转载: http://blog.sina.com.cn/s/blog_71f3890901011ihw.html
参考: http://pythonhosted.org/python-gnupg/
Date: 2011-10-28 | Modified:2012-04-08 | Tags: python | 1 Comment
python-gnupg is a Python packagefor encrypting and decrypting strings or files using GNU Privacy Guard(GnuPG or GPG). GPG is an open source alternative to PrettyGood Privacy (PGP). A popular use of GPG and PGP is encrypting email. Formore information, see the python-gnupgdocumentation. Another option for encrypting data from Python is keyczar.
Install
This installs the Ubuntu GPG package, creates a test user, and installs thePython package, python-gnupg. This was installed on Ubuntu 10.10 MaverickMeerkat.
$ sudo apt-get install gnupg
$ sudo adduser testgpguser
$ sudo su testgpguser
$ cd
$ virtualenv --no-site-packages venv
$ source venv/bin/activate
$ pip install python-gnupg
Generate a key
This creates a GPG key. This also creates the gpghomedirectory if it does not exist. You may need to supply random hardware activityduring the key generation. See the docs for more information. To generate randomnumbers, you can also install the rng-tools package.$ sudo apt-get installrng-tools
import os
import gnupg
os.system('rm -rf /home/testgpguser/gpghome')
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
input_data = gpg.gen_key_input( name_email='[email protected]',passphrase='my passphrase')
key = gpg.gen_key(input_data)
print key
B0F4CF530036CE8CD1C064F17D32CEE72C015CD5
Export keys
import gnupggpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
ascii_armored_public_keys = gpg.export_keys(key)
ascii_armored_private_keys = gpg.export_keys(key, True)
with open('mykeyfile.asc', 'w') as f:
f.write(ascii_armored_public_keys)
f.write(ascii_armored_private_keys)
(venv)testgpguser@mymachine:~$ catmykeyfile.asc
(venv)testgpguser@mymachine:~$ cat mykeyfile.asc -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) mI0ETqrVGAEEAP42Xs1vQv40MxA3/g/Le5B0VatnDYaSvAhiYfaub79HY4mjYcCD FPDo5b54PSzyhlVsz5RL46+RE9NpQ2JdvFofWi7eVzfdmmTtNYEaiUSmzLUq73Vz qu7P1RhOfwuAyW0otnw/Lw54MVjVZblvp3ln1Fcpleb9ZSrY1h61Y8pHABEBAAG0 REF1dG9nZW5lcmF0ZWQgS2V5IChHZW5lcmF0ZWQgYnkgZ251cGcucHkpIDx0ZXN0 Z3BndXNlckBteWRvbWFpbi5jb20+iLgEEwECACIFAk6q1RgCGy8GCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAAoJEH0yzucsAVzVBjwD/1KgTx1y3cpuumu1HF0GtQV0 Wn7l9OaSj98CqQ/f2emHD1l9rrjdt9jm1g7wSsWumpKs57vxz7NXwHw7mI4qZ5m0 cvg/qRc/BBMP8v2WgzRsmls97Pplaate1k3QfvDCVs6F1qiIQyELffjxBHbmWPhx XEwhnpLcvk2l7NbNnEwA =exDD -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) lQH+BE6q1RgBBAD+Nl7Nb0L+NDMQN/4Py3uQdFWrZw2GkrwIYmH2rm+/R2OJo2HA gxTw6OW+eD0s8oZVbM+US+OvkRPTaUNiXbxaH1ou3lc33Zpk7TWBGolEpsy1Ku91 c6ruz9UYTn8LgMltKLZ8Py8OeDFY1WW5b6d5Z9RXKZXm/WUq2NYetWPKRwARAQAB /gMDAq5W6uxeU2hDYDPZ1Yy+e97ppNXmdAeq1urZHmiPr4+a36nOWd6j0R/HBjG3 ELD8CqYiQ0vx8+F9rY/uwKga2bEkJsQXjvaaZtu97lzPyp2+avsaw2G+3jRAJWNL 5YG4c/XwK1cfEajM23f7zz/t6TRWG+Ve2Dzi7+obA0LuF8czSlpiTTEzLDk8QJCK y2WmrZ+s+POWv3itVpI26o7PvTQESzwyKXdyCW2W66VnXTm4mQEL6kgyV0oO6xIl QUVSn2XWvwFMg2iL+02zA467rsr1x6Nl8hEQJ**JCejD2z+4C4yzEeQGFP9WUps