pycape.cape_encrypt module

Utility functions supporting the Cape encrypt functionality.

pycape.cape_encrypt.encrypt(message, key)

Encrypt a message with a Cape key.

This function uses envelope encryption. The message is first AES-encrypted with an ephemeral AES key, and then this key is itself encrypted with a given RSA public key.

Parameters:

• message (bytes) – Bytes to encrypt.

• key (bytes) – Bytes representing the Cape key. Needs to be a valid, DEM-encoded RSA public key.

Return type:

bytes

Returns:

Bytes represeting the encryption of message. The bytes are a concatenation of the AES-ciphertext of message, an AES nonce, and the RSA-ciphertext of the AES key.

Raises:

ValueError – if the key is not a valid DEM-encoded RSA public key.