def __init__(self, config, secrets):
try:
dataKeyBytes = config.get("key", None)
except AttributeError as e:
raise InvalidConfig(original=e)
if not dataKeyBytes or dataKeyBytes == "":
msg = ("crypto.key is not a string, "
"Remove the crypto property if encryption is not needed")
raise InvalidConfig(message=msg)
privateKey = secrets.get("privateKey", None)
if not privateKey or privateKey == "":
msg = ("No gpg private key provided for decryption. "
"Remove the crypto property if encryption is not needed")
raise InvalidConfig(message=msg)
gpgKey = PGPKey()
gpgKey.parse(privateKey)
password = secrets.get("privateKeyPassword", None)
if password:
try:
gpgKey.unlock(password)
except PGPDecryptionError as err:
raise BadGPGKeyPasswordError(gpgKey.userids[0])
with warnings.catch_warnings():
# prevents warning of type `UserWarning: Message was encrypted with this key's subkey: ...`
warnings.simplefilter("ignore", category=UserWarning)
dataKey = gpgKey.decrypt(
PGPMessage.from_blob(dataKeyBytes)).message
DataKeyService.__init__(self, dataKey)
def _decrypt(encrypted_data: str, key: PGPKey):
encrypted_msg = PGPMessage.from_blob(encrypted_data)
msg = key.decrypt(encrypted_msg)
return str(msg.message)