pbMedAjDHebhC9FzbW7yuQ3H7iTCK1mvidAFw2wTdrkH61ApzmSo/rSTSxXw7hLT M/ONgYZtvr+CpJj+mIu1XvVDiftvMhXlwcvM8c9PB3zv+086K7kJDTnzPgYvL0H/ +V2b9X9BBfAax40MQuxZJWseaLtsxXyl/rhn8jSCFZoqtERBdXRvZ2VuZXJhdGVk IEtleSAoR2VuZXJhdGVkIGJ5IGdudXBnLnB5KSA8dGVzdGdwZ3VzZXJAbXlkb21h aW4uY29tPoi4BBMBAgAiBQJOqtUYAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIX gAAKCRB9Ms7nLAFc1QY8A/9SoE8dct3KbrprtRxdBrUFdFp+5fTmko/fAqkP39np hw9Zfa643bfY5tYO8ErFrpqSrOe78c+zV8B8O5iOKmeZtHL4P6kXPwQTD/L9loM0 bJpbPez6ZWmrXtZN0H7wwlbOhdaoiEMhC3348QR25lj4cVxMIZ6S3L5NpezWzZxM AA== =v9Z7 -----END PGP PRIVATE KEY BLOCK-----
Import keys
import gnupgfrom pprint import pprint
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
key_data = open('mykeyfile.asc').read()
import_result = gpg.import_keys(key_data)
pprint(import_result.results)
[{'fingerprint': u'B0F4CF530036CE8CD1C064F17D32CEE72C015CD5', 'ok': u'0', 'text': 'Not actually changed\n'}, {'fingerprint': u'B0F4CF530036CE8CD1C064F17D32CEE72C015CD5', 'ok': u'16', 'text': 'Contains private key\nNot actually changed\n'}]
List keys
import gnupgfrom pprint import pprint
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
public_keys = gpg.list_keys()
private_keys = gpg.list_keys(True)
print 'public keys:';pprint(public_keys);print 'private keys:';pprint(private_keys)
public keys:
[{'algo': u'1', 'date': u'1319818520', 'dummy': u'', 'expires': u'', 'fingerprint': u'B0F4CF530036CE8CD1C064F17D32CEE72C015CD5', 'keyid': u'7D32CEE72C015CD5', 'length': u'1024', 'ownertrust': u'u', 'trust': u'u', 'type': u'pub', 'uids': [u'Autogenerated Key (Generated by gnupg.py) ']}]
private keys:
[{'algo': u'1', 'date': u'1319818520', 'dummy': u'', 'expires': u'', 'fingerprint': u'B0F4CF530036CE8CD1C064F17D32CEE72C015CD5', 'keyid': u'7D32CEE72C015CD5', 'length': u'1024', 'ownertrust': u'', 'trust': u'', 'type': u'sec', 'uids': [u'Autogenerated Key (Generated by gnupg.py) ']}]
Encrypt a string
import gnupggpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
unencrypted_string = 'Who are you? How did you get in my house?'
encrypted_data = gpg.encrypt(unencrypted_string, '[email protected]')
encrypted_string = str(encrypted_data)
print 'ok: ', encrypted_data.ok; print 'status: ', encrypted_data.status; print'stderr: ', encrypted_data.stderr; print 'unencrypted_string: ',unencrypted_string; print 'encrypted_string: ', encrypted_string
ok: True
status: encryption ok
stderr: [GNUPG:] BEGIN_ENCRYPTION 2 9 [GNUPG:] END_ENCRYPTION
unencrypted_string: Who are you? How did you get in my house?
encrypted_string:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)
hIwDFuhrAS77HYIBBACXqZ66rkGQv8yE61JddEmad3fUNvbfkhBPUI9OSaMO3PbN
Q/6SIDyi3FmhbM9icOBS7q3xddQpvFhwmrq9e3VLKnV3NSmWo+xJWosQ/GNAA/Hb
cwF1pOtR6bRHFBkqtmpTYnBo9rMpokW8lp4WxFxMda+af8TlId8HC0WcRUg4kNJi
AdV1fsd+sD/cGIp0cAltpaVuO4/uwV9lKd39VER6WigLDaeFUHjWhJbcHwTaJYHj
qmy5LRciNSjwsqeMK4zOFZyRPUqPVKwWLiE9kImMni0Nj/K54ElWujgTttZIlBqV
5+c=
=SM4r
-----END PGP MESSAGE-----
Encrypt a string
import gnupggpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
unencrypted_string = 'Who are you? How did you get in my house?'
