cosmian-kms 4.10.1__cp37-abi3-win_amd64.whl → 4.11.0__cp37-abi3-win_amd64.whl

cosmian_kms/__init__.py

@@ -1,6 +1,11 @@
 # -*- coding: utf-8 -*-
+from typing import List, Union
+
 from .cosmian_kms import *
 
+UidOrTags = Union[str, List[str]]
+"""KMS Objects (e.g. keys) can either be referenced by an UID using a single string, or by a list of tags using a list of string."""
+
 __doc__ = cosmian_kms.__doc__
 if hasattr(cosmian_kms, '__all__'):
     __all__ = cosmian_kms.__all__

cosmian_kms/__init__.pyi

@@ -3,6 +3,9 @@ from typing import List, Optional, Tuple, Union
 
 from cloudproof_cover_crypt import Attribute, Policy
 
+UidOrTags = Union[str, List[str]]
+"""KMS Objects (e.g. keys) can either be referenced by an UID using a single string, or by a list of tags using a list of string."""
+
 class KmsObject:
     def object_type(self) -> str:
         """Get the type of the underlying KMIP object.
@@ -17,6 +20,53 @@ class KmsObject:
             bytes
         """
 
+class KmsEncryptResponse:
+    """Represents the response from a KMS encryption operation."""
+
+    @staticmethod
+    def from_json(data: str) -> KmsEncryptResponse:
+        """
+        Creates an instance from a JSON string.
+
+        Args:
+            data (str): The JSON string representing the KmsEncryptResponse.
+        """
+    def unique_identifier(self) -> str:
+        """
+        Retrieves the unique identifier of the key used during encryption.
+
+        Returns:
+            str: The unique identifier of the key.
+        """
+    def data(self) -> bytes:
+        """
+        Retrieves the data bytes from the encryption response.
+
+        Returns:
+            bytes.
+        """
+    def iv_counter_nonce(self) -> bytes:
+        """
+        Retrieves the IV, Counter, or Nonce bytes from the encryption response.
+
+        Returns:
+            bytes
+        """
+    def authenticated_encryption_tag(self) -> bytes:
+        """
+        Retrieves the authentication tag bytes from the encryption response.
+
+        Returns:
+            bytes
+        """
+    def correlation_value(self) -> bytes:
+        """
+        Retrieves the correlation value bytes from the encryption response.
+
+        Returns:
+            bytes
+        """
+
 class KmsClient:
     """Python client for a Key Management System (KMS). The methods return Future object which
     can be used to track and manage the status of the requests asynchronously.
@@ -56,7 +106,7 @@ class KmsClient:
         Returns:
             Future[Tuple[str, str]]: (Public key UID, Master secret key UID)
         """
-    def import_cover_crypt_master_private_key_request(
+    def import_cover_crypt_master_private_key(
         self,
         private_key: bytes,
         replace_existing: bool,
@@ -81,7 +131,7 @@ class KmsClient:
         Returns:
             Future[str]: the unique identifier of the key
         """
-    def import_cover_crypt_public_key_request(
+    def import_cover_crypt_public_key(
         self,
         public_key: bytes,
         replace_existing: bool,
@@ -104,8 +154,7 @@ class KmsClient:
     def rotate_cover_crypt_attributes(
         self,
         attributes: List[Union[Attribute, str]],
-        master_secret_key_identifier: Optional[str],
-        tags: Optional[List[str]] = None,
+        master_secret_key_identifier: UidOrTags,
     ) -> Future[Tuple[str, str]]:
         """Rotate the given policy attributes. This will rekey in the KMS:
             - the Master Keys
@@ -113,8 +162,7 @@ class KmsClient:
 
         Args:
             attributes (List[Union[Attribute, str]]): attributes to rotate e.g. ["Department::HR"]
-            master_secret_key_identifier (Optional[str]): master secret key UID. Tags should be supplied if the ID is not given.
-            tags (Optional[List[str]]): tags to retrieve the master secret key if it the id is not satisfied
+            master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
 
         Returns:
             Future[Tuple[str, str]]: (Public key UID, Master secret key UID)
@@ -122,8 +170,7 @@ class KmsClient:
     async def clear_cover_crypt_attributes_rotations(
         self,
         attributes: List[Union[Attribute, str]],
-        master_secret_key_identifier: str,
-        tags: Optional[List[str]] = None,
+        master_secret_key_identifier: UidOrTags,
     ) -> Tuple[str, str]:
         """
         Remove old rotations from the specified policy attributes.
@@ -133,9 +180,8 @@ class KmsClient:
         - all User Decryption Keys that contain one of these attributes in their policy.
 
