I often have to share files with outside parties at work, a process which previously involved a lot of me manually running gpg commands. I finally decided to automate the process and was surprised at how little time it took. Now I have a very simple Lambda based encryption flow importing keys from S3, encrypting files for delivery to end users and then sending the encrypted message as the body of an email with SES.
Requirements
- GnuPG installed:
sudo apt install gnupg
- Python3 + https://gnupg.readthedocs.io/en/latest/#
How to Import Keys
from pprint import pprint
import sys
from pathlib import Path
from shutil import which
#Pass the key you want to import like this: python3 import_keys.py filename_of_public_key.asc
if which('gpg') is None:
sys.exit("Please install gnupg in linux")
gpg = gnupg.GPG()
key_data = open(sys.argv[1], encoding="utf-8").read()
import_result = gpg.import_keys(key_data)
pprint(import_result.results)
public_keys = gpg.list_keys()
pprint(public_keys)
Encrypt a File
import sys
import pprint
from shutil import which
#Example: python3 encrypt_file.py name_of_file.txt [email protected]
if which('gpg') is None:
sys.exit("Please install gnupg in linux")
gpg = gnupg.GPG()
with open (sys.argv[1], 'rb') as f:
status = gpg.encrypt_file(
f, recipients=[sys.argv[2]],
output=sys.argv[1] + '.gpg',
always_trust = True
)
print('ok: ', status.ok)
print('status: ', status.status)
print('stderr: ', status.stderr)
Decrypt a File
import sys
import pprint
from shutil import which
import os
#Example: python3 decrypt_file.py name_of_file.txt passphrase
if which('gpg') is None:
sys.exit("Please install gnupg in linux")
gpg = gnupg.GPG()
with open (sys.argv[1], 'rb') as f:
status = gpg.decrypt_file(
file=f,
passphrase=sys.argv[2],
output=("decrypted-" + sys.argv[1])
)
print('ok: ', status.ok)
print('status: ', status.status)
print('stderr: ', status.stderr)