Python-gnupg Usage

写在前面

关于python-gnupg的基本使用记录

Installation

1
pip install python-gnupg

Basics

1
2
3
4
import gnupg
gpg = gnupg.GPG()
encrypt(data, *recipients, **kwargs)
gpg.decrypt(message, **kwargs)

encrypt

  • data (str) – The file or bytestream to encrypt.
  • recipients (str) – The recipients to encrypt to. Recipients must be specified
    keyID/fingerprint. Care should be taken in Python2.x to make sure that the given fingerprint is in fact a string and not a unicode object.
  • default_key (str) – The keyID/fingerprint of the key to use for signing. If given, data
    will be encrypted and signed.
  • passphrase (str) – If given, and default_key is also given, use this passphrase to
    unlock the secret portion of the default_key to sign the encrypted data. Otherwise,
    if default_key is not given, but symmetric=True, then use this passphrase as the
    passphrase for symmetric encryption. Signing and symmetric encryption should not be
    combined when sending the data to other recipients, else the passphrase to the secret key
    would be shared with them.
  • armor (bool) – If True, ascii armor the output; otherwise, the output will be in binary
    format. (Default: True)
  • encrypt (bool) – If True, encrypt the data using the recipients public keys. (Default:
    True)
  • symmetric (bool) – If True, encrypt the data to recipients using a symmetric key.
    See the passphrase parameter. Symmetric encryption and public key encryption can
    be used simultaneously, and will result in a ciphertext which is decryptable with either the
    symmetric passphrase or one of the corresponding private keys.
  • always_trust (bool) – If True, ignore trust warnings on recipient keys. If False, display
    trust warnings. (default: True)

decrypt

  • message (file or str or io.BytesIO) – A string or file-like object to decrypt.
  • always_trust (bool) – Instruct GnuPG to ignore trust checks.
  • passphrase (str) – The passphrase for the secret key used for decryption.
  • output (str) – A filename to write the decrypted output to.

example

encrypt string

1
2
3
4
gpg = gnupg.GPG()
message = open('./message','r').read()
encrypted_data = gpg.encrypt(message, 'who', symetric=True, passphrase='password')
encrypted_string = str(encrypted_data)

decrypt string

1
2
3
4
5
6
7
8
9
ci = open('./cipher', 'r').read()
for s in dictionary:
decrypted_data = gpg.decrypt(ci, passphrase=s)
if decrypted_data.ok == False:
print decrypted_data.status
print decrypted_data.stderr
else:
print decrypted_data.data
break

encrypt file

1
2
3
4
5
6
7
8
9
10
11
12
import gnupg

gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
open('my-unencrypted.txt', 'w').write('You need to Google Venn diagram.')
with open('my-unencrypted.txt', 'rb') as f:
status = gpg.encrypt_file(
f, recipients=['testgpguser@mydomain.com'],
output='my-encrypted.txt.gpg')

print 'ok: ', status.ok
print 'status: ', status.status
print 'stderr: ', status.stderr

decrypt file

1
2
3
4
5
6
7
8
9
import gnupg

gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
with open('my-encrypted.txt.gpg', 'rb') as f:
status = gpg.decrypt_file(f, passphrase='my passphrase', output='my-decrypted.txt')

print 'ok: ', status.ok
print 'status: ', status.status
print 'stderr: ', status.stderr

Use Keys

1
2
3
4
5
6
7
import gnupg
from pprint import pprint # data pretty printer

gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
key_data = open('mykeyfile.asc').read()
import_result = gpg.import_keys(key_data)
pprint(import_result.results)

list keys

1
2
3
4
5
6
7
8
9
10
import gnupg
from pprint import pprint # data pretty printer

gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
public_keys = gpg.list_keys()
private_keys = gpg.list_keys(True)
print 'public keys:'
pprint(public_keys)
print 'private keys:'
pprint(private_keys)
文章目录
  1. 1. 写在前面
  2. 2. Installation
  3. 3. Basics
    1. 3.1. encrypt
    2. 3.2. decrypt
    3. 3.3. example
  4. 4. Use Keys
    1. 4.1. list keys
|