         Args:
-            - attributes (List[Union[Attribute, str]): Attributes to rotate e.g. ["Department::HR"]
-            - master_secret_key_identifier (str): Master secret key UID
-            - tags (List[str]): Tags to use when the master_secret_key_identifier is not provided (default: None)
+            attributes (List[Union[Attribute, str]): Attributes to rotate e.g. ["Department::HR"]
+            master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
 
         Returns:
             Tuple[str, str]: (Public key UID, Master secret key UID)
@@ -143,8 +189,7 @@ class KmsClient:
     async def remove_cover_crypt_attribute(
         self,
         attribute: Union[Attribute, str],
-        master_secret_key_identifier: str,
-        tags: Optional[List[str]] = None,
+        master_secret_key_identifier: UidOrTags,
     ) -> Tuple[str, str]:
         """
         Remove a specific attribute from a keypair's policy.
@@ -154,9 +199,8 @@ class KmsClient:
         - all User Decryption Keys that contain one of these attributes in their policy.
 
         Args:
-            - attributes (List[Union[Attribute, str]): Attributes to remove e.g. "Department::HR"
-            - master_secret_key_identifier (str): Master secret key UID
-            - tags (List[str]): Tags to use when the master_secret_key_identifier is not provided (default: None)
+            attributes (List[Union[Attribute, str]): Attributes to remove e.g. "Department::HR"
+            master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
 
         Returns:
             Tuple[str, str]: (Public key UID, Master secret key UID)
@@ -164,8 +208,7 @@ class KmsClient:
     async def disable_cover_crypt_attribute(
         self,
         attribute: Union[Attribute, str],
-        master_secret_key_identifier: str,
-        tags: Optional[List[str]] = None,
+        master_secret_key_identifier: UidOrTags,
     ) -> Tuple[str, str]:
         """
         Disable a specific attribute from a keypair's policy.
@@ -175,9 +218,8 @@ class KmsClient:
         - all User Decryption Keys that contain one of these attributes in their policy.
 
         Args:
-            - attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
-            - master_secret_key_identifier (str): Master secret key UID
-            - tags (List[str]): Tags to use when the master_secret_key_identifier is not provided (default: None)
+            attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
+            master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
 
         Returns:
             Tuple[str, str]: (Public key UID, Master secret key UID)
@@ -186,8 +228,7 @@ class KmsClient:
         self,
         attribute: Union[Attribute, str],
         is_hybridized: bool,
-        master_secret_key_identifier: str,
-        tags: Optional[List[str]] = None,
+        master_secret_key_identifier: UidOrTags,
     ) -> Tuple[str, str]:
         """
         Add a specific attribute to a keypair's policy.
@@ -197,10 +238,10 @@ class KmsClient:
         - all User Decryption Keys that contain one of these attributes in their policy.
 
         Args:
-            - attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
-            - is_hybridized (bool): hint for encryption
-            - master_secret_key_identifier (str): Master secret key UID
-            - tags (List[str]): Tags to use when the master_secret_key_identifier is not provided (default: None)
+            attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
+            is_hybridized (bool): hint for encryption
+            master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
+
 
         Returns:
             Tuple[str, str]: (Public key UID, Master secret key UID)
@@ -209,8 +250,7 @@ class KmsClient:
         self,
         attribute: Union[Attribute, str],
         new_name: str,
-        master_secret_key_identifier: str,
-        tags: Optional[List[str]] = None,
+        master_secret_key_identifier: UidOrTags,
     ) -> Tuple[str, str]:
         """
         Add a specific attribute to a keypair's policy.
@@ -220,16 +260,18 @@ class KmsClient:
         - all User Decryption Keys that contain one of these attributes in their policy.
 
         Args:
-            - attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
-            - new_name (str): the new name for the attribute
-            - master_secret_key_identifier (str): Master secret key UID
-            - tags (List[str]): Tags to use when the master_secret_key_identifier is not provided (default: None)
+            attributes (List[Union[Attribute, str]): Attributes to disable e.g. "Department::HR"
+            new_name (str): the new name for the attribute
+            master_secret_key_identifier (Union[str, List[str])): master secret key referenced by its UID or a list of tags
 
