A new version of the Python module which wraps GnuPG has been released.
What Changed?=============This is an enhancement and security-fix release, and
all users are stronglyencouraged to upgrade.
Brief summary:
* Fixed #108: Changed how any return value from the on_data callable is
processed. In earlier versions, the return value was ignored. In this version,
if the return value is False, the data received from gpg is not buffered.
Otherwise (if the value is None or True, for example), the data is buffered as
normal. This functionality can be used to do your own buffering, or to prevent
buffering altogether.
The on_data callable is also called once with an empty byte-string to signal
the end of data from gpg.
* Fixed #97: Added an additional attribute check_fingerprint_collisions to GPG
instances, which defaults to False. It seems that gpg is happy to have
duplicate keys and fingerprints in a keyring, so we can't be too strict. A
user can set this attribute of an instance to True to trigger a check for
collisions.
* Fixed #111: With GnuPG 2.2.7 or later, provide the fingerprint of a signing
key for a failed signature verification, if available.
* Fixed #21: For verification where multiple signatures are involved, a
mapping of signature_ids to fingerprint, keyid, username, creation date,
creation timestamp and expiry timestamp is provided.
* Added a check to disallow certain control characters ('\r', '\n', NUL) in
passphrases. This fix mitigates against CVE-2019-6690.
This release [2] has been signed with my code signing key:
Vinay Sajip (CODE SIGNING KEY) <vinay_sajip at yahoo.co.uk>Fingerprint: CA74
9061 914E AC13 8E66 EADB 9147 B477 339A 9B86
Recent changes to PyPI don't show the GPG signature with the download links.An
alternative download source where the signatures are available is the
project'sown downloads page [5].
What Does It Do?================The gnupg module allows Python programs to make
use of thefunctionality provided by the Gnu Privacy Guard (abbreviated GPG
orGnuPG). Using this module, Python programs can encrypt and decryptdata,
digitally sign documents and verify digital signatures, manage(generate, list
and delete) encryption keys, using proven Public KeyInfrastructure (PKI)
encryption technology based on OpenPGP.
This module is expected to be used with Python versions >= 2.4, as itmakes use
of the subprocess module which appeared in that version ofPython. This module
is a newer version derived from earlier work byAndrew Kuchling, Richard Jones
and Steve Traugott.
A test suite using unittest is included with the source distribution.
Simple usage:
>>> import gnupg>>> gpg = gnupg.GPG(gnupghome='/path/to/keyring/directory')>>>
>>> gpg.list_keys()
[{...'fingerprint': 'F819EE7705497D73E3CCEE65197D5DAC68F1AAB2','keyid':
'197D5DAC68F1AAB2','length': '1024','type': 'pub','uids': ['', 'Gary Gross (A
test user) <gary.gr... at gamma.com>']},{...'fingerprint':
'37F24DD4B918CC264D4F31D60C5FEFA7A921FC4A','keyid':
'0C5FEFA7A921FC4A','length': '1024',...'uids': ['', 'Danny Davis (A test user)
<danny.da... at delta.com>']}]>>> encrypted = gpg.encrypt("Hello, world!",
['0C5FEFA7A921FC4A'])>>> str(encrypted)
'-----BEGIN PGP MESSAGE-----\nVersion: GnuPG v1.4.9
(GNU/Linux)\n\nhQIOA/6NHMDTXUwcEAf.-----END PGP MESSAGE-----\n'>>> decrypted =
gpg.decrypt(str(encrypted), passphrase='secret')>>> str(decrypted)
'Hello, world!'>>> signed = gpg.sign("Goodbye, world!", passphrase='secret')>>>
verified = gpg.verify(str(signed))>>> print "Verified" if verified else "Not
verified"
'Verified'
As always, your feedback is most welcome (especially bug reports [3],patches
and suggestions for improvement, or any other points via themailing
list/discussion group [4]).
Enjoy!
Cheers
Vinay SajipRed Dove Consultants Ltd.
[1] https://bitbucket.org/vinay.sajip/python-gnupg[2]
https://pypi.python.org/pypi/python-gnupg/0.4.4[3]
https://bitbucket.org/vinay.sajip/python-gnupg/issues[4]
https://groups.google.com/forum/#!forum/python-gnupg[5]
https://bitbucket.org/vinay.sajip/python-gnupg/downloads/
--
https://mail.python.org/mailman/listinfo/python-announce-list
Support the Python Software Foundation:
http://www.python.org/psf/donations/
