def test_private_key_cannot_encrypt():
test_keyring = RawRSAKeyring(
key_namespace=_PROVIDER_ID,
key_name=_KEY_ID,
wrapping_algorithm=_WRAPPING_ALGORITHM,
private_wrapping_key=_PRIVATE_WRAPPING_KEY,
)
initial_materials = EncryptionMaterials(
algorithm=Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384,
encryption_context=_ENCRYPTION_CONTEXT)
with pytest.raises(EncryptKeyError) as excinfo:
test_keyring.on_encrypt(initial_materials)
excinfo.match("A public key is required to encrypt")
def test_on_encrypt_no_public_key(raw_rsa_keyring):
private_key = raw_rsa_private_key()
test_keyring = RawRSAKeyring(
key_namespace=_PROVIDER_ID,
key_name=_KEY_ID,
wrapping_algorithm=WrappingAlgorithm.RSA_OAEP_SHA256_MGF1,
private_wrapping_key=private_key,
)
initial_materials = get_encryption_materials_without_data_encryption_key()
with pytest.raises(EncryptKeyError) as excinfo:
test_keyring.on_encrypt(encryption_materials=initial_materials)
excinfo.match("A public key is required to encrypt")
def test_private_key_can_decrypt():
complete_keyring = RawRSAKeyring(
key_namespace=_PROVIDER_ID,
key_name=_KEY_ID,
wrapping_algorithm=_WRAPPING_ALGORITHM,
private_wrapping_key=_PRIVATE_WRAPPING_KEY,
public_wrapping_key=_PUBLIC_WRAPPING_KEY,
)
test_keyring = RawRSAKeyring(
key_namespace=_PROVIDER_ID,
key_name=_KEY_ID,
wrapping_algorithm=_WRAPPING_ALGORITHM,
private_wrapping_key=_PRIVATE_WRAPPING_KEY,
)
initial_materials = EncryptionMaterials(
algorithm=Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384,
encryption_context=_ENCRYPTION_CONTEXT)
encryption_materials = complete_keyring.on_encrypt(initial_materials)
initial_decryption_materials = DecryptionMaterials(
algorithm=Algorithm.AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384,
encryption_context=_ENCRYPTION_CONTEXT)
test_materials = test_keyring.on_decrypt(
decryption_materials=initial_decryption_materials,
encrypted_data_keys=encryption_materials.encrypted_data_keys)
assert test_materials is not initial_decryption_materials
assert test_materials.data_encryption_key is not None