如何在 Python 中执行 PGP(生成密钥、加密/解密) [英] How to do PGP in Python (generate keys, encrypt/decrypt)
问题描述
我正在用 Python 制作一个程序,通过安装程序分发给 Windows 用户.
I'm making a program in Python to be distributed to windows users via an installer.
程序需要能够每天下载一个用用户公钥加密的文件,然后解密.
The program needs to be able to download a file every day encrypted with the user's public key and then decrypt it.
所以我需要找到一个 Python 库,它可以让我生成 PGP 公钥和私钥,并解密用公钥加密的文件.
So I need to find a Python library that will let me generate public and private PGP keys, and also decrypt files encrypted with the public key.
这是 pyCrypto 会做的事情吗(文档含糊不清)?还有其他纯 Python 库吗?任何语言的独立命令行工具怎么样?
Is this something pyCrypto will do (documentation is nebulous)? Are there other pure Python libraries? How about a standalone command line tool in any language?
到目前为止我看到的只是 GNUPG,但是在 Windows 上安装它会对注册表产生影响,并且会在任何地方抛出 dll,然后我不得不担心用户是否已经安装了它,如何备份他们现有的密钥环等.我宁愿只拥有一个 python 库或命令行工具并自己管理密钥.
All I saw so far was GNUPG but installing that on Windows does stuff to the registry and throws dll's everywhere, and then I have to worry about whether the user already has this installed, how to backup their existing keyrings, etc. I'd rather just have a python library or command line tool and mange the keys myself.
更新:pyME 可能可以工作,但它似乎与我必须使用的 Python 2.4 不兼容.
Update: pyME might work but it doesn't seem to be compatible with Python 2.4 which I have to use.
推荐答案
你不需要 PyCrypto 或 PyMe,虽然这些包可能是 - 你会有在 Windows 下构建的各种问题.相反,为什么不避开兔子洞并做我所做的呢?使用 gnupg 1.4.9.您不需要在最终用户机器上进行完整安装 - 只需 gpg.exe 和 iconv.dll 就足够了,您只需要拥有它们位于路径中的某处或使用完整路径名从 Python 代码访问.无需更改注册表,如果需要,所有内容(可执行文件和数据文件)都可以限制在一个文件夹中.
You don't need PyCrypto or PyMe, fine though those packages may be - you will have all kinds of problems building under Windows. Instead, why not avoid the rabbit-holes and do what I did? Use gnupg 1.4.9. You don't need to do a full installation on end-user machines - just gpg.exe and iconv.dll from the distribution are sufficient, and you just need to have them somewhere in the path or accessed from your Python code using a full pathname. No changes to the registry are needed, and everything (executables and data files) can be confined to a single folder if you want.
有一个 GPG.py 模块,它最初由 Andrew Kuchling 编写,由 Richard Jones 改进,由 Steve Traugott 进一步改进.它可用 here,但它不适合 Windows,因为它使用 os.fork().虽然最初是PyCrypto的一部分,它完全独立于PyCrypto的其他部分,只需要gpg.exe/iconv.dll即可工作.
There's a module GPG.py which was originally written by Andrew Kuchling, improved by Richard Jones and improved further by Steve Traugott. It's available here, but as-is it's not suitable for Windows because it uses os.fork(). Although originally part of PyCrypto, it is completely independent of the other parts of PyCrypto and needs only gpg.exe/iconv.dll in order to work.
我有一个源自 Traugott 的 GPG.py 的版本 (gnupg.py),它使用 subprocess 模块.它在 Windows 下运行良好,至少就我的目的而言 - 我用它来执行以下操作:
I have a version (gnupg.py) derived from Traugott's GPG.py, which uses the subprocess module. It works fine under Windows, at least for my purposes - I use it to do the following:
- 密钥管理 - 生成、列出、导出等
- 从外部来源导入密钥(例如从合作伙伴公司收到的公钥)
- 加密和解密数据
- 签署并验证签名
我拥有的模块现在不适合展示,因为它包含一些不应该存在的其他内容 - 这意味着我目前无法按原样发布它.在某个时候,也许在接下来的几周内,我希望能够整理它,添加更多单元测试(例如,我没有任何用于签名/验证的单元测试)并发布它(或者在原始 PyCrypto 许可证或类似的商业友好许可证).如果您迫不及待,请使用 Traugott 的模块并自行修改它 - 使其与 subprocess 模块一起工作并没有太多工作.
The module I've got is not ideal to show right now, because it includes some other stuff which shouldn't be there - which means I can't release it as-is at the moment. At some point, perhaps in the next couple of weeks, I hope to be able to tidy it up, add some more unit tests (I don't have any unit tests for sign/verify, for example) and release it (either under the original PyCrypto licence or a similar commercial-friendly license). If you can't wait, go with Traugott's module and modify it yourself - it wasn't too much work to make it work with the subprocess module.
与其他方法相比,这种方法的痛苦要小得多(例如基于 SWIG 的解决方案,或需要使用 MinGW/MSYS 构建的解决方案)),我考虑过并尝试过.我对用其他语言编写的系统使用了相同的 (gpg.exe/iconv.dll) 方法,例如C#,结果同样轻松.
This approach was a lot less painful than the others (e.g. SWIG-based solutions, or solutions which require building with MinGW/MSYS), which I considered and experimented with. I've used the same (gpg.exe/iconv.dll) approach with systems written in other languages, e.g. C#, with equally painless results.
附言它适用于 Python 2.4 以及 Python 2.5 及更高版本.没有用其他版本测试过,但我认为不会有任何问题.
P.S. It works with Python 2.4 as well as Python 2.5 and later. Not tested with other versions, though I don't foresee any problems.
这篇关于如何在 Python 中执行 PGP(生成密钥、加密/解密)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
