A new version of the Python module which wraps GnuPG has been released.
What Changed?=============This is a security-fix release, and all users are
strongly encouraged to upgrade.This fix mitigates against CVE-2018-12020. See
the discoverer's blog post [6] formore information.
Brief summary:
* Added --no-verbose to the gpg command line, in case verbose is specified inĀ
gpg.conf - we don't need verbose output.
This release [2] has been signed with my code signing key:
Vinay Sajip (CODE SIGNING KEY) <vinay_sajip at yahoo.co.uk>Fingerprint: CA74
9061 914E AC13 8E66 EADB 9147 B477 339A 9B86
Recent changes to PyPI don't show the GPG signature with the download links.An
alternative download source where the signatures are available is the
project'sown downloads page [5].
What Does It Do?================The gnupg module allows Python programs to make
use of thefunctionality provided by the Gnu Privacy Guard (abbreviated GPG
orGnuPG). Using this module, Python programs can encrypt and decryptdata,
digitally sign documents and verify digital signatures, manage(generate, list
and delete) encryption keys, using proven Public KeyInfrastructure (PKI)
encryption technology based on OpenPGP.
This module is expected to be used with Python versions >= 2.4, as itmakes use
of the subprocess module which appeared in that version ofPython. This module
is a newer version derived from earlier work byAndrew Kuchling, Richard Jones
and Steve Traugott.
A test suite using unittest is included with the source distribution.
Simple usage:
>>> import gnupg>>> gpg = gnupg.GPG(gnupghome='/path/to/keyring/directory')>>>
>>> gpg.list_keys()
[{...'fingerprint': 'F819EE7705497D73E3CCEE65197D5DAC68F1AAB2','keyid':
'197D5DAC68F1AAB2','length': '1024','type': 'pub','uids': ['', 'Gary Gross (A
test user) <gary.gr... at gamma.com>']},{...'fingerprint':
'37F24DD4B918CC264D4F31D60C5FEFA7A921FC4A','keyid':
'0C5FEFA7A921FC4A','length': '1024',...'uids': ['', 'Danny Davis (A test user)
<danny.da... at delta.com>']}]>>> encrypted = gpg.encrypt("Hello, world!",
['0C5FEFA7A921FC4A'])>>> str(encrypted)
'-----BEGIN PGP MESSAGE-----\nVersion: GnuPG v1.4.9
(GNU/Linux)\n\nhQIOA/6NHMDTXUwcEAf.-----END PGP MESSAGE-----\n'>>> decrypted =
gpg.decrypt(str(encrypted), passphrase='secret')>>> str(decrypted)
'Hello, world!'>>> signed = gpg.sign("Goodbye, world!", passphrase='secret')>>>
verified = gpg.verify(str(signed))>>> print "Verified" if verified else "Not
verified"
'Verified'
As always, your feedback is most welcome (especially bug reports [3],patches
and suggestions for improvement, or any other points via themailing
list/discussion group [4]).
Enjoy!
Cheers
Vinay SajipRed Dove Consultants Ltd.
[1] https://bitbucket.org/vinay.sajip/python-gnupg[2]
https://pypi.python.org/pypi/python-gnupg/0.4.3[3]
https://bitbucket.org/vinay.sajip/python-gnupg/issues[4]
https://groups.google.com/forum/#!forum/python-gnupg[5]
https://bitbucket.org/vinay.sajip/python-gnupg/downloads/[6]
https://neopg.io/blog/gpg-signature-spoof/
--
https://mail.python.org/mailman/listinfo/python-list
