doc: python bindings howto
* Another retrofitting of the HOWTO Python example code, this time following adjustments to python-mode configuration and having trawled through the org-mode mailing lists for clues.
This commit is contained in:
parent
b47e1bb98a
commit
d7c5366d58
@ -340,7 +340,7 @@ pattern is upper or lower case.
|
|||||||
|
|
||||||
So this is the best method:
|
So this is the best method:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
k = gpg.Context().keylist(pattern="258E88DCBD3CD44D8E7AB43F6ECB6AF0DEADBEEF")
|
k = gpg.Context().keylist(pattern="258E88DCBD3CD44D8E7AB43F6ECB6AF0DEADBEEF")
|
||||||
@ -349,7 +349,7 @@ So this is the best method:
|
|||||||
|
|
||||||
This is passable and very likely to be common:
|
This is passable and very likely to be common:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
k = gpg.Context().keylist(pattern="0x6ECB6AF0DEADBEEF")
|
k = gpg.Context().keylist(pattern="0x6ECB6AF0DEADBEEF")
|
||||||
@ -358,7 +358,7 @@ This is passable and very likely to be common:
|
|||||||
|
|
||||||
And this is a really bad idea:
|
And this is a really bad idea:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
k = gpg.Context().keylist(pattern="0xDEADBEEF")
|
k = gpg.Context().keylist(pattern="0xDEADBEEF")
|
||||||
@ -369,7 +369,7 @@ Alternatively it may be that the intention is to create a list of keys
|
|||||||
which all match a particular search string. For instance all the
|
which all match a particular search string. For instance all the
|
||||||
addresses at a particular domain, like this:
|
addresses at a particular domain, like this:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
ncsc = gpg.Context().keylist(pattern="ncsc.mil")
|
ncsc = gpg.Context().keylist(pattern="ncsc.mil")
|
||||||
@ -386,7 +386,7 @@ Counting the number of keys in your public keybox (=pubring.kbx=), the
|
|||||||
format which has superseded the old keyring format (=pubring.gpg= and
|
format which has superseded the old keyring format (=pubring.gpg= and
|
||||||
=secring.gpg=), or the number of secret keys is a very simple task.
|
=secring.gpg=), or the number of secret keys is a very simple task.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
c = gpg.Context()
|
c = gpg.Context()
|
||||||
@ -424,7 +424,7 @@ secret keys as well.
|
|||||||
This first example demonstrates selecting the current key of Werner
|
This first example demonstrates selecting the current key of Werner
|
||||||
Koch, which is due to expire at the end of 2018:
|
Koch, which is due to expire at the end of 2018:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
fingerprint = "80615870F5BAD690333686D0F2AD85AC1E42B367"
|
fingerprint = "80615870F5BAD690333686D0F2AD85AC1E42B367"
|
||||||
@ -434,7 +434,7 @@ Koch, which is due to expire at the end of 2018:
|
|||||||
Whereas this example demonstrates selecting the author's current key
|
Whereas this example demonstrates selecting the author's current key
|
||||||
with the =secret= key word argument set to =True=:
|
with the =secret= key word argument set to =True=:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
fingerprint = "DB4724E6FA4286C92B4E55C4321E4E2373590E5D"
|
fingerprint = "DB4724E6FA4286C92B4E55C4321E4E2373590E5D"
|
||||||
@ -463,7 +463,7 @@ keyservers via the web using the requests module. Since requests
|
|||||||
returns the content as a bytes literal object, we can then use that
|
returns the content as a bytes literal object, we can then use that
|
||||||
directly to import the resulting data into our keybox.
|
directly to import the resulting data into our keybox.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
import os.path
|
import os.path
|
||||||
import requests
|
import requests
|
||||||
@ -538,7 +538,7 @@ alternative, the =key_export_minimal()= method, will do the same thing
|
|||||||
except producing a minimised output with extra signatures and third
|
except producing a minimised output with extra signatures and third
|
||||||
party signatures or certifications removed.
|
party signatures or certifications removed.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
import os.path
|
import os.path
|
||||||
import sys
|
import sys
|
||||||
@ -593,7 +593,7 @@ pattern has been entered for =logrus=, but it has not matched any
|
|||||||
keys. When the search pattern itself is set to =None= this triggers
|
keys. When the search pattern itself is set to =None= this triggers
|
||||||
the exporting of the entire public keybox.
