python-gnupg | modified version of python-gnupg , including security patches
kandi X-RAY | python-gnupg Summary
kandi X-RAY | python-gnupg Summary
-- coding: utf-8; mode: rst; --. pretty-bad-protocol (a.k.a. python-gnupg) |On PyPI|. Complete rewrite of `Vinay Sajip’s python-gnupg `__, including patches to fix a shell injection vulnerability due to unsanitised inputs being passed to subprocess.Popen([…], shell=True).
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Handle the status of a key
- Fix the trustdb
- Create the trustdb file in the homedir
- Fix a trustdb file
- Copy data from instream to outstream
- Find the encodings
- Convert unicode to binary
- Parse the response from the server
- Given a line start with the prefix
- Export a new key to a file
- Display a new key
- Create a GnuPG batchfile
- Create a key from a batchfile
- Emit a record
- Send keys to a key server
- Default preference list
- Install the version file
- Create a logger
- Set the home directory
- Find the path to a binary
- Get requirements from requirements txt file
- Setter for generated keys
- Handle key event
- Parse the status key
- Generate a password
- Handle a status message
python-gnupg Key Features
python-gnupg Examples and Code Snippets
Community Discussions
Trending Discussions on python-gnupg
QUESTION
I'm trying to use a lambda function to decrypt files coming to S3, I download the files without issues, but when I try to decrypt them the gpg can not be found. I;ve tried using both python-gnupg
and gnupg
but both failed mentioning that gnupg is not available on the OS. Below my code for isntantiating GPG in python
It works well with python 3.7, but if I upgrade to 3.8, Lambda uses AMazon Linux 2, which doesn't come with gpg. How cna I make it work with python 3.8 in Lambda?
gpg = gnupg.GPG(gnupghome='/tmp')
Error:
...ANSWER
Answered 2021-Apr-28 at 17:22You have to bundle the gpg binary and its dependencies and deliver them in your package. In my package i bundle them into a folder named 'gpg', then when I use gpg in my Lambda function, I do this:
QUESTION
For encrypting and signing a message I want to use the python-gnupgp module. The module is a wrapper of gnupgp. The encryption works fine, but if I specify the sign option I get an error.
gpg: WARNING: unsafe permissions on homedir '/home//Programming/GnuPGP/pgphome'\ngpg: Warning: not using 'xxx' as default key: No secret key\ngpg: all values passed to '--default-key' ignored\n[GNUPG:] KEY_CONSIDERED xxx 0\n[GNUPG:] KEY_CONSIDERED AADFCABF9D6B54C7938195737DC2E276767872B0 0\ngpg: no default secret key: No secret key\n[GNUPG:] INV_SGNR 9\n[GNUPG:] FAILURE sign-encrypt 17\ngpg: [stdin]: sign+encrypt failed: No secret key\n"
But I have imported a secret key and want to encrypt using the other_public.asc
and sign with my own private key.
I use the module python-openpgp. This is my code:
...ANSWER
Answered 2021-Mar-26 at 11:24I guess the problem doesn't come from the code but from the fact that the python-gnupg wrapper uses directly the gpg executable, thus is bound by the gpg executable requirements.
Reading the error messages, you can see that the gpg executable refuses your secret key :
QUESTION
There is a web page with a large piece of text on it.
I want to configure the state to perform a certain action if curl returns an error.
If the variable doesn't contain 'StatusDescription : OK'
How can I set up a check for a piece of text that is inside a variable
...ANSWER
Answered 2021-Mar-10 at 10:54I want to configure the state to perform a certain action if curl returns an error.
There is a Salt state called http which can query
a URL and return the status. Using this (instead of curl
) we can check for the status code(s) (200, 201, etc.), as well as matching text. Then we can use requisites to run subsequent states depending on the success/failure of the http.query
.
Example:
I have added a check for status code of 200, you can omit - status: 200
if you don't care about the status code.
QUESTION
During the execution of the state, the manager "Chocolate" installs the package RealVNC (Program Files\Real VNC) Next, I create a key in the registry. I want the keys to be created only if the VNC installation was successful. I have tried
...ANSWER
Answered 2021-Feb-02 at 06:08The requisites that we mention, such as require
, watch
, etc. should be references to other states that are "scheduled" to run on the targets.
About watch
Even though the path is created by installing the "realvnc" package, there is no Salt state to handle the path. That is why it is showing the error.
Quoting from documentation for watch
:
A
watch
requisite is used to add additional behavior when there are changes in other states.
So if you want to watch on a file, then there should be a state that "handles" the file using the file
module.
About require
Also, while specifying require
you are referring to pkg
module, so Saltstack would look for pkg.installed
for realvnc. Whereas you are using chocolatey.installed
.
So with below modifications it should work fine.
QUESTION
How do I include gpg
(and all its dependencies) when I build my app with PyInstaller?
I'm releasing my python app as standalone executables for Linux, Windows, and MacOS using PyInstaller
. I need to use gpg
, so I'm using the python-gnupg
module -- which basically just shells out to the locally-installed gpg
binary on the system.
Because my app is designed to be a "portable" executable (I use PyInstaller
to ship it with the python
interpreter and all the other dependencies), I want to include gpg
with my releases so the user doesn't have to install it on their machine.
How can I add the gpg
binary and all its dependencies for the python-gnupg
module using PyInstaller
targeting Linux, Windows, and MacOS?
ANSWER
Answered 2020-Aug-20 at 13:23You can package GnuPG with your PyInstaller-built app by adding the gpg
binary and all its dependencies using the Analysis.datas
key.
