def __init__(self, config, secrets): try: dataKeyBytes = config.get("key", None) except AttributeError as e: raise InvalidConfig(original=e) if not dataKeyBytes or dataKeyBytes == "": msg = ("crypto.key is not a string, " "Remove the crypto property if encryption is not needed") raise InvalidConfig(message=msg) privateKey = secrets.get("privateKey", None) if not privateKey or privateKey == "": msg = ("No gpg private key provided for decryption. " "Remove the crypto property if encryption is not needed") raise InvalidConfig(message=msg) gpgKey = PGPKey() gpgKey.parse(privateKey) password = secrets.get("privateKeyPassword", None) if password: try: gpgKey.unlock(password) except PGPDecryptionError as err: raise BadGPGKeyPasswordError(gpgKey.userids[0]) with warnings.catch_warnings(): # prevents warning of type `UserWarning: Message was encrypted with this key's subkey: ...` warnings.simplefilter("ignore", category=UserWarning) dataKey = gpgKey.decrypt( PGPMessage.from_blob(dataKeyBytes)).message DataKeyService.__init__(self, dataKey)
def _decrypt(encrypted_data: str, key: PGPKey): encrypted_msg = PGPMessage.from_blob(encrypted_data) msg = key.decrypt(encrypted_msg) return str(msg.message)