There modules provide handlers to be used to process existing, or generate new, test vectors based on test vector manifests.

• Python 3.8+
• aws-encryption-sdk

In addition to direct use of the library, some CLI tools are provided to simplify processing of common test manifest types.

Used to process an AWS Encryption SDK Full Message Encrypt manifest.

usage: awses-full-message-encrypt [-h] --input INPUT

Build ciphertexts and decrypt manifest from keys and encrypt manifests

optional arguments:
  -h, --help       show this help message and exit
  --input INPUT    Existing full message encrypt manifest

Used to process an AWS Encryption SDK Full Message Decrypt Generation manifest and produce a Full Message Decrypt manifest along with all corresponding plaintexts and ciphertexts.

usage: awses-full-message-decrypt-generate [-h] --output OUTPUT --input INPUT [--human]

Build ciphertexts and decrypt manifest from keys and encrypt manifests

optional arguments:
  -h, --help       show this help message and exit
  --output OUTPUT  Directory in which to store results
  --input INPUT    Existing full message decrypt generation manifest
  --human          Output human-readable JSON

The output of this command can be used to produce a zip file to be added to the shared test vectors repository. Make sure that the individual contents of the output directory are top-level entries in the zip file; it is easy to add an additional top-level folder by accident!

Used to process an AWS Encryption SDK Full Message Decrypt manifest to decrypt and verify all referenced ciphertexts.

usage: awses-full-message-decrypt [-h] --input INPUT

Decrypt ciphertexts generated by awses-full-message-encrypt

optional arguments:
  -h, --help     show this help message and exit
  --input INPUT  Existing full message decrypt manifest