Skip to content

Latest commit

 

History

History
98 lines (62 loc) · 3.04 KB

keywrap.rst

File metadata and controls

98 lines (62 loc) · 3.04 KB
Raw

cryptography.hazmat.primitives.keywrap

Key wrapping

Key wrapping is a cryptographic construct that uses symmetric encryption to encapsulate key material. Key wrapping algorithms are occasionally utilized to protect keys at rest or transmit them over insecure networks. Many of the protections offered by key wrapping are also offered by using authenticated symmetric encryption </hazmat/primitives/symmetric-encryption>.

aes_key_wrap(wrapping_key, key_to_wrap, backend=None)

1.1

This function performs AES key wrap (without padding) as specified in 3394.

param bytes wrapping_key

The wrapping key.

param bytes key_to_wrap

The key to wrap.

param backend

An optional ~cryptography.hazmat.backends.interfaces.CipherBackend instance that supports ~cryptography.hazmat.primitives.ciphers.algorithms.AES.

return bytes

The wrapped key as bytes.

aes_key_unwrap(wrapping_key, wrapped_key, backend=None)

1.1

This function performs AES key unwrap (without padding) as specified in 3394.

param bytes wrapping_key

The wrapping key.

param bytes wrapped_key

The wrapped key.

param backend

An optional ~cryptography.hazmat.backends.interfaces.CipherBackend instance that supports ~cryptography.hazmat.primitives.ciphers.algorithms.AES.

return bytes

The unwrapped key as bytes.

raises cryptography.hazmat.primitives.keywrap.InvalidUnwrap

This is raised if the key is not successfully unwrapped.

aes_key_wrap_with_padding(wrapping_key, key_to_wrap, backend=None)

2.2

This function performs AES key wrap with padding as specified in 5649.

param bytes wrapping_key

The wrapping key.

param bytes key_to_wrap

The key to wrap.

param backend

An optional ~cryptography.hazmat.backends.interfaces.CipherBackend instance that supports ~cryptography.hazmat.primitives.ciphers.algorithms.AES.

return bytes

The wrapped key as bytes.

aes_key_unwrap_with_padding(wrapping_key, wrapped_key, backend=None)

2.2

This function performs AES key unwrap with padding as specified in 5649.

param bytes wrapping_key

The wrapping key.

param bytes wrapped_key

The wrapped key.

param backend

An optional ~cryptography.hazmat.backends.interfaces.CipherBackend instance that supports ~cryptography.hazmat.primitives.ciphers.algorithms.AES.

return bytes

The unwrapped key as bytes.

raises cryptography.hazmat.primitives.keywrap.InvalidUnwrap

This is raised if the key is not successfully unwrapped.

Exceptions

This is raised when a wrapped key fails to unwrap. It can be caused by a corrupted or invalid wrapped key or an invalid wrapping key.