confidant.lib package¶

Submodules¶

confidant.lib.cryptolib.create_datakey(encryption_context, keyid, client=None)¶: Create a datakey from KMS.

confidant.lib.cryptolib.create_mock_datakey()¶: Mock encryption meant to be used for testing or development. Returns a generated data key, but the encrypted version of the key is simply the unencrypted version. If this is called for anything other than testing or development purposes, it will cause unencrypted keys to be stored along with the encrypted content, rending the encryption worthless.

confidant.lib.cryptolib.decrypt_datakey(data_key, encryption_context=None, client=None)¶: Decrypt a datakey.

confidant.lib.cryptolib.decrypt_mock_datakey(data_key)¶: Mock decryption meant to be used for testing or development. Simply returns the provided data_key.

confidant.lib.cryptolib.load_private_key_pem(path, password=None)¶

Load an RSA private key from a file.

Parameters

Returns

An RSA private key object.

Return type

cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey

confidant.lib.cryptolib.load_private_key_pem_as_bare_base64(path, password=None)¶

Load an RSA private key from a file as bare base64-encoded DER.

Parameters

Returns

base64-encoded DER private key data.

Return type

string

confidant.lib.cryptolib.load_x509_certificate_pem(path)¶

Load an X.509 PEM certificate from a file.

Parameters: path (string) – The file path to an X.509 certificate in PEM format.
Returns: X.509 certificate object
Return type: cryptography.x509.Certificate

confidant.lib.cryptolib.load_x509_certificate_pem_as_bare_base64(path)¶

Load an X.509 PEM certificate from a file, return as bare base64-encoded DER.

Parameters: path (string) – The file path to an X.509 certificate in PEM format.
Returns: base64-encoded DER X.509 data.
Return type: string