You cannot use encrypt using just AES if you've been given an RSA public key. You need to use hybrid encryption: generate a random AES key of 16, 24 or 32 bytes, then encrypt. You can keep to a zero IV if you generate a new AES key for each encryption.
The AES key itself can then be encrypted using the public key you've been given, using either OAEP or - for backwards compatibility - PKCS#1 v1.5 padding.
The default module does not seem to use padding, if I read the documentation correctly. I've found a padding/unpadding routine on pastebin, thanks go to Peter for sharing:
def pkcs7_pad(data, blocksize=16):
padlen = blocksize - len(data) % blocksize
return data + bytes([padlen]) * padlen
def pkcs7_unpad(data, blocksize=16):
if data:
padlen = data[-1]
if 0 < padlen < blocksize:
if data.endswith(bytes([padlen]) * padlen):
return data[:-padlen]
raise ValueError('incorrect padding')
Note that just encryption is not secure if you are using this over a communication channel. It is required to add a message authentication code (MAC), even if you just require confidentiality of the plaintext. Incorrect use of CBC mode encryption may make the protocol vulnerable to padding oracle attacks.