`safe.gpg`¶

Facilities for interacting with GPG encrypted files.

author:	Joe Joyce <joe@decafjoe.com>
copyright:	Copyright (c) Joe Joyce and contributors, 2016-2019.
license:	BSD

safe.gpg.PREFERRED_CIPHER = 'aes256'¶

Name of the cipher to use if unspecified in GPGFile.save().

Type:	`str`

exception safe.gpg.GPGError(message, stdout, stderr)[source]¶

Bases: exceptions.Exception

Raised for errors from this module.

__init__(message, stdout, stderr)[source]¶

Instantiate the error.

Parameters:	message (str) – Short message describing the error stdout (`str` or `None`) – Standard output related to the error stderr (`str` or `None`) – Standard error related to the error

stderr = None¶

Standard error associated with the error.

Type:	`str` or `None`

stdout = None¶

Standard out associated with the error.

Type:	`str` or `None`

class safe.gpg.GPGFile(path)[source]¶

Bases: object

Manage decryption and encryption of a GPG file.

_homedir = None¶

Home directory to use for GnuPG calls (i.e. the --homedir argument). Defaults to ~/.gnupg. This attribute exists to allow tests to tweak the GnuPG environment while running, and is not otherwise used.

Type:	`str`

_keyid = None¶

Keyid to which the file was encrypted. Populated when decrypt_to() is called.

Type:	`str` or `None` (if file is symmetrically encrypted)

_password = None¶

Password with which file was encryted. Populated when decrypt_to() is called.

Type:	`str` or `None` (if file is asymmetrically encrypted)

_path = None¶

Path to the encrypted file.

Type:	`str`

_symmetric = None¶

Boolean indicating whether the file is symmetrically encrypted. If false, the file is asymmetrically encrypted.

Type:	`bool`

KEYID_RE = <_sre.SRE_Pattern object>¶

Regex matching the keyid output string from gpg --list-packets.

Type:	`re.compile()`

__init__(path)[source]¶

Instantiate the file wrapper.

Parameters:	path (str) – Path to the GPG encrypted file
Raise:	`GPGError` if file cannot be read

decrypt_to(path, password=None)[source]¶

Decrypt file to path using password.

If decryption is successful, this will cache the password/keyid for use in subsequent calls to save().

Parameters:	path (str) – Path to which to decrypt file password (`str` if file is symmetrically encrypted else `None`) – Password for file, if encrypted symmetrically
Raise:	`GPGError` if decryption fails
Return type:	`None`

save(source, cipher='aes256')[source]¶

Save plaintext file source back to the original path, encrypted.

decrypt_to() must be called before calling this method. Certain values needed by this method are cached when a file is decrypted. (Namely, password for symmetrically encrypted files and keyid for asymmetrically encrypted files.)

Parameters:	source (str) – Path to file to save cipher (str) – Cipher to use for encryption (defaults to `PREFERRED_CIPHER`)
Raise:	`GPGError` if encryption fails (original encrypted file is left untouched)
Return type:	`None`

symmetric¶: If true, file is encrypted symmetrically (i.e. with a password).

safe.gpg.get_gpg_executable()[source]¶

Return GPG executable, raising a GPGError if not found.

This will first look for an executable named gpg2, returning it immediately if found. If gpg2 does not exist but gpg does, this function runs gpg --version to check the version. If version 2, the absolute path to the executable is returned.

Failure to find a GPG2 executable results in a GPGError being raised.

Raise:	`GPGError` if GPG executable is not found
Returns:	Absolute path to the GPG executable
Return type:	`str`

class safe.gpg.GPGSubprocess(command)[source]¶

Bases: safe.util.Subprocess

Convenience class for running GPG commands.

__init__(command)[source]¶

Instantiate the subprocess.

Parameters:	command (`tuple()` of arguments, not including `gpg` itself at the beginning) – Arguments to pass to GPG

safe.gpg¶

`safe.gpg`¶