bytes]]: (plaintext bytes, header metadata bytes)
310
349
  """
311
- def get_object(self, unique_identifier: str) -> Future[KmsObject]:
350
+ def get_object(self, unique_identifier: UidOrTags) -> Future[KmsObject]:
312
351
  """Fetch KMIP object by UID.
313
352
 
314
353
  Args:
315
- unique_identifier (str): the object unique identifier in the KMS
354
+ unique_identifier (Union[str, List[str]]): object unique id or associated tags
316
355
 
317
356
  Returns:
318
357
  Future[KmsObject]
319
358
  """
320
- def revoke_cover_crypt_key(
359
+ def revoke_key(
321
360
  self,
322
361
  revocation_reason: str,
323
- key_identifier: Optional[str],
324
- tags: Optional[List[str]] = None,
362
+ key_identifier: UidOrTags,
325
363
  ) -> Future[str]:
326
364
  """Mark a CoverCrypt Key as revoked
327
365
 
328
366
  Args:
329
367
  revocation_reason (str): explanation of the revocation
330
- key_identifier (str): identifier of the user key. If not specified, tags must be provided.
331
- tags (Optional[List[str]]): tags to use to find the user key
368
+ key_identifier (Union[str, List[str]]): key unique id or associated tags
332
369
 
333
370
  Returns:
334
371
  Future[str]: uid of the revoked key
335
372
  """
336
- def destroy_cover_crypt_key(
373
+ def destroy_key(
337
374
  self,
338
- key_identifier: Optional[str],
339
- tags: Optional[List[str]] = None,
375
+ key_identifier: UidOrTags,
340
376
  ) -> Future[str]:
341
377
  """Mark a CoverCrypt Key as destroyed
342
378
 
343
379
  Args:
344
- key_identifier (str): identifier of the user key. If not specified, tags must be provided.
345
- tags (Optional[List[str]]): tags to use to find the user key
380
+ key_identifier (Union[str, List[str]]): key unique id or associated tags
346
381
 
347
382
  Returns:
348
383
  Future[str]: uid of the destroyed key
349
384
  """
385
+ def create_symmetric_key(
386
+ self,
387
+ key_len_in_bits: int,
388
+ algorithm: str = "AES",
389
+ tags: Optional[List[str]] = None,
390
+ ) -> Future[str]:
391
+ """Create a symmetric key using the specified key length, cryptographic algorithm, and optional tags
392
+
393
+ Args:
394
+ key_len_in_bits (int): length of the key in bits
395
+ algorithm (str, optional): cryptographic algorithm to be used, supported values are "AES" and "ChaCha20". Defaults to "AES"
396
+ tags (List[str], optional): tags associated with the key
397
+
398
+ Returns:
399
+ Future[str]: uid of the created key.
400
+ """
401
+ def encrypt(
402
+ self,
403
+ data: bytes,
404
+ key_identifier: UidOrTags,
405
+ ) -> Future[KmsEncryptResponse]:
406
+ """Encrypts the provided binary data using the specified key identifier or tags
407
+
408
+ Args:
409
+ data (bytes): binary data to be encrypted
410
+ key_identifier (Union[str, List[str]]): secret key unique id or associated tags
411
+
412
+ Returns:
413
+ Future[KmsEncryptResponse]: encryption result
414
+ """
415
+ def decrypt(
416
+ self,
417
+ encrypted_data: bytes,
418
+ key_identifier: UidOrTags,
419
+ iv_counter_nonce: Optional[bytes] = None,
420
+ authentication_encryption_tag: Optional[bytes] = None,
421
+ ) -> Future[bytes]:
422
+ """Hybrid decryption.
423
+
424
+ Args:
425
+ encrypted_data (bytes): ciphertext
426
+ key_identifier (Union[str, List[str]]): secret key unique id or associated tags
427
+ iv_counter_nonce (Optional[bytes]): the initialization vector, counter or nonce to be used
428
+ authentication_encryption_tag (Optional[bytes]): additional binary data used for authentication
429
+
430
+ Returns:
431
+ Future[bytes]: plaintext bytes
432
+ """
Binary file
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: cosmian_kms
3
- Version: 4.10.0
3
+ Version: 4.11.0
4
4
  Classifier: Programming Language :: Rust
5
5
  Classifier: Programming Language :: Python :: Implementation :: CPython
6
6
  Classifier: Programming Language :: Python :: Implementation :: PyPy
@@ -0,0 +1,8 @@
1
+ cosmian_kms-4.11.0.dist-info/METADATA,sha256=Q8tfOmtTLS9xn-3O0iuL9UCJ6kqHKc-OdIJSLRUEw1A,1037
2
+ cosmian_kms-4.11.0.dist-info/WHEEL,sha256=UkiIbgdHMLHW2gq5sK0KIz7BWr-fIhJ0YDadI2YbUjg,94
3
+ cosmian_kms-4.11.0.dist-info/license_files/LICENSE.md,sha256=_zfsPgqYDWuqWECzE0w-LQfkkgg28_DMNj87xgn6OUI,32275
4
+ cosmian_kms/py.typed,sha256=bWew9mHgMy8LqMu7RuqQXFXLBxh2CRx0dUbSx-3wE48,27
5
+ cosmian_kms/__init__.py,sha256=hFdRE02W0kEFxAj-F7jcOb91vgyojXlHWmhXKUDKl_U,352
6
+ cosmian_kms/__init__.pyi,sha256=ZuHpvjGQ4hq34EMxwWeQ2YTk3t_sXayOh5_GB5pdIII,15914
7
+ cosmian_kms/cosmian_kms.pyd,sha256=U6s19RBl08OZH2utyKHFoI5IHfqLrqXuNi561uZqeBY,9671168
8
+ cosmian_kms-4.11.0.dist-info/RECORD,,
@@ -1,8 +0,0 @@
1
- cosmian_kms-4.10.0.dist-info/METADATA,sha256=hR3_KXxi55EV-O_TOFg76dju3JoXjav8eEiuCOZG0_M,1037
2
- cosmian_kms-4.10.0.dist-info/WHEEL,sha256=UkiIbgdHMLHW2gq5sK0KIz7BWr-fIhJ0YDadI2YbUjg,94
3
- cosmian_kms-4.10.0.dist-info/license_files/LICENSE.md,sha256=_zfsPgqYDWuqWECzE0w-LQfkkgg28_DMNj87xgn6OUI,32275
4
- cosmian_kms/__init__.pyi,sha256=q6iBF9r0XcA1ZtEZusYFyl1pU433ZBfXygm9nK9A7Xw,13801
5
- cosmian_kms/__init__.py,sha256=ePBIbK1BLxb1v3EhtMcSKuP7ddcNMBCOYSacaKw-LJo,152
6
- cosmian_kms/py.typed,sha256=bWew9mHgMy8LqMu7RuqQXFXLBxh2CRx0dUbSx-3wE48,27
7
- cosmian_kms/cosmian_kms.pyd,sha256=kEcDrQc5gJJX0g2qM2R-UH1HhETmqhtxtwhJ2CarKds,9652224
8
- cosmian_kms-4.10.0.dist-info/RECORD,,