pycape.cape_encrypt module#

Utility functions supporting the Cape encrypt functionality.

pycape.cape_encrypt.encrypt(message, key)[source]#

Encrypt a message with a Cape key.

This function uses envelope encryption. The message is first AES-encrypted with an ephemeral AES key, and then this key is itself encrypted with a given RSA public key.

  • message (bytes) – Bytes to encrypt.

  • key (bytes) – Bytes representing the Cape key. Needs to be a valid, DEM-encoded RSA public key.

Return type:



Bytes represeting the encryption of message. The bytes are a concatenation of the AES-ciphertext of message, an AES nonce, and the RSA-ciphertext of the AES key.


ValueError – if the key is not a valid DEM-encoded RSA public key.