         Returns:
             Tuple[str, str]: (Public key UID, Master secret key UID)
         """
     def create_cover_crypt_user_decryption_key(
-        self, access_policy_str: str, master_secret_key_identifier: str
+        self,
+        access_policy_str: str,
+        master_secret_key_identifier: str,
+        tags: Optional[str] = None,
     ) -> Future[str]:
         """Generate a user secret key.
         A new user secret key does NOT include to old (i.e. rotated) partitions.
@@ -237,11 +279,12 @@ class KmsClient:
         Args:
             access_policy_str (str): user access policy
             master_secret_key_identifier (str): master secret key UID
+            tags (Optional[List[str]]): optional tags to use with the keys
 
         Returns:
             Future[str]: User secret key UID
         """
-    def import_cover_crypt_user_decryption_key_request(
+    def import_cover_crypt_user_decryption_key(
         self,
         private_key: bytes,
         replace_existing: bool,
@@ -271,8 +314,7 @@ class KmsClient:
         self,
         encryption_policy_str: str,
         data: bytes,
-        public_key_identifier: Optional[str],
-        tags: Optional[List[str]] = None,
+        public_key_identifier: UidOrTags,
         header_metadata: Optional[bytes] = None,
         authentication_data: Optional[bytes] = None,
     ) -> Future[bytes]:
@@ -282,8 +324,7 @@ class KmsClient:
         Args:
             encryption_policy_str (str): the access policy to use for encryption
             data (bytes): data to encrypt
-            public_key_identifier (str): identifier of the public key. If not specified, tags must be provided.
-            tags (Optional[List[str]]): tags to use to find the public key
+            public_key_identifier (Union[str, List[str]]): public key unique id or associated tags
             header_metadata (Optional[bytes]): additional data to symmetrically encrypt in the header
             authentication_data (Optional[bytes]): authentication data to use in symmetric encryptions
 
@@ -293,57 +334,99 @@ class KmsClient:
     def cover_crypt_decryption(
         self,
         encrypted_data: bytes,
-        user_key_identifier: Optional[str],
-        tags: Optional[List[str]] = None,
+        user_key_identifier: UidOrTags,
         authentication_data: Optional[bytes] = None,
     ) -> Future[Tuple[bytes, bytes]]:
         """Hybrid decryption.
 
         Args:
             encrypted_data (bytes): encrypted header || symmetric ciphertext
-            user_key_identifier (str): identifier of the user key. If not specified, tags must be provided.
-            tags (Optional[List[str]]): tags to use to find the user key
+            user_key_identifier (Union[str, List[str]]): user secret key unique id or associated tags
             authentication_data (Optional[bytes]): authentication data to use in symmetric decryption
 
         Returns:
             Future[Tuple[bytes, bytes]]: (plaintext bytes, header metadata bytes)
         """
-    def get_object(self, unique_identifier: str) -> Future[KmsObject]:
+    def get_object(self, unique_identifier: UidOrTags) -> Future[KmsObject]:
         """Fetch KMIP object by UID.
 
         Args:
-            unique_identifier (str): the object unique identifier in the KMS
+            unique_identifier (Union[str, List[str]]): object unique id or associated tags
 
         Returns:
             Future[KmsObject]
         """
-    def revoke_cover_crypt_key(
+    def revoke_key(
         self,
         revocation_reason: str,
-        key_identifier: Optional[str],
-        tags: Optional[List[str]] = None,
+        key_identifier: UidOrTags,
     ) -> Future[str]:
         """Mark a CoverCrypt Key as revoked
 
         Args:
             revocation_reason (str): explanation of the revocation
-            key_identifier (str): identifier of the user key. If not specified, tags must be provided.
-            tags (Optional[List[str]]): tags to use to find the user key
+            key_identifier (Union[str, List[str]]): key unique id or associated tags
 
         Returns:
             Future[str]: uid of the revoked key
         """
-    def destroy_cover_crypt_key(
+    def destroy_key(
         self,
-        key_identifier: Optional[str],
-        tags: Optional[List[str]] = None,
+        key_identifier: UidOrTags,
     ) -> Future[str]:
         """Mark a CoverCrypt Key as destroyed
 
         Args:
-            key_identifier (str): identifier of the user key. If not specified, tags must be provided.
-            tags (Optional[List[str]]): tags to use to find the user key
+            key_identifier (Union[str, List[str]]): key unique id or associated tags
 
