lang/python/docs/dita/howto/part04/decryption.dita


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE dita PUBLIC "-//OASIS//DTD DITA Composite//EN" "ditabase.dtd">
<dita xml:lang="en-GB">
  <topic id="topic_vqx_tqy_5db">
    <title>Decryption</title>
    <body>
      <p>Decrypting something encrypted to a key in one's secret keyring is fairly straight
        forward.</p>
      <p>In this example code, however, preconfiguring either <codeph>gpg.Context()</codeph> or
          <codeph>gpg.core.Context()</codeph> as <codeph>c</codeph> is unnecessary because there is
        no need to modify the Context prior to conducting the decryption and since the Context is
        only used once, setting it to c simply adds lines for no gain.</p>
      <p>
        <codeblock id="decry-1" outputclass="language-python">import gpg

ciphertext = input("Enter path and filename of encrypted file: ")
newfile = input("Enter path and filename of file to save decrypted data to: ")

with open(ciphertext, "rb") as cfile:
    try:
	plaintext, result, verify_result = gpg.Context().decrypt(cfile)
    except gpg.errors.GPGMEError as e:
	plaintext = None
	print(e)

if plaintext is not None:
    with open(newfile, "wb") as nfile:
	nfile.write(plaintext)
else:
    pass
</codeblock>
      </p>
      <p>The data available in <codeph>plaintext</codeph> following a successful decryption in this
        example is the decrypted content as a byte object, the recipient key IDs and algorithms in
          <codeph>result</codeph> and the results of verifying any signatures of the data in
          <codeph>verify_result</codeph>.</p>
      <p>
        <note>The graceful handling of <codeph>GPGMEError</codeph> with the try/except statement is
          to handle the decryption error message produced if the file <codeph>ciphertext</codeph>,
          and thus <codeph>cfile</codeph>, are encrypted with deprecated and insecure methods.
          Particularly without MDC integrity checks or utilising deprecated encryption algorithms.
          Messages and files encrypted with these are not decrypted with GPGME at all and any user
          requiring archival access will need to access it manually with pre-GnuPG 2.3 versions of
          the software which meets the requirements of the specific use case.</note>
      </p>
      <p/>
    </body>
  </topic>
</dita>