Wednesday, September 9, 2015

How to use GnuPG in Python ?


If not redirected, please click here https://www.thesecuritybuddy.com/pgp-and-gpg/how-to-use-gnupg-in-python/


gnupg module enables python to use the functionality of GNU Privacy Guard or GnuPG. With this module Python programs can create and manage keys, encrypt and decrypt data, sign and verify documents.



How to install gnupg module ?


Install the module using 'pip install python-gnupg'.


How to import gnupg module ?




You can import the module and use it.

>>> import gnupg
>>> gpg = gnupg.GPG(gnupghome='/path/to/home/directory')



In GnuPG, “home directory” is used to public and private keyring files and a trust database. If no parameter is passed, the default directory is picked up in GnuPG.

GPG constructor also accepts few additional parameter.
  • gpgbinary : the path to gpg executable
  • verbose
  • user_agent : uses in-memory GPG agent if specified True.
  • keyring : specified value is used as name of the keyring file.
  • options : additional command line options passed to GPG
  • secret_keyring : specified value is used as name of the secret keyring file


How to generate GPG keys using gnupg module ?


You can generate GPG keys in Python as follows:


>>> key = gpg.gen_key(input_data)

iput_data specifies the parameters to GnuPG. By default it creates an RSA key of 1024 bits. Real name is taken as “Autogenerated Key” and email-id as <username>@hostname.

You can generate the string input_data using the following method:

>> input_data = gpg.gen_key_input(key_type="RSA", key_length=1024)


gen_key_input() takes the following parameter:
  • key_type : type of key
  • key_length : length of key in bits
  • name_real : real name
  • name_comment : comment
  • name_email : email-id
  • passphrase : passphrase of private key


How to export GPG keys using gnupg module ?


Use the export_keys() method to export public and private keys. It takes the following parameters:
  • keyids : a keyid or fingerprint in any format that GnuPG will accept
  • secret : True if it is a private key
  • subkey : True if it is a subkey


>>> public_keys = gpg.export_keys(keyids)
>>> private_keys = gpg.export_keys(keyids, True)


How to import GPG keys using gnupg module ?


You can import keys using the following methods:

>>> import_result = gpg.import_keys(key_data)

key_data is an ASCII string of public key. It can be obtained by the method export_keys() or from a key server.

To receive public key from a key server use the following method:

>>> import_result = gpg.recv_keys('server-name', 'keyid1', 'keyid2', ...)


How to list GPG keys using gnupg module ?


You can list the keys in the keyring using the following method:

>>> public_keys = gpg.list_keys()


Use the parameter True to list private keys.

>>> public_keys = gpg.list_keys(True)


How to encrypt and decrypt files using gnupg module ?


To encrypt data using GPG in Python use the following method:

>>> gpg.encrypt(data, recipients)


This method takes the following arguments:
  • data : the bytestream or file to encrypt
  • recepients : keyid or fingerprint of recepients

To encrypt a file, you can use the following method:

>>> stream = open(filename, "rb")
>>> gpg.encrypt_file(stream, recipients)


To decrypt a message, use the following method:

>>> decrypted_data = gpg.decrypt(data)

To decrypt a file, use the following method:

>>> stream = open(filename, "rb")
>>> decrypted_data = gpg.decrypt_file(stream)


How to digitally sign and verify the signature using gnupg module ?


To make digital signature of a file in Python using gnupg module, you can use the following method:

>>> signed_data = gpg.sign(message)

To sign a file, use the following method:

>>> stream = open(filename, "rb")
>>> signed_data = gpg.sign_file(stream)


To verify the data, use the following method:

>>> verified = gpg.verify(data)

And to verify a file, use the following method:

>>> stream = open(filename, "rb")
>>> verified = gpg.verify_file(stream)


How to do sign and encryption together using gnupg module ?


To use signing and encryption together using GPG in Python use the following methods:

>>> encrypted_data = gpg.encrypt(data, recipients, sign=signer_fingerprint, passphrase=signer_passphrase)


To decrypt data, use the following method:

>>> decrypted_data = gpg.decrypt(data, passphrase=recipient_passphrase)


How to delete GPG keys using gnupg module ?


delete_key() method can be used to to delete a key. Remember, from a private-public key-pair, private key must be deleted first.

>>> gpg.delete_keys(fp, True)
>>> gpg.delete_keys(fp)

This method takes the following arguments:
  • fingerprints : key fingerprint.
  • secret : True for private key
  • subkey : True for subkey



This are overall methods to use GnuPG in Python. For more details please refer the Python documentation.

No comments:

Post a Comment