On windows, I got this to work with trial and error. First I just searched the entire system for the gpg.exe
binary. In powershell:
QUESTION
I'm trying to achieve the functionality provided by the following bash command in Python.
...ANSWER
Answered 2020-Mar-26 at 03:26You can use the input
argument to run()
/check_output()
:
QUESTION
I'm building a python3 application, that generates a GPG key, asks for a passphrase and de/encrypts files. I want, that the correct passphrase input is required every start of the application.
Currently it seems, that the gpg-agent still holds the passphrase after the application is closed. A restart of the application does not require the correct passphrase to decrypt the data.
So I've had the idea to export the keys (public and private) into an ASCII armored file, import it on the start and deleting the keys again from the keyring, when the application closes. When I try to delete the keys (private key first, as described here at the documentation) and show the stderr of the resulting object, it shows me a "No Pinentry" Error.
I've written a short test program:
...ANSWER
Answered 2019-Jul-23 at 19:16I now solved the issue.
When deleting the secret key, GPG tries to invoke pinentry, which will display a graphical confirmation dialog. As here GPG is invoked from a python script, it seems, that it does not know of any graphical desktop, where it could show this dialog, so it gives out an error (at least that is my interpretation of the problem).
This can be solved, by telling the GPG object, to provide the option --yes
to all gpg commands. This will deactivate the confirmation dialog. So I just changed the definition line of the GPG object to
QUESTION
I am trying to encrypt a text file in Python 3.6 using python-gnupg, and a public key provided by a client, for which they have a private key to decrypt it with. I don't have access to that key. Despite python-gnupg appearing to successfully encrypt the file (though with some confusing errors appearing in the log), the client is unable to decrypt it. We're told the error they're getting is gpg: decryption failed: No secret key
When we tested encrypting a file using Cryptophane (different computer, running Windows instead of Ubuntu) and the same public key, they were able to decrypt it. This is how the encryption was successfully done manually for months. When testing the same code with our company public key, we were able to decrypt it using our private key and Cryptophane.
I've googled extensively for the error messages and general problem, and haven't found anything that seemed to be the same problem getting solved.
Here's the relevant code. filepath
is the relative path to the file to be encrypted. pgp_key_name
is the name of the .asc file containing the public key. pgp_key_dir
is the directory it's in.
ANSWER
Answered 2019-Mar-25 at 19:35Resolved.
In this case, it was the client's error. We later attempted to encrypt the file using a variety of slightly different options, including many done from the command line, and from Python. They were able to decrypt every single one.
For the sake of helping some others down the line, here are a few things that I've learned since starting on this journey:
There are two distinct packages both named python-gnupg.
- The original one (from what I understand): https://pythonhosted.org/python-gnupg/
- And a fork of it: https://github.com/isislovecruft/python-gnupg
Since these packages share a name, it is very confusing when googling errors in one or the other. Doing pip install python-gnupg
seems to always download the second one. My experience is almost entirely with this second one, so keep that in mind when reading everything else in this post.
On CentOS 6,
/usr/bin/gpg
is a symlink that points to/usr/bin/gpg2
. Python-GNUPG logs errors noting this, but then it seems to find/usr/bin/gpg2
just fine.Regarding the error
Could neither invoke nor terminate a gpg process...
: While this concerned me, this also appears to have had no effect at all on any functionality. Your mileage may vary.Compatibility issues are possible between the Python-GNUPG version and gpg binary version. This can lead to
Unknown status message: [SOME-GPG-MESSAGE]
errors; for example:Unknown status message: PINENTRY_LAUNCHED
which I believe arises when gpg tries to bring up the passphrase prompt (which it does not do in older versions!). If you are NOT trying to make a module with different uses on different OSes (we were), you can try your luck with manually editing the python-gnupg source code once youpip install
the package. Specifically, inpretty_bad_protocol._parsers.py
in the_handle_status
method, there is a tuple of known status messages; just add in any of the "unknown" status messages there, and that error won't trip in the future. I mean, you're on your own after that, but it was something that we tried and it doesn't appear to have harmed anything.
Best of luck to anyone trying to do pgp encryption in the future.
QUESTION
I am creating a package that depends on the python-gnupg
PyPi package. In Python it is imported as gnupg
.
It is installed during the setup of my package.
Unfortunately there is the gnupg
PyPi package which is also imported as gnupg
in Python.
How do I make sure that the right package is called when I run from gnupg import ...
? I want my package to work for users who have already installed the 'wrong' gnupg
in their Python distribution and now have both packages residing in their site-packages directory.
ANSWER
Answered 2019-Mar-01 at 15:21You can load a module by its full path. That way you are sure which one is loaded:
QUESTION
I have a script that I want to email newly generated files in a given folder. I have been able to generate and send emails (without encryption) by using smtplib, email and uu. I also managed to successfully send a gpg encrypted without attachments.
Sending a gpg encrypted email with attachment has been a challenge however.
I used the python-gnupg library to create a cipher text for the file and thought I could just email that as the body of the email. This is along the lines of what I tried.
...ANSWER
Answered 2019-Feb-05 at 06:30This is what I managed to come up with to get a working gnupg encrypted email with attachment. I used an email sent from thunderbird using enigmail as a template.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
Install python-gnupg
You can use python-gnupg like any standard Python library. You will need to make sure that you have a development environment consisting of a Python distribution including header files, a compiler, pip, and git installed. Make sure that your pip, setuptools, and wheel are up to date. When using pip it is generally recommended to install packages in a virtual environment to avoid changes to the system.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page