0

I'm using the python-gnupg package to decrypt a file using a key I generated. For reasons I can't explain, this code runs on Windows and successfully decrypts the file:

import gnupg
import os
key_data = '''-----BEGIN PGP PRIVATE KEY BLOCK-----

<key data here>
-----END PGP PRIVATE KEY BLOCK-----
'''
gpg_path = "C:/Program Files (x86)/GnuPG/bin/gpg.exe":
gpg = gnupg.GPG(gpg_path)
gpg.encoding = 'utf-8'
import_result = gpg.import_keys(key_data)
with open(r"C:\Users\test\Downloads\my.csv.gpg", "rb") as f:
  status = gpg.decrypt_file(f, passphrase=None, output=r"C:\Users\test\Downloads\TEST.CSV")
  print("STATUS OK ? " + str(status.ok))
  print("STDERR: " + str(status.stderr))

I see "STATUS OK ? True" printed.

However this code fails to decrypt on a dockerized Linux environment on the same PC:

import gnupg
import os
key_data = '''-----BEGIN PGP PRIVATE KEY BLOCK-----

<key data here>
-----END PGP PRIVATE KEY BLOCK-----
'''
gpg_path = "/usr/bin/gpg":
gpg = gnupg.GPG(gpg_path)
gpg.encoding = 'utf-8'
import_result = gpg.import_keys(key_data)
with open(r"/home/test/my.csv.gpg", "rb") as f:
  status = gpg.decrypt_file(f, passphrase=None, output=r"/home/test/TEST.CSV")
  print("STATUS OK ? " + str(status.ok))
  print("STDERR: " + str(status.stderr))

I see "STATUS OK ? False" printed, and no other errors. The output file is not created. Both environments are running Python 3.7.9, and running pip show python-gnupg has the same output in both environments. I've made sure to copy over the encrypted file and have tried saving it with various encodings. The Linux environment is Debian via WSL.

Descartes
  • 503
  • 2
  • 7
  • 22
  • Can you successfully decrypt that data using the `gpg` command line on your linux box? – larsks Mar 11 '22 at 17:11
  • If I encrypt some other file (e.g. the .py file itself) using $ gpg and the UID from my keys, I can subsequently decrypt that using $ gpg and I do get the same file back, but when I try the same decrypt command pointing at the original file (my.csv.gpg) there is no output. – Descartes Mar 11 '22 at 17:31
  • Is gpg really in /usr/bin? – President James K. Polk Mar 11 '22 at 19:26
  • `which gpg` returns `/usr/bin/gpg` – Descartes Mar 11 '22 at 19:43
  • I should also add that encrypting a file via the linux command line `gpg` and running the python decryption script on Windows on that encrypted file also works just fine – Descartes Mar 11 '22 at 19:48

1 Answers1

0

As it turns out, the build of gpg included in the Debian distro does not work as expected. I installed version 2.2.27 from source and specified the executable path in the constructor of the GPG object in Python via the gpgbinary argument, and I was then able to decrypt successfully using the script. I got the tip that builds that come in linux distros may not work from https://pythonhosted.org/python-gnupg/ in the Note section.

Descartes
  • 503
  • 2
  • 7
  • 22