在Python中如何做PGP(生成密钥,加密/解密) [英] How to do PGP in Python (generate keys, encrypt/decrypt)
问题描述
该程序需要能够每天下载一个文件加密,用户的公钥,然后解密它。
所以我需要找到一个Python库,让我生成公共和私有的PGP密钥,还可以解密用公钥。
这是pyCrypto会做什么(文档是否模糊)?还有其他纯Python库吗?一个独立的命令行工具在任何语言?
我看到迄今为止所有的GNUPG,但安装在Windows上的东西到注册表,并抛出dll的无处不在,然后我不得不担心用户是否已经安装了该用户,如何备份现有的键盘等等。我宁愿只有一个python库或命令行工具,并自己管理密钥。
更新:pyME可能正常工作,但它似乎与我不得不使用的Python 2.4兼容。
您不需要 PyCrypto 或 PyMe ,虽然这些包可能是 - 您将拥有Windows下构建的各种问题。相反,为什么不避开兔子洞,做我做的呢?使用 gnupg 1.4.9 。您不需要在最终用户计算机上完全安装 - 只需 gpg.exe 和 iconv.dll 从分发就足够了,您只需要将它们放在路径中的某个地方,或者使用完整的路径名从Python代码访问。不需要对注册表进行任何更改,如果需要,可以将所有内容(可执行文件和数据文件)限制在单个文件夹中。
有一个模块 GPG.py ,最初由Andrew Kuchling编写,Richard Jones改进,Steve Traugott进一步改进。 这里可以使用,但按原样不适用于Windows,因为它使用 os.fork()。虽然原来是 PyCrypto 的一部分,但它完全独立于 PyCrypto 的其他部分,只需要gpg。我有一个版本( gnupg.py
GPG.py ,它使用子进程模块。它在Windows下工作正常,至少对我来说,我用它来执行以下操作: - 密钥管理 - 生成,列出,导出
- 从外部来源导入密钥(例如从合作伙伴公司收到的公钥)
- 加密和解密数据
- 签名并验证签名
我现在没有理想的显示,因为它包含一些其他东西不应该在那里 - 这意味着我现在不能按原样释放它。在某些时候,也许在接下来的几个星期里,我希望能够整理它,添加一些更多的单元测试(例如,我没有任何单元测试用于签名/验证),并释放它原始 PyCrypto 许可证或类似的商业友好许可证)。如果您不能等待,请使用Traugott的模块,并自行修改 - 使用子进程模块可以使其工作不是太多。
这种方法比其他方法(例如 SWIG 的解决方案或需要使用 MinGW / MSYS ),这是我考虑和尝试的。我使用与其他语言编写的系统( gpg.exe / iconv.dll )方法。 C#,同样没有结果。
它适用于Python 2.4以及Python 2.5及更高版本。没有测试与其他版本,虽然我没有预见任何问题。
I'm making a program in Python to be distributed to windows users via an installer.
The program needs to be able to download a file every day encrypted with the user's public key and then decrypt it.
So I need to find a Python library that will let me generate public and private PGP keys, and also decrypt files encrypted with the public key.
Is this something pyCrypto will do (documentation is nebulous)? Are there other pure Python libraries? How about a standalone command line tool in any language?
All I saw so far was GNUPG but installing that on Windows does stuff to the registry and throws dll's everywhere, and then I have to worry about whether the user already has this installed, how to backup their existing keyrings, etc. I'd rather just have a python library or command line tool and mange the keys myself.
Update: pyME might work but it doesn't seem to be compatible with Python 2.4 which I have to use.
You don't need PyCrypto or PyMe, fine though those packages may be - you will have all kinds of problems building under Windows. Instead, why not avoid the rabbit-holes and do what I did? Use gnupg 1.4.9. You don't need to do a full installation on end-user machines - just gpg.exe and iconv.dll from the distribution are sufficient, and you just need to have them somewhere in the path or accessed from your Python code using a full pathname. No changes to the registry are needed, and everything (executables and data files) can be confined to a single folder if you want.
There's a module GPG.py which was originally written by Andrew Kuchling, improved by Richard Jones and improved further by Steve Traugott. It's available here, but as-is it's not suitable for Windows because it uses os.fork(). Although originally part of PyCrypto, it is completely independent of the other parts of PyCrypto and needs only gpg.exe/iconv.dll in order to work.
I have a version (gnupg.py) derived from Traugott's GPG.py, which uses the subprocess module. It works fine under Windows, at least for my purposes - I use it to do the following:
- Key management - generation, listing, export etc.
- Import keys from an external source (e.g. public keys received from a partner company)
- Encrypt and decrypt data
- Sign and verify signatures
The module I've got is not ideal to show right now, because it includes some other stuff which shouldn't be there - which means I can't release it as-is at the moment. At some point, perhaps in the next couple of weeks, I hope to be able to tidy it up, add some more unit tests (I don't have any unit tests for sign/verify, for example) and release it (either under the original PyCrypto licence or a similar commercial-friendly license). If you can't wait, go with Traugott's module and modify it yourself - it wasn't too much work to make it work with the subprocess module.
This approach was a lot less painful than the others (e.g. SWIG-based solutions, or solutions which require building with MinGW/MSYS), which I considered and experimented with. I've used the same (gpg.exe/iconv.dll) approach with systems written in other languages, e.g. C#, with equally painless results.
P.S. It works with Python 2.4 as well as Python 2.5 and later. Not tested with other versions, though I don't foresee any problems.
这篇关于在Python中如何做PGP(生成密钥,加密/解密)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
