AWS Cryptography Internal Primitives
This library contains internal primitives used by higher-level AWS Cryptography libraries, such as the AWS Encryption SDK. It is *not intended for direct public consumption* and is explicitly marked for internal use only by AWS. Direct usage is strongly discouraged due to potential breaking changes without notice. The current version is 1.11.2, and it is actively maintained with irregular releases driven by upstream AWS Cryptography library requirements.
Common errors
-
AttributeError: module 'aws_cryptography_internal_primitives.keys' has no attribute 'SomeRemovedClass'
cause An internal class or function was refactored, renamed, or removed without notice due to an upstream update in a higher-level AWS Cryptography library.fixDo not use this internal library directly. Instead, migrate to higher-level, stable AWS cryptography libraries which manage these internal dependencies and provide API stability. -
TypeError: CryptoKey() got an unexpected keyword argument 'new_arg'
cause The constructor signature for an internal primitive like `CryptoKey` changed in a minor version update, breaking direct usage of the internal API.fixThis library is for internal use and does not provide API stability guarantees. Update your higher-level AWS Cryptography SDKs and ensure you are not directly interacting with this internal package. -
ImportError: cannot import name 'InternalUtilityFunction' from 'aws_cryptography_internal_primitives.some_module'
cause An internal utility function or class was moved to a different module, renamed, or deleted as part of an internal refactoring.fixAvoid relying on internal modules of this library. Only use official, public AWS SDKs for cryptographic needs, as they provide stable interfaces and abstract away internal changes.
Warnings
- breaking This library is not intended for direct use by customers. It is an internal dependency for higher-level AWS Cryptography libraries. Its public API is subject to breaking changes at any time without notice, even in minor versions.
- gotcha Directly consuming this library bypasses the security, usability, and best practices features provided by higher-level AWS Cryptography SDKs, potentially leading to insecure implementations, complex key management issues, or non-compliance.
- breaking The API surface of `aws-cryptography-internal-primitives` is unstable and has no versioning guarantees regarding public contracts. Upgrades to higher-level AWS Cryptography libraries might silently introduce breaking changes if you depend on this library directly.
Install
-
pip install aws-cryptography-internal-primitives
Imports
- SymmetricCryptoKey
from aws_cryptography_internal_primitives.keys import SymmetricCryptoKey
- MasterKeyConfig
from aws_cryptography_internal_primitives.material_providers import MasterKeyConfig
Quickstart
# WARNING: This library is for internal AWS use only and NOT intended for direct consumption.
# The following code is for illustrative purposes only and should NOT be used in production.
# Expect breaking changes without notice if you use this directly.
import os
from aws_cryptography_internal_primitives.keys import SymmetricCryptoKey, KeyType, KeyLength
# This example demonstrates creating a SymmetricCryptoKey, an internal primitive.
# Direct use is discouraged due to internal design and lack of stability guarantees.
raw_aes_key = os.urandom(32) # 256-bit AES key
# Create an internal symmetric key object
internal_aes_key = SymmetricCryptoKey(
material=raw_aes_key,
key_type=KeyType.SYMMETRIC,
key_length=KeyLength.AES_256
)
print(f"Internal Key Type: {internal_aes_key.key_type.name}")
print(f"Internal Key Length: {internal_aes_key.key_length.value} bits")
print(f"Key material is present: {internal_aes_key.material is not None}")
# DO NOT print or expose raw key material in real applications!