|
the exporting of the entire public keybox.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
import os.path
|
import os.path
|
||||||
import sys
|
import sys
|
||||||
@ -657,7 +657,7 @@ The following example exports the secret key to a file which is then
|
|||||||
set with the same permissions as the output files created by the
|
set with the same permissions as the output files created by the
|
||||||
command line secret key export options.
|
command line secret key export options.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
import os
|
import os
|
||||||
import os.path
|
import os.path
|
||||||
@ -718,7 +718,7 @@ readable and writable by the user. It also exports the secret key(s)
|
|||||||
twice in order to output both GPG binary (=.gpg=) and ASCII armoured
|
twice in order to output both GPG binary (=.gpg=) and ASCII armoured
|
||||||
(=.asc=) files.
|
(=.asc=) files.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
import os
|
import os
|
||||||
import os.path
|
import os.path
|
||||||
@ -850,7 +850,7 @@ trust model settings for recipient keys (defaults to =False=);
|
|||||||
=expect_sign=, prepare for signing (defaults to =False=); =compress=,
|
=expect_sign=, prepare for signing (defaults to =False=); =compress=,
|
||||||
compresses the plaintext prior to encryption (defaults to =True=).
|
compresses the plaintext prior to encryption (defaults to =True=).
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
a_key = "0x12345678DEADBEEF"
|
a_key = "0x12345678DEADBEEF"
|
||||||
@ -858,8 +858,7 @@ compresses the plaintext prior to encryption (defaults to =True=).
|
|||||||
|
|
||||||
Since the text in this case must be bytes, it is most likely that
|
Since the text in this case must be bytes, it is most likely that
|
||||||
the input form will be a separate file which is opened with "rb"
|
the input form will be a separate file which is opened with "rb"
|
||||||
as this is the simplest method of obtaining the correct data
|
as this is the simplest method of obtaining the correct data format.
|
||||||
format.
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
c = gpg.Context(armor=True)
|
c = gpg.Context(armor=True)
|
||||||
@ -875,7 +874,7 @@ plaintext input read from a file, the recipient keys used for
|
|||||||
encryption regardless of key trust status and the encrypted output
|
encryption regardless of key trust status and the encrypted output
|
||||||
also encrypted to any preconfigured keys set in the =gpg.conf= file:
|
also encrypted to any preconfigured keys set in the =gpg.conf= file:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
a_key = "0x12345678DEADBEEF"
|
a_key = "0x12345678DEADBEEF"
|
||||||
@ -912,7 +911,7 @@ email address on the =gnupg.org= domain,[fn:3] but does /not/ encrypt
|
|||||||
to a default key or other key which is configured to normally encrypt
|
to a default key or other key which is configured to normally encrypt
|
||||||
to.
|
to.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
text = b"""Oh look, another test message.
|
text = b"""Oh look, another test message.
|
||||||
@ -947,7 +946,7 @@ All it would take to change the above example to sign the message
|
|||||||
and also encrypt the message to any configured default keys would
|
and also encrypt the message to any configured default keys would
|
||||||
be to change the =c.encrypt= line to this:
|
be to change the =c.encrypt= line to this:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
ciphertext, result, sign_result = c.encrypt(text, recipients=logrus,
|
ciphertext, result, sign_result = c.encrypt(text, recipients=logrus,
|
||||||
always_trust=True,
|
always_trust=True,
|
||||||
add_encrypt_to=True)
|
add_encrypt_to=True)
|
||||||
@ -963,7 +962,7 @@ are not trusted (e.g. not signed or locally signed) then the
|
|||||||
encryption will raise an error. It is possible to mitigate this
|
encryption will raise an error. It is possible to mitigate this
|
||||||
somewhat with something more like this:
|
somewhat with something more like this:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
with open("secret_plans.txt.asc", "rb") as afile:
|
with open("secret_plans.txt.asc", "rb") as afile:
|
||||||
@ -1015,7 +1014,7 @@ to modify the Context prior to conducting the decryption and since the
|
|||||||
Context is only used once, setting it to =c= simply adds lines for no
|
Context is only used once, setting it to =c= simply adds lines for no
|
||||||
gain.
