def encrypt_file(self, file, recipients, sign=None,
always_trust=False, passphrase=None,
armor=True, output=None, no_literal=False):
"""
Encrypt the message read from the file-like object 'file'
We patch the original version to add an optional --no-literal parameter
"""
args = []
if no_literal:
args.append('--no-literal --encrypt')
else:
args.append('--encrypt')
if armor: # create ascii-armored output - set to False for binary output
args.append('--armor')
if output: # write the output to a file with the specified name
if os.path.exists(output):
os.remove(output) # to avoid overwrite confirmation message
args.append('--output %s' % output)
if not _is_sequence(recipients):
recipients = (recipients,)
for recipient in recipients:
args.append('--recipient %s' % recipient)
if sign:
args.append("--sign --default-key %s" % sign)
if always_trust:
args.append("--always-trust")
result = Crypt(self.encoding)
self._handle_io(args, file, result, passphrase=passphrase, binary=True)
logger.debug('encrypt result: %r', result.data)
return result
def encrypt_file(self, file, recipients, sign=None,
always_trust=False, passphrase=None,
armor=True, output=None, symmetric=False,
cipher_algo=None):
"Encrypt the message read from the file-like object 'file'"
args = ['--encrypt']
if symmetric:
args = ['--symmetric']
if cipher_algo:
args.append('--cipher-algo %s' % cipher_algo)
else:
args = ['--encrypt']
if not _is_sequence(recipients):
recipients = (recipients,)
for recipient in recipients:
args.append('--recipient "%s"' % recipient)
if armor: # create ascii-armored output - set to False for binary
args.append('--armor')
if output: # write the output to a file with the specified name
if os.path.exists(output):
os.remove(output) # to avoid overwrite confirmation message
args.append('--output "%s"' % output)
if sign:
args.append('--sign --default-key "%s"' % sign)
if always_trust:
args.append("--always-trust")
result = self.result_map['crypt'](self)
self._handle_io(args, file, result, passphrase=passphrase, binary=True)
logger.debug('encrypt result: %r', result.data)
return result
def encrypt_file(self, file, recipients, sign=None,
always_trust=False, passphrase=None,
armor=True, output=None, symmetric=False,
cipher_algo=None):
"""
Encrypt the message read from the file-like object 'file'.
:param file: The file to be encrypted.
:type data: file
:param recipient: The address of the public key to be used.
:type recipient: str
:param sign: Should the encrypted content be signed?
:type sign: bool
:param always_trust: Skip key validation and assume that used keys
are always fully trusted?
:type always_trust: bool
:param passphrase: The passphrase to be used if symmetric encryption
is desired.
:type passphrase: str
:param armor: Create ASCII armored output?
:type armor: bool
:param output: Path of file to write results in.
:type output: str
:param symmetric: Should we encrypt to a password?
:type symmetric: bool
:param cipher_algo: Algorithm to use.
:type cipher_algo: str
:return: An object with encrypted result in the `data` field.
:rtype: gnupg.Crypt
"""
args = ['--encrypt']
if symmetric:
args = ['--symmetric']
if cipher_algo:
args.append('--cipher-algo %s' % cipher_algo)
else:
args = ['--encrypt']
if not _is_sequence(recipients):
recipients = (recipients,)
for recipient in recipients:
args.append('--recipient "%s"' % recipient)
if armor: # create ascii-armored output - set to False for binary
args.append('--armor')
if output: # write the output to a file with the specified name
if os.path.exists(output):
os.remove(output) # to avoid overwrite confirmation message
args.append('--output "%s"' % output)
if sign:
args.append('--sign --default-key "%s"' % sign)
if always_trust:
args.append("--always-trust")
result = self.result_map['crypt'](self)
self._handle_io(args, file, result, passphrase=passphrase, binary=True)
logger.debug('encrypt result: %r', result.data)
return result
def export_keys(
self,
keyids,
secret=False,
armor=True,
minimal=False,
passphrase=None,
expect_passphrase=True,
):
"""
Export the indicated keys. A 'keyid' is anything gpg accepts.
Since GnuPG 2.1, you can't export secret keys without providing a
passphrase. However, if you're expecting the passphrase to go to gpg
via pinentry, you should specify expect_passphrase=False. (It's only
checked for GnuPG >= 2.1).
"""
which = ""
if secret:
which = "-secret-key"
if (
self.version >= (2, 1)
and passphrase is None
and expect_passphrase
):
raise ValueError(
"For GnuPG >= 2.1, exporting secret keys "
"needs a passphrase to be provided"
)
if gnupg._is_sequence(keyids):
keyids = [gnupg.no_quote(k) for k in keyids]
else:
keyids = [gnupg.no_quote(keyids)]
args = ["--export%s" % which]
if armor:
args.append("--armor")
if minimal:
args.extend(["--export-options", "export-minimal"])
args.extend(keyids)
result = self.result_map["export"](self)
if not secret or self.version < (2, 1):
p = self._open_subprocess(args)
self._collect_output(p, result, stdin=p.stdin)
else:
f = gnupg._make_binary_stream("", self.encoding)
try:
self._handle_io(
args, f, result, passphrase=passphrase, binary=True
)
finally:
f.close()
gnupg.logger.debug("export_keys result: %r", result.data)
if armor:
result.data = result.data.decode(self.encoding, self.decode_errors)
return result
def openEncryptStream(self, instream, recipients, sign=None, passphrase=None, compress=True):
args = ['--encrypt']
if not recipients:
raise ValueError('No recipients specified')
if not gnupg._is_sequence(recipients):
recipients = (recipients,)
for recipient in recipients:
args.extend(['--recipient', gnupg.no_quote(recipient)])
return self.__openEncryptStream(instream, args,
sign=sign, passphrase=passphrase, compress=compress)
def delete_keys(
self,
fingerprints,
secret=False,
passphrase=None,
expect_passphrase=True,
):
"""
Delete the indicated keys.
