def encrypt(self,
data: bytes,
pubkey: bytes = None) -> Tuple[bytes, bytes]:
"""
:data: The data to encrypt. If derived per-subpath, it's a
symmetric key to use for block ciphers.
:pubkey: Optional public key to encrypt for. If not given, encrypt
for ours
:returns: (ekey, edata) where ekey is needed for recepient to
reconstruct a DH secret, edata is data encrypted with this
DH secret. The output should be treated as a monolithic
ciphertext outside of this class
"""
if pubkey is None:
pubkey = self._pub_key
else:
pubkey = ec.deserialize(self.pre.ecgroup, pubkey)
key, ekey = self.pre.encapsulate(pubkey)
cipher = SecretBox(key)
return ((ec.serialize(ekey.ekey), None),
cipher.encrypt(data))
评论列表
文章目录
