Exceptions (quantum_safe.exceptions)

All exceptions inherit from QuantumSafeError so you can catch the entire hierarchy with a single except clause. Every exception carries a machine-readable code string for programmatic handling.

Exception hierarchy

QuantumSafeError
├── CryptoError
│   ├── VerificationError
│   ├── DecapsulationError
│   └── KeyGenerationError
├── SerializationError
│   ├── KeyParseError
│   └── IncompatibleKeyVersion
├── BackendError
│   └── BackendNotAvailable
├── ConfigurationError
│   └── UnsupportedAlgorithm
├── MigrationError
│   └── ClassicalKeyDetected
└── InsecureOperationError

Reference

exception quantum_safe.exceptions.QuantumSafeError(message, **context)[source]

Base class for all quantum-safe library errors.

Parameters:
exception quantum_safe.exceptions.CryptoError(message, **context)[source]

Raised when a cryptographic operation fails.

Parameters:
exception quantum_safe.exceptions.VerificationError(algo=None, context_mismatch=False)[source]

Signature verification failed.

Parameters:
exception quantum_safe.exceptions.DecapsulationError(algo=None)[source]

Decapsulation failed — usually means wrong secret key or tampered ciphertext.

Do NOT log ciphertexts or key material when catching this; the failure itself is the only safe thing to propagate.

Parameters:

algo (str | None)

exception quantum_safe.exceptions.KeyGenerationError(message, **context)[source]

Key generation failed — usually an RNG or backend issue.

Parameters:
exception quantum_safe.exceptions.SerializationError(message, **context)[source]

Raised when key/ciphertext serialization or deserialization fails.

Parameters:
exception quantum_safe.exceptions.KeyParseError(fmt, reason, field=None)[source]

Failed to parse a key from PEM, DER, CBOR, or JWK.

field indicates which part of the structure was malformed, if known.

Parameters:
exception quantum_safe.exceptions.IncompatibleKeyVersion(key_version, supported_max)[source]

The key’s qs-version field is not supported by this library version.

Parameters:

  • key_version (int)

  • supported_max (int)

exception quantum_safe.exceptions.BackendError(message, **context)[source]

Errors related to cryptographic backend selection or execution.

Parameters:
exception quantum_safe.exceptions.BackendNotAvailable(backend)[source]

A required backend is not installed or could not be loaded.

The install_hint attribute contains a pip command the user can run to fix the problem.

Parameters:

backend (str)

exception quantum_safe.exceptions.ConfigurationError(message, **context)[source]

Raised when the library is misconfigured.

Parameters:
exception quantum_safe.exceptions.UnsupportedAlgorithm(algo, available=None)[source]

The requested algorithm is not supported.

available contains the list of valid algorithm names so callers can suggest alternatives without hard-coding the list.

Parameters:
exception quantum_safe.exceptions.MigrationError(message, **context)[source]

Errors raised during key migration or classical-crypto scanning.

Parameters:
exception quantum_safe.exceptions.ClassicalKeyDetected(algo, min_required='hybrid')[source]

A pure classical (non-hybrid) key was used where PQC is required.

This is raised in strict mode when a classical-only key is passed to an operation that requires at least hybrid security.

Parameters:

  • algo (str)

  • min_required (str)

exception quantum_safe.exceptions.InsecureOperationError(message, **context)[source]

Attempted operation is insecure and has been blocked.

Examples: - Using an algorithm below the required security level - Disabling hybrid mode without an explicit override - Reusing a nonce in a scheme that prohibits it

Parameters: