Using Python for GPG/PGP File Encryption

Using Python for GPG/PGP File Encryption - Part 2

Previously we looked at creating keys, importing public and private keys and the overall setup of gnupg with python. This time around, we're going to take a look at file encryption. Overall the file encryption process is fairly general/easy. But it lacks in the area of scaleablilty, ie to start, you'll only be encrypting one file at a time, which can be done outside of Python with ease. The idea of going over everything in Python, is that you can setup a script to encrypt multiple files in a folder (look for that in Part 3).

Assumptions; you have python, and python-gnupg installed, and a public key from someone you want to encrypt and send files to imported to your keystore home (see Part 1 for more information here.

Let's get started with Python file encryption. Start off by getting into your python shell, and enter the following:

>>> import os
>>> import gnupg
>>> gpg_home = "/path/to/keyfile/.gnupg"
>>> gpg = gnupg.GPG(gnupghome=gpg_home)
>>> pub_key = 'fingerprint of public key'
>>> source = "/path/to/file.txt"

OK, let's take a look at what we have so far. We've setup our environment with the keyfile that gnupg is going to use, entered the path and name of the file we're going to encrypt, and told the system what public key to use. Let's keep going:

>>> unenc_file = open(source, "rb")
>>> enc_file = source+".pgp"

Pause. What we have here is that we've opened the file we want encrypted (because that's how pgp works), and we've setup the "pgp" extension for the final encrypted file. Now, you can alternate "pgp" and "gpg". Make sure you and the person you're sending this to know which extension to expect, however both work the same way.

>>> gpg.encrypt_file(unenc_file,pub_key,always_trust=True,output=enc_file)

Now, this line here takes all the variables we've just setup and completes the encryption.

>>> unenc_file.close()
>>> exit()

These last two lines closes the unencrypted file and exits the python shell. You should now have one unencrypted file and on encrypted one.

Now, the only other consideration is if you need to sign the file with your private key. This can be done by simply adding the variable:

>>> sign_key = 'fingerprint of private key'

And changing the GPG encryption line to:

>>> gpg.encrypt_file(unenc_file,pub_key,sign=sign_key,always_trust=True,output=enc_file)

And that's it. You can now encrypt one file at a time with python. Next time on this topic, we'll setup a script to automate the process and encrypt all the files in a specified folder.

Comments

Visio Stencils Pack for Azure and Microsoft Integration (v5.0.0)

First off, I'd like to send a big shout out to Sandro Pereira who's been managing the vision stencils pack. Essentially, I'm re-posting his information here, because I had a really hard time finding the latest Visio pack for Azure, that wasn't a bunch of SVG's. My thought is that if more people re-post, maybe the search engines of the internet will have an easier time propagating the information... Sandero's Blog (the original post around the new stencils): https://blog.sandro-pereira.com/2019/10/18/microsoft-integration-and-azure-stencils-pack-for-visio-new-major-version-available-v5-0-0/ Sandero's GitHub: https://github.com/sandroasp/Microsoft-Integration-and-Azure-Stencils-Pack-for-Visio Microsoft TechNet Download: https://gallery.technet.microsoft.com/Collection-of-Integration-e6a3f4d0 I will say, and maybe it's just because I'm using Visio 2013, each icon has a boarder that needs to be removed when putting it on the page... Likely it

Disable Security Features to Dual Boot OS X - El Capitan

So, I've recently been working on updating/rebuilding my latest little friend (an 11" MacBook Air) to dual boot the latest OS X, El Capitan, and Kali. I'll go over everything in full detail as soon as I can finish the setup, but I wanted to get this out there for anyone else that may stumble upon any issues with setting up rEFInd on an updated mac. To start, while on Yosemite, I downloaded El Capitan from the App Store, and copied the install files to a USB. From there I preformed my upgrade. This might not be a good option for some people, as I'm sure your mac might be your primary computer... For me, that's not a problem. I tend to keep my essentials on USB drives / cloud storage as I tend to need access from different devices (phone, computer, tablet, etc.). After preforming a clean install of El Capitan, I headed over to the rEFInd website, download the program and ran the install.sh script... Now, that appears to work, like it did with pervious versions of

Windows Server 2008: Log on as batch job

From time to time, I have to set up some scheduled tasks that required a dedicated account to run. And when doing so, I'll usually forget that the dedicated account usually isn't given any more permissions than what it needs to complete the task at hand. So, after setting up the task, Windows will usually yell at me and say "The account needs batch job rights". So here's how to grant batch job permissions on your server. Go to your start menu, and start searching for Local Security Policy In the left pane of the MMC that opens up, expand Local Policies, and highlight User Rights Assignment. Now, in the left right pane, locate "Log on as a batch job" and double click it. In the properties window that opens up, add the user or group that needs this permission. I find that if you have multiple service accounts running different tasks on the same server, it's easier to just add a group verses the individual a

irregular spline

Search This Blog