|
gain.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
ciphertext = input("Enter path and filename of encrypted file: ")
|
ciphertext = input("Enter path and filename of encrypted file: ")
|
||||||
@ -1060,7 +1059,7 @@ default key specified and there is more than one secret key available
|
|||||||
it may be necessary to specify the key or keys with which to sign
|
it may be necessary to specify the key or keys with which to sign
|
||||||
messages and files.
|
messages and files.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
logrus = input("Enter the email address or string to match signing keys to: ")
|
logrus = input("Enter the email address or string to match signing keys to: ")
|
||||||
@ -1101,7 +1100,7 @@ multiple keys are involved; from the preferences saved into the key
|
|||||||
itself or by comparison with the preferences with all other keys
|
itself or by comparison with the preferences with all other keys
|
||||||
involved.
|
involved.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
text0 = """Declaration of ... something.
|
text0 = """Declaration of ... something.
|
||||||
@ -1121,7 +1120,7 @@ reading the input data from another file and writing the result to a
|
|||||||
new file will be performed more like the way it is done in the next
|
new file will be performed more like the way it is done in the next
|
||||||
example. Even if the output format is ASCII armoured.
|
example. Even if the output format is ASCII armoured.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
with open("/path/to/statement.txt", "rb") as tfile:
|
with open("/path/to/statement.txt", "rb") as tfile:
|
||||||
@ -1144,7 +1143,7 @@ Detached signatures will often be needed in programmatic uses of
|
|||||||
GPGME, either for signing files (e.g. tarballs of code releases) or as
|
GPGME, either for signing files (e.g. tarballs of code releases) or as
|
||||||
a component of message signing (e.g. PGP/MIME encoded email).
|
a component of message signing (e.g. PGP/MIME encoded email).
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
text0 = """Declaration of ... something.
|
text0 = """Declaration of ... something.
|
||||||
@ -1162,7 +1161,7 @@ a component of message signing (e.g. PGP/MIME encoded email).
|
|||||||
As with normal signatures, detached signatures are best handled as
|
As with normal signatures, detached signatures are best handled as
|
||||||
byte literals, even when the output is ASCII armoured.
|
byte literals, even when the output is ASCII armoured.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
with open("/path/to/statement.txt", "rb") as tfile:
|
with open("/path/to/statement.txt", "rb") as tfile:
|
||||||
@ -1185,7 +1184,7 @@ Though PGP/in-line messages are no longer encouraged in favour of
|
|||||||
PGP/MIME, there is still sometimes value in utilising in-line
|
PGP/MIME, there is still sometimes value in utilising in-line
|
||||||
signatures. This is where clear-signed messages or text is of value.
|
signatures. This is where clear-signed messages or text is of value.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
text0 = """Declaration of ... something.
|
text0 = """Declaration of ... something.
|
||||||
@ -1203,7 +1202,7 @@ signatures. This is where clear-signed messages or text is of value.
|
|||||||
In spite of the appearance of a clear-signed message, the data handled
|
In spite of the appearance of a clear-signed message, the data handled
|
||||||
by GPGME in signing it must still be byte literals.
|
by GPGME in signing it must still be byte literals.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
with open("/path/to/statement.txt", "rb") as tfile:
|
with open("/path/to/statement.txt", "rb") as tfile:
|
||||||
@ -1230,7 +1229,7 @@ with files and data with detached signatures.
|
|||||||
The following example is intended for use with the default signing
|
The following example is intended for use with the default signing
|
||||||
method where the file was not ASCII armoured:
|
method where the file was not ASCII armoured:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
import time
|
import time
|
||||||
|
|
||||||
@ -1262,7 +1261,7 @@ method where the file was not ASCII armoured:
|
|||||||
Whereas this next example, which is almost identical would work with
|
Whereas this next example, which is almost identical would work with
|
||||||
normal ASCII armoured files and with clear-signed files:
|
normal ASCII armoured files and with clear-signed files:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
import time
|
import time
|
||||||
|
|
||||||
@ -1295,7 +1294,7 @@ In both of the previous examples it is also possible to compare the
|
|||||||
original data that was signed against the signed data in =data= to see
|
original data that was signed against the signed data in =data= to see
|
||||||
if it matches with something like this:
|
if it matches with something like this:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
with open(filename, "rb") as afile:
|
with open(filename, "rb") as afile:
|
||||||
text = afile.read()
|
text = afile.read()
|
||||||
|
|
||||||
@ -1311,7 +1310,7 @@ returned since it is already being explicitly referenced in the first
|
|||||||
argument of =c.verify=. So =data= is =None= and only the information
|
argument of =c.verify=. So =data= is =None= and only the information
|
||||||
in =result= is available.
