{"id":7022,"library":"aws-cryptography-internal-standard-library","title":"AWS Cryptography Internal Standard Library","description":"The `aws-cryptography-internal-standard-library` is an internal Python library, a foundational component primarily utilized by the AWS Cryptographic Material Providers Library (MPL) and subsequently by the AWS Encryption SDK. It provides cryptographic primitives and standard library interfaces for other AWS cryptography projects. Users are strongly advised against taking a standalone dependency on this library, as its internal nature means there are no guarantees about API stability or functionality between minor versions. The current version is 1.11.2, and its release cadence aligns with its dependent AWS cryptography libraries.","status":"active","version":"1.11.2","language":"en","source_language":"en","source_url":"https://github.com/aws/aws-cryptographic-material-providers-library","tags":["aws","cryptography","internal","security"],"install":[{"cmd":"pip install aws-cryptography-internal-standard-library","lang":"bash","label":"Direct installation (not recommended for standalone use)"},{"cmd":"pip install \"aws-encryption-sdk[MPL]\"","lang":"bash","label":"Recommended: Install via AWS Encryption SDK with MPL"}],"dependencies":[{"reason":"Required by higher-level AWS cryptography libraries that utilize this internal library for cryptographic operations.","package":"cryptography","optional":false},{"reason":"Required by higher-level AWS cryptography libraries for interaction with AWS services like KMS.","package":"boto3","optional":true}],"imports":[{"note":"This library is not intended for direct use or public import. Its modules are typically consumed by other AWS cryptography libraries like the AWS Cryptographic Material Providers Library.","symbol":"aws_cryptography_internal_standard_library","correct":"# No public API for direct import. This library is an internal dependency."}],"quickstart":{"code":"print('The aws-cryptography-internal-standard-library is an internal dependency.')\nprint('Direct interaction is not recommended as its API is unstable and not for public use.')\nprint('Instead, use public-facing libraries like the AWS Encryption SDK (aws-encryption-sdk).')\n\n# Example of how you would typically interact with encryption functionality\n# through the AWS Encryption SDK, which internally uses libraries like this one.\n# This code snippet is for illustration and requires additional setup (AWS credentials, KMS key).\n\n# import aws_encryption_sdk\n# from aws_encryption_sdk.keyrings.aws_kms import AwsKmsKeyring\n\n# key_arn = os.environ.get('KMS_KEY_ARN', 'arn:aws:kms:us-west-2:111122223333:key/example-key-id')\n# plaintext = b'my secret data'\n\n# try:\n#     # Instantiate the AWS Encryption SDK client\n#     client = aws_encryption_sdk.EncryptionSDKClient()\n\n#     # Create a KMS Keyring (this uses the AWS Cryptographic Material Providers Library internally)\n#     keyring = AwsKmsKeyring(key_ids=[key_arn])\n\n#     # Encrypt the data\n#     ciphertext, header = client.encrypt(source=plaintext, keyring=keyring)\n#     print(f'Ciphertext: {ciphertext.hex()}')\n\n#     # Decrypt the data\n#     decrypted_plaintext, _ = client.decrypt(source=ciphertext, keyring=keyring)\n#     print(f'Decrypted plaintext: {decrypted_plaintext.decode()}')\n\n# except Exception as e:\n#     print(f'Error demonstrating AWS Encryption SDK: {e}')\n#     print('Please ensure AWS credentials and a valid KMS_KEY_ARN are configured.')","lang":"python","description":"This library is designed for internal use by other AWS cryptography projects, not for direct public consumption. Attempting to use it directly may lead to unpredictable behavior and breaking changes. The recommended way to leverage AWS cryptographic best practices is through higher-level libraries such as the AWS Encryption SDK, which internally manages and utilizes this standard library. The commented-out example demonstrates how you would typically encrypt and decrypt data using the AWS Encryption SDK, which is the intended interface for end-users."},"warnings":[{"fix":"Migrate to public-facing AWS cryptography libraries like the `aws-encryption-sdk` or `aws-cryptographic-material-providers`. These libraries offer stable APIs and are designed for customer use.","message":"Do NOT take a standalone dependency on this library. It is an internal component, and AWS makes no guarantees that its functionality or API will remain stable or consistent between minor versions. Direct usage can lead to unexpected breakages in your application.","severity":"breaking","affected_versions":"All versions"},{"fix":"Refer to the documentation and examples for the AWS Encryption SDK or the AWS Cryptographic Material Providers Library. These libraries provide the officially supported and documented interfaces for AWS cryptography.","message":"Lack of direct documentation and examples. Since this library is internal, there is no dedicated public documentation or usage examples for direct interaction. Relying on reverse-engineering or undocumented internal APIs is highly discouraged.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always check the Python compatibility requirements of the top-level AWS cryptography library you are using (e.g., `aws-encryption-sdk`) as that will be the authoritative source for your environment.","message":"Python compatibility is dictated by its consumers. While PyPI lists `<4.0.0,>=3.11.0`, the effective minimum Python version might be higher or lower depending on the specific versions of the consuming AWS cryptography libraries (e.g., `aws-encryption-sdk`).","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"This library is not designed for direct imports. If you need cryptographic functionality, use a higher-level AWS cryptography library such as `aws-encryption-sdk` and follow its documented import paths and usage patterns.","cause":"Attempting to import an internal module or symbol that either does not exist, has been renamed, or is not exposed via a public API.","error":"ModuleNotFoundError: No module named 'aws_cryptography_internal_standard_library.some_internal_module'"},{"fix":"This indicates an attempt to interact with the library in an unsupported way. You should only use officially documented public APIs provided by client-side encryption libraries like the AWS Encryption SDK.","cause":"Trying to access a non-existent function or a function that is internal and not part of any stable public interface.","error":"AttributeError: module 'aws_cryptography_internal_standard_library' has no attribute 'some_function'"}]}