doc: python bindings howto
* Another retrofitting of the HOWTO Python example code, this time following adjustments to python-mode configuration and having trawled through the org-mode mailing lists for clues.
This commit is contained in:
Ben McGinnes
parent
b47e1bb98a
commit
d7c5366d58
@ -340,7 +340,7 @@ pattern is upper or lower case.
|
||||
|
||||
So this is the best method:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
k = gpg.Context().keylist(pattern="258E88DCBD3CD44D8E7AB43F6ECB6AF0DEADBEEF")
|
||||
@ -349,7 +349,7 @@ So this is the best method:
|
||||
|
||||
This is passable and very likely to be common:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
k = gpg.Context().keylist(pattern="0x6ECB6AF0DEADBEEF")
|
||||
@ -358,7 +358,7 @@ This is passable and very likely to be common:
|
||||
|
||||
And this is a really bad idea:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
k = gpg.Context().keylist(pattern="0xDEADBEEF")
|
||||
@ -369,7 +369,7 @@ Alternatively it may be that the intention is to create a list of keys
|
||||
which all match a particular search string. For instance all the
|
||||
addresses at a particular domain, like this:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
ncsc = gpg.Context().keylist(pattern="ncsc.mil")
|
||||
@ -386,7 +386,7 @@ Counting the number of keys in your public keybox (=pubring.kbx=), the
|
||||
format which has superseded the old keyring format (=pubring.gpg= and
|
||||
=secring.gpg=), or the number of secret keys is a very simple task.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
c = gpg.Context()
|
||||
@ -424,7 +424,7 @@ secret keys as well.
|
||||
This first example demonstrates selecting the current key of Werner
|
||||
Koch, which is due to expire at the end of 2018:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
fingerprint = "80615870F5BAD690333686D0F2AD85AC1E42B367"
|
||||
@ -434,7 +434,7 @@ Koch, which is due to expire at the end of 2018:
|
||||
Whereas this example demonstrates selecting the author's current key
|
||||
with the =secret= key word argument set to =True=:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
fingerprint = "DB4724E6FA4286C92B4E55C4321E4E2373590E5D"
|
||||
@ -463,7 +463,7 @@ keyservers via the web using the requests module. Since requests
|
||||
returns the content as a bytes literal object, we can then use that
|
||||
directly to import the resulting data into our keybox.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
import os.path
|
||||
import requests
|
||||
@ -538,7 +538,7 @@ alternative, the =key_export_minimal()= method, will do the same thing
|
||||
except producing a minimised output with extra signatures and third
|
||||
party signatures or certifications removed.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
import os.path
|
||||
import sys
|
||||
@ -593,7 +593,7 @@ pattern has been entered for =logrus=, but it has not matched any
|
||||
keys. When the search pattern itself is set to =None= this triggers
|
||||
the exporting of the entire public keybox.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
import os.path
|
||||
import sys
|
||||
@ -657,7 +657,7 @@ The following example exports the secret key to a file which is then
|
||||
set with the same permissions as the output files created by the
|
||||
command line secret key export options.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
import os
|
||||
import os.path
|
||||
@ -718,7 +718,7 @@ readable and writable by the user. It also exports the secret key(s)
|
||||
twice in order to output both GPG binary (=.gpg=) and ASCII armoured
|
||||
(=.asc=) files.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
import os
|
||||
import os.path
|
||||
@ -850,7 +850,7 @@ trust model settings for recipient keys (defaults to =False=);
|
||||
=expect_sign=, prepare for signing (defaults to =False=); =compress=,
|
||||
compresses the plaintext prior to encryption (defaults to =True=).
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
a_key = "0x12345678DEADBEEF"
|
||||
@ -858,8 +858,7 @@ compresses the plaintext prior to encryption (defaults to =True=).
|
||||
|
||||
Since the text in this case must be bytes, it is most likely that
|
||||
the input form will be a separate file which is opened with "rb"
|
||||
as this is the simplest method of obtaining the correct data
|
||||
format.
|
||||
as this is the simplest method of obtaining the correct data format.
|
||||
"""
|
||||
|
||||
c = gpg.Context(armor=True)
|
||||
@ -875,7 +874,7 @@ plaintext input read from a file, the recipient keys used for
|
||||
encryption regardless of key trust status and the encrypted output
|
||||
also encrypted to any preconfigured keys set in the =gpg.conf= file:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
a_key = "0x12345678DEADBEEF"
|
||||
@ -912,7 +911,7 @@ email address on the =gnupg.org= domain,[fn:3] but does /not/ encrypt
|
||||
to a default key or other key which is configured to normally encrypt
|
||||
to.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
text = b"""Oh look, another test message.
|
||||
@ -947,7 +946,7 @@ All it would take to change the above example to sign the message
|
||||
and also encrypt the message to any configured default keys would
|
||||
be to change the =c.encrypt= line to this:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
ciphertext, result, sign_result = c.encrypt(text, recipients=logrus,
|
||||
always_trust=True,
|
||||
add_encrypt_to=True)
|
||||
@ -963,7 +962,7 @@ are not trusted (e.g. not signed or locally signed) then the
|
||||
encryption will raise an error. It is possible to mitigate this
|
||||
somewhat with something more like this:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
with open("secret_plans.txt.asc", "rb") as afile:
|
||||
@ -1015,7 +1014,7 @@ to modify the Context prior to conducting the decryption and since the
|
||||
Context is only used once, setting it to =c= simply adds lines for no
|
||||
gain.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
ciphertext = input("Enter path and filename of encrypted file: ")
|
||||
@ -1060,7 +1059,7 @@ default key specified and there is more than one secret key available
|
||||
it may be necessary to specify the key or keys with which to sign
|
||||
messages and files.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
logrus = input("Enter the email address or string to match signing keys to: ")
|
||||
@ -1101,7 +1100,7 @@ multiple keys are involved; from the preferences saved into the key
|
||||
itself or by comparison with the preferences with all other keys
|
||||
involved.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
text0 = """Declaration of ... something.