encrypted_data = gpg.encrypt(unencrypted_string, '[email protected]')
encrypted_string = str(encrypted_data)
decrypted_data = gpg.decrypt(encrypted_string, passphrase='my passphrase')
print 'ok: ', decrypted_data.ok print 'status: ', decrypted_data.status; print 'stderr:', decrypted_data.stderr; print 'decrypted string: ', decrypted_data.data
ok: True
status: decryption ok
stderr: [GNUPG:] ENC_TO 16E86B012EFB1D82 1 0 [GNUPG:] USERID_HINT16E86B012EFB1D82 Autogenerated Key (Generated by gnupg.py) [GNUPG:]NEED_PASSPHRASE 16E86B012EFB1D82 16E86B012EFB1D82 1 0 [GNUPG:] GOOD_PASSPHRASEgpg: encrypted with 1024-bit RSA key, ID 2EFB1D82, created 2011-11-02 "AutogeneratedKey (Generated by gnupg.py) " [GNUPG:] BEGIN_DECRYPTION [GNUPG:] PLAINTEXT 621320545729 [GNUPG:] PLAINTEXT_LENGTH 41 [GNUPG:] DECRYPTION_OKAY [GNUPG:]GOODMDC [GNUPG:] END_DECRYPTION
decrypted string: Who are you? How did you get in my house?
Encrypt a file
import gnupg
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
open('my-unencrypted.txt', 'w').write('You need to Google Venn diagram.')
with open('my-unencrypted.txt', 'rb') as f:
status = gpg.encrypt_file( f, recipients=['[email protected]'], output='my-encrypted.txt.gpg')
print 'ok: ', status.ok print 'status: ', status.status
print 'stderr: ', status.stderr
ok: True
status: encryption ok
stderr: [GNUPG:] BEGIN_ENCRYPTION 2 9 [GNUPG:] END_ENCRYPTION
(venv)testgpguser@mymachine:~$ cat my-encrypted.txt.gpg
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (GNU/Linux)
hIwDfTLO5ywBXNUBBADo7trFZUD6Ir1vPRAJsoQXDiiw32N1m9/PXWCnQqX0nyzW
LfluNMfLFQRclNPVEg+o91qhS71apKvagp8DW7SCDE2SdCYk8nAS3bwAg5+GUyDs
XY2E6BQ1cLA1eK1V6D15ih6cq0laRzWuFkehH9PQ5Yp4ZZOmCbopw7dufnYPjdJb
AVGLpZRq64SuN1BUWIHbO7vqQGFq7qhGQwuegblEMm4vyr6FBW6JA/x4G/PMfImZ
1cH6KBrWGWrLCTiU/FKG9JvOm8mg8NXzd/TVjPs6rHRaKPFln37T7cLUwA==
=FSQP
-----END PGP MESSAGE-----Decrypt a file
import gnupg
gpg = gnupg.GPG(gnupghome='/home/testgpguser/gpghome')
with open('my-encrypted.txt.gpg', 'rb') as f:
status = gpg.decrypt_file(f, passphrase='my passphrase', output='my-decrypted.txt')
print 'ok: ', status.ok
print 'status: ', status.status
print 'stderr: ', status.stderr
ok: True
status: decryption ok
stderr: [GNUPG:] ENC_TO 16E86B012EFB1D82 1 0 [GNUPG:] USERID_HINT 16E86B012EFB1D82 Autogenerated Key (Generated by gnupg.py) [GNUPG:] NEED_PASSPHRASE 16E86B012EFB1D82 16E86B012EFB1D82 1 0 [GNUPG:] GOOD_PASSPHRASE gpg: encrypted with 1024-bit RSA key, ID 2EFB1D82, created 2011-11-02 "Autogenerated Key (Generated by gnupg.py) " [GNUPG:] BEGIN_DECRYPTION [GNUPG:] PLAINTEXT 62 1320546031 [GNUPG:] PLAINTEXT_LENGTH 32 [GNUPG:] DECRYPTION_OKAY [GNUPG:] GOODMDC [GNUPG:] END_DECRYPTION
(venv)testgpguser@mymachine:~$ cat my-decrypted.txt
You need to Google Venn diagram.