|
in =result= is available.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
import time
|
import time
|
||||||
|
|
||||||
@ -1340,7 +1339,7 @@ in =result= is available.
|
|||||||
pass
|
pass
|
||||||
#+end_src
|
#+end_src
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
import time
|
import time
|
||||||
|
|
||||||
@ -1424,7 +1423,7 @@ be the passphrase and if =passphrase= is set to =True= then gpg-agent
|
|||||||
will launch pinentry to prompt for a passphrase. For the sake of
|
will launch pinentry to prompt for a passphrase. For the sake of
|
||||||
convenience, these examples will keep =passphrase= set to =None=.
|
convenience, these examples will keep =passphrase= set to =None=.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
c = gpg.Context()
|
c = gpg.Context()
|
||||||
@ -1452,7 +1451,7 @@ already set and the correct directory and file permissions.
|
|||||||
The successful generation of the key can be confirmed via the returned
|
The successful generation of the key can be confirmed via the returned
|
||||||
=GenkeyResult= object, which includes the following data:
|
=GenkeyResult= object, which includes the following data:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
print("""
|
print("""
|
||||||
Fingerprint: {0}
|
Fingerprint: {0}
|
||||||
Primary Key: {1}
|
Primary Key: {1}
|
||||||
@ -1519,7 +1518,7 @@ primary key. Since Danger Mouse is a security conscious secret agent,
|
|||||||
this subkey will only be valid for about six months, half the length
|
this subkey will only be valid for about six months, half the length
|
||||||
of the primary key.
|
of the primary key.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
c = gpg.Context()
|
c = gpg.Context()
|
||||||
@ -1532,7 +1531,7 @@ of the primary key.
|
|||||||
|
|
||||||
As with the primary key, the results here can be checked with:
|
As with the primary key, the results here can be checked with:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
print("""
|
print("""
|
||||||
Fingerprint: {0}
|
Fingerprint: {0}
|
||||||
Primary Key: {1}
|
Primary Key: {1}
|
||||||
@ -1575,7 +1574,7 @@ ID to an existing key is much simpler. The method used to do this is
|
|||||||
=key_add_uid= and the only arguments it takes are for the =key= and
|
=key_add_uid= and the only arguments it takes are for the =key= and
|
||||||
the new =uid=.
|
the new =uid=.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
c = gpg.Context()
|
c = gpg.Context()
|
||||||
@ -1612,7 +1611,7 @@ Unsurprisingly the result of this is:
|
|||||||
Revoking a user ID is a fairly similar process, except that it uses
|
Revoking a user ID is a fairly similar process, except that it uses
|
||||||
the =key_revoke_uid= method.
|
the =key_revoke_uid= method.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
c = gpg.Context()
|
c = gpg.Context()
|
||||||
@ -1652,7 +1651,7 @@ it is case sensitive.
|
|||||||
To sign Danger Mouse's key for just the initial user ID with a
|
To sign Danger Mouse's key for just the initial user ID with a
|
||||||
signature which will last a little over a month, do this:
|
signature which will last a little over a month, do this:
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import gpg
|
import gpg
|
||||||
|
|
||||||
c = gpg.Context()
|
c = gpg.Context()
|
||||||
@ -1683,7 +1682,7 @@ MUAs readily.
|
|||||||
The following code, however, provides a work-around for obtaining this
|
The following code, however, provides a work-around for obtaining this
|
||||||
information in Python.
|
information in Python.
|
||||||
|
|
||||||
#+begin_src python
|
#+begin_src python -i
|
||||||
import subprocess
|
import subprocess
|
||||||
|
|
||||||
lines = subprocess.getoutput("gpgconf --list-options gpg").splitlines()
|
lines = subprocess.getoutput("gpgconf --list-options gpg").splitlines()
|
||||||
|
Loading…
Reference in New Issue
Block a user