Since GnuPG 2.1, you can't delete secret keys without providing a
passphrase. However, if you're expecting the passphrase to go to gpg
via pinentry, you should specify expect_passphrase=False. (It's only
checked for GnuPG >= 2.1).
"""
which = "key"
if secret: # pragma: no cover
if (
self.version >= (2, 1)
and passphrase is None
and expect_passphrase
):
raise ValueError(
"For GnuPG >= 2.1, deleting secret keys "
"needs a passphrase to be provided"
)
which = "secret-key"
if gnupg._is_sequence(fingerprints): # pragma: no cover
fingerprints = [gnupg.no_quote(s) for s in fingerprints]
else:
fingerprints = [gnupg.no_quote(fingerprints)]
args = []
if secret and passphrase and expect_passphrase:
args = ["--yes"]
args.append("--delete-%s" % which)
args.extend(fingerprints)
result = self.result_map["delete"](self)
if not secret or self.version < (2, 1):
p = self._open_subprocess(args)
self._collect_output(p, result, stdin=p.stdin)
else:
# Need to send in a passphrase.
f = gnupg._make_binary_stream("", self.encoding)
try:
self._handle_io(
args, f, result, passphrase=passphrase, binary=True
)
finally:
f.close()
return result
def receive_keys(self, fingerprints, keyserver=None, always_trust=False):
"""
Receive keys from public key servers
"""
if _is_sequence(fingerprints):
fingerprints = ' '.join(fingerprints)
args = []
if always_trust:
args.append('--always-trust')
args.append('--recv-keys %s' % fingerprints)
if keyserver:
args.append('--keyserver %s' % keyserver)
result = ImportResult()
logger.debug('receive_keys: %r', fingerprints)
p = self._open_subprocess(args)
self._collect_output(p, result, stdin=p.stdin)
logger.debug('receive_keys: %r', result.__dict__)
return result
def encrypt_file(self,
file,
recipients,
sign=None,
always_trust=False,
passphrase=None,
armor=True,
output=None,
symmetric=False,
cipher_algo=None):
"Encrypt the message read from the file-like object 'file'"
args = ['--encrypt']
if symmetric:
args = ['--symmetric']
if cipher_algo:
args.append('--cipher-algo %s' % cipher_algo)
else:
args = ['--encrypt']
if not _is_sequence(recipients):
recipients = (recipients, )
for recipient in recipients:
args.append('--recipient "%s"' % recipient)
if armor: # create ascii-armored output - set to False for binary
args.append('--armor')
if output: # write the output to a file with the specified name
if os.path.exists(output):
os.remove(output) # to avoid overwrite confirmation message
args.append('--output "%s"' % output)
if sign:
args.append('--sign --default-key "%s"' % sign)
if always_trust:
args.append("--always-trust")
result = self.result_map['crypt'](self)
self._handle_io(args, file, result, passphrase=passphrase, binary=True)
logger.debug('encrypt result: %r', result.data)
return result
def encrypt_file(self,
file,
recipients,
sign=None,
always_trust=False,
passphrase=None,
armor=True,
output=None,
symmetric=False,
cipher_algo=None):
"""
Encrypt the message read from the file-like object 'file'.
@param file: The file to be encrypted.
@type data: file
@param recipient: The address of the public key to be used.
@type recipient: str
@param sign: Should the encrypted content be signed?
@type sign: bool
@param always_trust: Skip key validation and assume that used keys
are always fully trusted?
@type always_trust: bool
@param passphrase: The passphrase to be used if symmetric encryption
is desired.
@type passphrase: str
@param armor: Create ASCII armored output?
@type armor: bool
@param output: Path of file to write results in.
@type output: str
@param symmetric: Should we encrypt to a password?
@type symmetric: bool
@param cipher_algo: Algorithm to use.
@type cipher_algo: str
@return: An object with encrypted result in the `data` field.
@rtype: gnupg.Crypt
"""
args = ['--encrypt']
if symmetric:
args = ['--symmetric']
if cipher_algo:
args.append('--cipher-algo %s' % cipher_algo)
else:
args = ['--encrypt']
if not _is_sequence(recipients):
recipients = (recipients, )
for recipient in recipients:
args.append('--recipient "%s"' % recipient)
if armor: # create ascii-armored output - set to False for binary
args.append('--armor')
if output: # write the output to a file with the specified name
if os.path.exists(output):
os.remove(output) # to avoid overwrite confirmation message
args.append('--output "%s"' % output)
if sign:
args.append('--sign --default-key "%s"' % sign)
if always_trust:
args.append("--always-trust")
result = self.result_map['crypt'](self)
self._handle_io(args, file, result, passphrase=passphrase, binary=True)
logger.debug('encrypt result: %r', result.data)
return result
