Encrypting to One Key

From f0063afa71bc7e71f19d174acc2fde26f0c11850 Mon Sep 17 00:00:00 2001 From: Ben McGinnes Date: Tue, 15 May 2018 13:13:16 +1000 Subject: docs: python bindings HOWTO - DITA XML version * Due to the org-babel bug which breaks Python source code examples beyond the most simple snippets, ported the HOWTO to a source format which I *know* for sure won't break it. * Details of the org-mode bug is in https://dev.gnupg.org/T3977 * DITA project uses DITA-OT 2.x (2.4 or 2.5, IIRC) with support for DITA 1.3. * source files were written with oXygenXML Editor 20.0, hence the oXygenXML project file in the directory; however only the .ditamap and .dita files are required to generate any output with the DITA-OT. Signed-off-by: Ben McGinnes --- .../docs/dita/howto/part04/encrypt-to-one.dita | 83 ++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 lang/python/docs/dita/howto/part04/encrypt-to-one.dita (limited to 'lang/python/docs/dita/howto/part04/encrypt-to-one.dita') diff --git a/lang/python/docs/dita/howto/part04/encrypt-to-one.dita b/lang/python/docs/dita/howto/part04/encrypt-to-one.dita new file mode 100644 index 00000000..2abbe06a --- /dev/null +++ b/lang/python/docs/dita/howto/part04/encrypt-to-one.dita @@ -0,0 +1,83 @@ + + + + + Encrypting to One Key + +

Once the the Context is set the main issues with encrypting data is essentially reduced to + key selection and the keyword arguments specified in the + gpg.Context().encrypt() method.

Those keyword arguments are:

recipients, a list of keys encrypted to (covered in greater detail in + the following section);
sign, whether or not to sign the plaintext data, see subsequent + sections on signing and verifying signatures below (defaults to + True);
sink, to write results or partial results to a secure sink instead of + returning it (defaults to None);
passphrase, only used when utilising symmetric encryption (defaults + to None);
always_trust, used to override the trust model settings for recipient + keys (defaults to False);
add_encrypt_to, utilises any preconfigured encrypt-to or default-key + settings in the user's gpg.conf file (defaults to + False);
prepare, prepare for encryption (defaults to + False);
expect_sign, prepare for signing (defaults to + False);
compress, compresses the plaintext prior to encryption (defaults to + True).

+ import gpg + +a_key = "0x12345678DEADBEEF" +text = b"""Some text to test with. + +Since the text in this case must be bytes, it is most likely that +the input form will be a separate file which is opened with "rb" +as this is the simplest method of obtaining the correct data +format. +""" + +c = gpg.Context(armor=True) +rkey = list(c.keylist(pattern=a_key, secret=False)) +ciphertext, result, sign_result = c.encrypt(text, recipients=rkey, sign=False) + +with open("secret_plans.txt.asc", "wb") as f: + f.write(ciphertext) + +

Though this is even more likely to be used like this; with the plaintext input read from a + file, the recipient keys used for encryption regardless of key trust status and the + encrypted output also encrypted to any preconfigured keys set in the + gpg.conf file:

+ import gpg + +a_key = "0x12345678DEADBEEF" + +with open("secret_plans.txt", "rb") as f: + text = f.read() + +c = gpg.Context(armor=True) +rkey = list(c.keylist(pattern=a_key, secret=False)) +ciphertext, result, sign_result = c.encrypt(text, recipients=rkey, + sign=True, always_trust=True, + add_encrypt_to=True) + +with open("secret_plans.txt.asc", "wb") as f: + f.write(ciphertext) + +

If the recipients paramater is empty then the plaintext is encrypted + symmetrically. If no passphrase is supplied as a parameter or via a + callback registered with the Context() then an out-of-band prompt for the + passphrase via pinentry will be invoked.

+ + + -- cgit v1.2.3