Decryption

Decrypting something encrypted to a key in one's secret keyring is fairly straight forward.

In this example code, however, preconfiguring either gpg.Context() or gpg.core.Context() as c is unnecessary because there is no need to modify the Context prior to conducting the decryption and since the Context is only used once, setting it to c simply adds lines for no gain.

import gpg ciphertext = input("Enter path and filename of encrypted file: ") newfile = input("Enter path and filename of file to save decrypted data to: ") with open(ciphertext, "rb") as cfile: try: plaintext, result, verify_result = gpg.Context().decrypt(cfile) except gpg.errors.GPGMEError as e: plaintext = None print(e) if plaintext is not None: with open(newfile, "wb") as nfile: nfile.write(plaintext) else: pass

The data available in plaintext following a successful decryption in this example is the decrypted content as a byte object, the recipient key IDs and algorithms in result and the results of verifying any signatures of the data in verify_result.

The graceful handling of GPGMEError with the try/except statement is to handle the decryption error message produced if the file ciphertext, and thus cfile, are encrypted with deprecated and insecure methods. Particularly without MDC integrity checks or utilising deprecated encryption algorithms. Messages and files encrypted with these are not decrypted with GPGME at all and any user requiring archival access will need to access it manually with pre-GnuPG 2.3 versions of the software which meets the requirements of the specific use case.