def read_with_associated_data(cls,
keyset_reader: _keyset_reader.KeysetReader,
master_key_aead: aead.Aead,
associated_data: bytes) -> 'KeysetHandle':
"""Tries to create a KeysetHandle from an encrypted keyset using the provided associated data."""
encrypted_keyset = keyset_reader.read_encrypted()
_assert_enough_encrypted_key_material(encrypted_keyset)
return cls._create(
_decrypt(encrypted_keyset, master_key_aead, associated_data))
def read_no_secret(
cls, keyset_reader: _keyset_reader.KeysetReader) -> 'KeysetHandle':
"""Creates a KeysetHandle from a keyset with no secret key material.
This can be used to load public keysets or envelope encryption keysets.
Args:
keyset_reader: A _keyset_reader.KeysetReader object.
Returns:
A new KeysetHandle.
"""
keyset = keyset_reader.read()
_assert_no_secret_key_material(keyset)
return cls._create(keyset)
def read(cls, keyset_reader: _keyset_reader.KeysetReader,
master_key_aead: aead.Aead) -> 'KeysetHandle':
"""Tries to create a KeysetHandle from an encrypted keyset."""
encrypted_keyset = keyset_reader.read_encrypted()
_assert_enough_encrypted_key_material(encrypted_keyset)
return cls._create(_decrypt(encrypted_keyset, master_key_aead))