         Returns:
             Future[str]: uid of the destroyed key
         """
+    def create_symmetric_key(
+        self,
+        key_len_in_bits: int,
+        algorithm: str = "AES",
+        tags: Optional[List[str]] = None,
+    ) -> Future[str]:
+        """Create a symmetric key using the specified key length, cryptographic algorithm, and optional tags
+
+        Args:
+            key_len_in_bits (int): length of the key in bits
+            algorithm (str, optional): cryptographic algorithm to be used, supported values are "AES" and "ChaCha20". Defaults to "AES"
+            tags (List[str], optional): tags associated with the key
+
+        Returns:
+            Future[str]: uid of the created key.
+        """
+    def encrypt(
+        self,
+        data: bytes,
+        key_identifier: UidOrTags,
+    ) -> Future[KmsEncryptResponse]:
+        """Encrypts the provided binary data using the specified key identifier or tags
+
+        Args:
+            data (bytes): binary data to be encrypted
+            key_identifier (Union[str, List[str]]): secret key unique id or associated tags
+
+        Returns:
+            Future[KmsEncryptResponse]: encryption result
+        """
+    def decrypt(
+        self,
+        encrypted_data: bytes,
+        key_identifier: UidOrTags,
+        iv_counter_nonce: Optional[bytes] = None,
+        authentication_encryption_tag: Optional[bytes] = None,
+    ) -> Future[bytes]:
+        """Hybrid decryption.
+
+        Args:
+            encrypted_data (bytes): ciphertext
+            key_identifier (Union[str, List[str]]): secret key unique id or associated tags
+            iv_counter_nonce (Optional[bytes]): the initialization vector, counter or nonce to be used
+            authentication_encryption_tag (Optional[bytes]): additional binary data used for authentication
+
+        Returns:
+            Future[bytes]: plaintext bytes
+        """

{cosmian_kms-4.10.1.dist-info → cosmian_kms-4.11.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: cosmian_kms
-Version: 4.10.1
+Version: 4.11.0
 Classifier: Programming Language :: Rust
 Classifier: Programming Language :: Python :: Implementation :: CPython
 Classifier: Programming Language :: Python :: Implementation :: PyPy

cosmian_kms-4.11.0.dist-info/RECORD

@@ -0,0 +1,8 @@
+cosmian_kms-4.11.0.dist-info/METADATA,sha256=Q8tfOmtTLS9xn-3O0iuL9UCJ6kqHKc-OdIJSLRUEw1A,1037
+cosmian_kms-4.11.0.dist-info/WHEEL,sha256=UkiIbgdHMLHW2gq5sK0KIz7BWr-fIhJ0YDadI2YbUjg,94
+cosmian_kms-4.11.0.dist-info/license_files/LICENSE.md,sha256=_zfsPgqYDWuqWECzE0w-LQfkkgg28_DMNj87xgn6OUI,32275
+cosmian_kms/py.typed,sha256=bWew9mHgMy8LqMu7RuqQXFXLBxh2CRx0dUbSx-3wE48,27
+cosmian_kms/__init__.py,sha256=hFdRE02W0kEFxAj-F7jcOb91vgyojXlHWmhXKUDKl_U,352
+cosmian_kms/__init__.pyi,sha256=ZuHpvjGQ4hq34EMxwWeQ2YTk3t_sXayOh5_GB5pdIII,15914
+cosmian_kms/cosmian_kms.pyd,sha256=U6s19RBl08OZH2utyKHFoI5IHfqLrqXuNi561uZqeBY,9671168
+cosmian_kms-4.11.0.dist-info/RECORD,,

cosmian_kms-4.10.1.dist-info/RECORD

@@ -1,8 +0,0 @@
-cosmian_kms-4.10.1.dist-info/METADATA,sha256=zp2L1BmN8xCk6tzAbUQexfMVPkrBLjW_hqxdOWEt98A,1037
-cosmian_kms-4.10.1.dist-info/WHEEL,sha256=UkiIbgdHMLHW2gq5sK0KIz7BWr-fIhJ0YDadI2YbUjg,94
-cosmian_kms-4.10.1.dist-info/license_files/LICENSE.md,sha256=_zfsPgqYDWuqWECzE0w-LQfkkgg28_DMNj87xgn6OUI,32275
-cosmian_kms/__init__.pyi,sha256=q6iBF9r0XcA1ZtEZusYFyl1pU433ZBfXygm9nK9A7Xw,13801
-cosmian_kms/__init__.py,sha256=ePBIbK1BLxb1v3EhtMcSKuP7ddcNMBCOYSacaKw-LJo,152
-cosmian_kms/py.typed,sha256=bWew9mHgMy8LqMu7RuqQXFXLBxh2CRx0dUbSx-3wE48,27
-cosmian_kms/cosmian_kms.pyd,sha256=6ftokJJAn7RSeQDNsF1eAH3wKuQyrMWmuL72kIjXQaw,9652224
-cosmian_kms-4.10.1.dist-info/RECORD,,