Login/Register
Using python-gnupg to decrypt file encrypted with gpg
Asked Answered
pythonencryptioncryptographygnupg
C

1

9

I have a process that is creating a symmetrically encrypted file with gpg:

gpg --batch --passphrase=mypassphrase -c configure.txt

I can decrypt the encrypted file using gpg just fine with any user so long as I have the passphrase. This is as expected on this end.

I then have a python service running that periodically downloads this file, decrypts it, and uses the defined configuration. Well, it's supposed to decrypt it, but that's not what's happening. Here is a code listing:

import urllib.request
import gnupg

gpg = gnupg.GPG()
key = 'mypassphrase'
response = urllib.request.urlopen('http://www.example.org/configure.txt.gpg')
encrypted_file = response.read()
file = gpg.decrypt(encrypted_file, passphrase=key)

print(str(file))

The print is blank. If I inspect the file object, I see these attributes:

{
    '_gpg': <gnupg.gnupg.GPG object at 0x7f3d84675a90>,
    'valid': False,
    'status': 'decrypt 4294967295',
    'fingerprint': None,
    'pubkey_fingerprint': None,
    'key_id': None,
    'signature_id': None,
    'creation_date': None,
    'timestamp': None,
    'sig_timestamp': None,
    'username': None,
    'expire_timestamp': None,
    'trust_level': None, 
    'trust_text': None, 
    'subpackets': {}, 
    'notations': {}, 
    '_last_notation_name': None, 
    'data': b'', 
    'ok': False, 
    'data_format': None, 
    'data_timestamp': None, 
    'data_filename': None, 
    'stderr': 'gpg: no valid OpenPGP data found.\n[GNUPG:] NODATA 1\n[GNUPG:] NODATA 2\n[GNUPG:] FAILURE decrypt 4294967295\ngpg: decrypt_message failed: Unknown system error\n'
}

I've also tried opening the file directly and skipping the urlopen in case it was a problem with transmission. However, the resulting encrypted_file showed the same bytes and, ultimately, the same error and empty result.

I've researched this until I'm blue in the face. Even now I've probably got a dozen tabs open from various help sites, most of them from SO. All of them kind of doing what I'm doing, but not exactly and, ultimately, not my solution. Searching for the text in stderr mainly results in a lot of folks getting errors downloading and installing keys.

This SO question seems the closest, but they're not using symmetric encryption and so they're running into user certificate and key problems. Like I said, I can decrypt the file with any user so long as I have the passphrase so I don't think that's my problem.

I'm not even close to being an expert with file encryption and I'm sure I'm making some kind of wrong assumption.

Cheers!

Chemosynthesis answered 19/3, 2019 at 16:57 Comment(0)
G
1

You were using the below instruction

gpg = gnupg.GPG()

Instead provide gnupghome(path of the keys) in the GPG( )

gpg = gnupg.GPG(gnupghome='/home/linuxman/.gnupg')

where '/home/linuxman/.gnupg' is the path where the keys are listed.

Use gpg --list-keys (or) gpg --list-secret-keys to find the keys and the path where the keys are listed

Usually this path will be the home directory

Godding answered 21/5, 2021 at 12:27 Comment(1)
how do you get this on a windows machine?Shuler

© 2022 - 2024 — McMap. All rights reserved.