gemstone_utils.types

Shared types for field encryption and wrapped key material.

class gemstone_utils.types.KeyContext(keyid, key, alg=<factory>)[source]

Bases: object

Active data key context for field encryption.

Variables:
  • keyid (str) – Canonical UUID string (segment 2 in encrypted-field wire format).

  • key (bytes) – Raw data-encryption key bytes.

  • alg (str) – Symmetric algorithm id for application field encryption.

Parameters:
alg: str
key: bytes
keyid: str
class gemstone_utils.types.KeyRecord(keyid, alg, encrypted_key, params=<factory>)[source]

Bases: object

Encrypted key material and metadata for wrap/unwrap operations.

Applications construct instances from their own storage layer. params matches the JSON params segment in the encrypted-field wire format.

Variables:
  • keyid (str | None) – Logical DEK id (canonical UUID string), or None for a KEK-check (canary) blob that is not a DEK.

  • alg (str) – Symmetric wrap algorithm id.

  • encrypted_key (bytes) – Ciphertext blob (algorithm-specific layout).

  • params (Dict[str, Any]) – Per-algorithm parameters persisted alongside the blob.

Parameters:
alg: str
encrypted_key: bytes
keyid: str | None
params: Dict[str, Any]