|
||||
@ -1121,7 +1120,7 @@ reading the input data from another file and writing the result to a
|
||||
new file will be performed more like the way it is done in the next
|
||||
example. Even if the output format is ASCII armoured.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
with open("/path/to/statement.txt", "rb") as tfile:
|
||||
@ -1144,7 +1143,7 @@ Detached signatures will often be needed in programmatic uses of
|
||||
GPGME, either for signing files (e.g. tarballs of code releases) or as
|
||||
a component of message signing (e.g. PGP/MIME encoded email).
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
text0 = """Declaration of ... something.
|
||||
@ -1162,7 +1161,7 @@ a component of message signing (e.g. PGP/MIME encoded email).
|
||||
As with normal signatures, detached signatures are best handled as
|
||||
byte literals, even when the output is ASCII armoured.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
with open("/path/to/statement.txt", "rb") as tfile:
|
||||
@ -1185,7 +1184,7 @@ Though PGP/in-line messages are no longer encouraged in favour of
|
||||
PGP/MIME, there is still sometimes value in utilising in-line
|
||||
signatures. This is where clear-signed messages or text is of value.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
text0 = """Declaration of ... something.
|
||||
@ -1203,7 +1202,7 @@ signatures. This is where clear-signed messages or text is of value.
|
||||
In spite of the appearance of a clear-signed message, the data handled
|
||||
by GPGME in signing it must still be byte literals.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
with open("/path/to/statement.txt", "rb") as tfile:
|
||||
@ -1230,7 +1229,7 @@ with files and data with detached signatures.
|
||||
The following example is intended for use with the default signing
|
||||
method where the file was not ASCII armoured:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
import time
|
||||
|
||||
@ -1262,7 +1261,7 @@ method where the file was not ASCII armoured:
|
||||
Whereas this next example, which is almost identical would work with
|
||||
normal ASCII armoured files and with clear-signed files:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
import time
|
||||
|
||||
@ -1295,7 +1294,7 @@ In both of the previous examples it is also possible to compare the
|
||||
original data that was signed against the signed data in =data= to see
|
||||
if it matches with something like this:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
with open(filename, "rb") as afile:
|
||||
text = afile.read()
|
||||
|
||||
@ -1311,7 +1310,7 @@ returned since it is already being explicitly referenced in the first
|
||||
argument of =c.verify=. So =data= is =None= and only the information
|
||||
in =result= is available.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
import time
|
||||
|
||||
@ -1340,7 +1339,7 @@ in =result= is available.
|
||||
pass
|
||||
#+end_src
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
import time
|
||||
|
||||
@ -1424,7 +1423,7 @@ be the passphrase and if =passphrase= is set to =True= then gpg-agent
|
||||
will launch pinentry to prompt for a passphrase. For the sake of
|
||||
convenience, these examples will keep =passphrase= set to =None=.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
c = gpg.Context()
|
||||
@ -1452,7 +1451,7 @@ already set and the correct directory and file permissions.
|
||||
The successful generation of the key can be confirmed via the returned
|
||||
=GenkeyResult= object, which includes the following data:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
print("""
|
||||
Fingerprint: {0}
|
||||
Primary Key: {1}
|
||||
@ -1519,7 +1518,7 @@ primary key. Since Danger Mouse is a security conscious secret agent,
|
||||
this subkey will only be valid for about six months, half the length
|
||||
of the primary key.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
c = gpg.Context()
|
||||
@ -1532,7 +1531,7 @@ of the primary key.
|
||||
|
||||
As with the primary key, the results here can be checked with:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
print("""
|
||||
Fingerprint: {0}
|
||||
Primary Key: {1}
|
||||
@ -1575,7 +1574,7 @@ ID to an existing key is much simpler. The method used to do this is
|
||||
=key_add_uid= and the only arguments it takes are for the =key= and
|
||||
the new =uid=.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
c = gpg.Context()
|
||||
@ -1612,7 +1611,7 @@ Unsurprisingly the result of this is:
|
||||
Revoking a user ID is a fairly similar process, except that it uses
|
||||
the =key_revoke_uid= method.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
c = gpg.Context()
|
||||
@ -1652,7 +1651,7 @@ it is case sensitive.
|
||||
To sign Danger Mouse's key for just the initial user ID with a
|
||||
signature which will last a little over a month, do this:
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import gpg
|
||||
|
||||
c = gpg.Context()
|
||||
@ -1683,7 +1682,7 @@ MUAs readily.
|
||||
The following code, however, provides a work-around for obtaining this
|
||||
information in Python.
|
||||
|
||||
#+begin_src python
|
||||
#+begin_src python -i
|
||||
import subprocess
|
||||
|
||||
lines = subprocess.getoutput("gpgconf --list-options gpg").splitlines()
|
||||
|
||||
Loading…
Reference in New Issue
Block a user