Python - GPG解密工作,但GNUPG不 [英] Python - GPG decrypt works but GNUPG doesn't
问题描述
我使用pythons gnupg来解密我用python下载的文件:
I'm using pythons gnupg to decrypt a file I've downloaded with python:
gpg = gnupg.GPG(gnupghome="/home/myname/.gnupg")
with open('updates/'+filelist[i],'r') as f:
print "Decrypting "+fn
status=gpg.decrypt_file(f, passphrase="passphrase",output='updates/'+fn)
print 'ok: ', status.ok
print 'stderr: ',status.stderr
这说明密钥不可用失败。但是当我从终端运行gpg -d filename时,文件解密而没有任何错误。我使用gpg -K,并检查用于加密文件的秘密证书/密钥是否被导入+信任等。
This fails saying 'secret key not available'. However when I run gpg -d filename from terminal the file decrypts without any errors. I've used gpg -K and checked that the secret certificate / key used to encrypt the file is imported + trusted etc.
这些都在Ubuntu Server 12.04上运行。
This is all running on Ubuntu Server 12.04.
任何人都可以建议我如何解决这个错误?
Can anyone suggest how I can get around this error?
推荐答案
Be aware that GnuPG is the "real" name of gpg, which is only the name of the binary. The python API is called python-gnupg.
这个问题很可能是由于缺少访问权限引起的。您已经意识到,每个系统用户都有自己的GnuPG主目录(因此您提供了另一个用户的GnuPG目录),不能被其他用户访问。确保您的Web服务器用户(可能 www-data )可以访问 /home/myname/.gnupg ,更好导出私钥并从网络服务器的用户中重新导入(GnuPG不喜欢广泛的访问权限,并且可能发送警告或拒绝运行)否。
The problem will most probably be caused by missing access privileges. As you already realized, each system user has its own GnuPG home directory (thus you provided another user's GnuPG-directory), not accessible by others. Make sure your web server user (probably www-data) has access to /home/myname/.gnupg, better export the private key and reimport it from within the webserver's user (GnuPG does not like extensive access rights and might send a warning or deny to run at all otherwise).
您可以通过运行 sudo -u www-data'gpg --home-dir /home/myname/.gnupg -d filename (因此,运行 gpg 在网络服务器的用户下)。
You can test if that really is the problem by running sudo -u www-data 'gpg --home-dir /home/myname/.gnupg -d filename (thus, run gpg under the web server's user).
这篇关于Python - GPG解密工作,但GNUPG不的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
