How to encrypt files already stored on GAE's blobstore?

I am working on an application that allows users (publishers) to upload files to the blobstore, and then this app serves blobs back to other users if they pay for it. Because this blobs are stored on specific urls, users can still download files if they know the correct url, so I want to encrypt this files with 128 bit key to prevent illegal downloads. 开发者_Go百科The BlobReader class documentation says: "This interface is read-only: Blobstore values cannot be modified directly by the application."

How can I implement encryption method somewhere in between the upload from the publishr and the download from a user. Is there a way to read the blob, do something with bytes and save new bytes in a new blob? Or a similar solution that does the job?

According to the Blobstore Python API help documentation, it would appear that serving blobs is dependent on a handler that you define. Can't you check that the user is authenticated in that handler and then refuse to serve the blob (e.g. by returning an error code), rather than rewriting blobs?