Search code examples
pythonpython-2.7gnupg

import PGP public key block as string : working in shell but not in python-gnupg

apologies in advance if I am duplicating a post(please point me at it etc. ?): I see a lot of documentation/Q&A on exporting armored keys but not much around how to import blocks in string format. I am unable to replicate in python what I can do on the windows commandline direct with the following:

gpg2 --import <textfilecontaining public key block in python code below>

which returns:

gpg: key 2FD34F7F: public key "name (comment) <em@il>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

I used the python-gnupg library in python, as below:

import gnupg, tempfile, shutil
pubkey = '''-----BEGIN PGP PUBLIC KEY BLOCK-----

xsBNBFVjnlIBCACibzXOLCiZiL2oyzYUaTOCkYnSUhymg3pdbfKtd4mpBa58xKBj
t1pTHVpw3Sk03wmzhM/Ndlt1AV2YhLv++83WKr+gAHFYFiCV/tnY8bx3HqvVoy8O
CfxWhw4QZK7+oYzVmJj8ZJm3ZjOC4pzuegNWlNLCUdZDx9OKlHVXLCX1iUbjdYWa
qKV6tdV8hZolkbyjedQgrpvoWyeSHHpwHF7yk4gNJWMMI5rpcssL7i6mMXb/sDzO
VaAtU5wiVducsOa01InRFf7QSTxoAm6Xy0PGv/k48M6xCALa9nY+BzlOv47jUT57
vilf4Szy9dKD0v9S0mQ+IHB+gNukWrnwtXx5ABEBAAHNFm5hbWUgKGNvbW1lbnQp
IDxlbUBpbD7CwHUEEwECACkFAlVjnlIJEINgJNgv009/AhsDAhkBBgsJCAcDAgYV
CAIJCgsEFgIDAQAAxqMIAFBHuBA8P1v8DtHonIK8Lx2qU23t8Mh68HBIkSjk2H7/
oO2cDWCw50jZ9D91PXOOyMPvBWV2IE3tARzCvnNGtzEFRtpIEtZ0cuctxeIF1id5
crfzdMDsmZyRHAOoZ9VtuD6mzj0ybQWMACb7eIHjZDCee3Slh3TVrLy06YRdq2I4
bjMOPePtK5xnIpHGpAXkB3IONxyITpSLKsA4hCeP7gVvm7r7TuQg1ygiUBlWbBYn
iE5ROzqZjG1s7dQNZK/riiU2umGqGuwAb2IPvNiyuGR3cIgRE4llXH/rLuUlspAp
o4nlxaz65VucmNbN1aMbDXLJVSqR1DuE00vEsL1AItI=
=XQoy
-----END PGP PUBLIC KEY BLOCK-----'''
"""that block, minus the enveloping triple-quotes,
is all that's inside the file I am importing at the commandline
"""
tempfolder = tempfile.mkdtemp()#creates a temp directory
try:
    gpg = gnupg.GPG(homedir=tempfolder)
    keyfile = tempfolder+"\\test.txt"#defining temp pubkey file
    f = open(keyfile, 'w')
    f.write(pubkey)#saves file with string content
    f.close()
    f = file(keyfile, 'r')
    f.close()    
    importres = gpg.import_keys(keyfile)
    print importres
    print importres.results
    currfingerprint = gpg.list_keys()
    print currfingerprint
finally:
    shutil.rmtree(tempfolder)#removes temp directory

which returns:

<gnupg._parsers.ImportResult object at 0x00000000038A8400>
[{'status': 'No valid data found', 'fingerprint': None}]
[]

... It seems my Python implementation isn't recognising this file/string representation somehow. Wonder if someone could point me in the right direction with Python please? I have tried dearmor-ing the string content(binascii.a2b_base64) but to no avail. I'd prefer not to use bog-standard subprocess here. Perhaps some stoopid indentation fessup?

env=Windows10, Python 2.7

Solution

  • Your code sample is passing the name of a file containing the key to import_keys:

    keyfile = tempfolder+"\\test.txt"#defining temp pubkey file
...
importres = gpg.import_keys(keyfile)

    However, the import_keys function does not accept a file name and read from that file. Instead, it expects to receive the actual key file content. For example, here is a simplified version of the program that just passes pubkey directly to import_keys without using a temporary file:

    import gnupg

pubkey = '''-----BEGIN PGP PUBLIC KEY BLOCK-----
xsBNBFVjnlIBCACibzXOLCiZiL2oyzYUaTOCkYnSUhymg3pdbfKtd4mpBa58xKBj
t1pTHVpw3Sk03wmzhM/Ndlt1AV2YhLv++83WKr+gAHFYFiCV/tnY8bx3HqvVoy8O
CfxWhw4QZK7+oYzVmJj8ZJm3ZjOC4pzuegNWlNLCUdZDx9OKlHVXLCX1iUbjdYWa
qKV6tdV8hZolkbyjedQgrpvoWyeSHHpwHF7yk4gNJWMMI5rpcssL7i6mMXb/sDzO
VaAtU5wiVducsOa01InRFf7QSTxoAm6Xy0PGv/k48M6xCALa9nY+BzlOv47jUT57
vilf4Szy9dKD0v9S0mQ+IHB+gNukWrnwtXx5ABEBAAHNFm5hbWUgKGNvbW1lbnQp
IDxlbUBpbD7CwHUEEwECACkFAlVjnlIJEINgJNgv009/AhsDAhkBBgsJCAcDAgYV
CAIJCgsEFgIDAQAAxqMIAFBHuBA8P1v8DtHonIK8Lx2qU23t8Mh68HBIkSjk2H7/
oO2cDWCw50jZ9D91PXOOyMPvBWV2IE3tARzCvnNGtzEFRtpIEtZ0cuctxeIF1id5
crfzdMDsmZyRHAOoZ9VtuD6mzj0ybQWMACb7eIHjZDCee3Slh3TVrLy06YRdq2I4
bjMOPePtK5xnIpHGpAXkB3IONxyITpSLKsA4hCeP7gVvm7r7TuQg1ygiUBlWbBYn
iE5ROzqZjG1s7dQNZK/riiU2umGqGuwAb2IPvNiyuGR3cIgRE4llXH/rLuUlspAp
o4nlxaz65VucmNbN1aMbDXLJVSqR1DuE00vEsL1AItI==XQoy
-----END PGP PUBLIC KEY BLOCK-----'''

gpg = gnupg.GPG()
importres = gpg.import_keys(pubkey)
print importres
print importres.results
currfingerprint = gpg.list_keys()
print currfingerprint

    The output of this version is:

    <gnupg._parsers.ImportResult object at 0x10d1cd910>
[{'status': 'Entirely new key\n', 'fingerprint': u'A3F68FF91ABFE2486D830E99836024D82FD34F7F'}]
[{'dummy': u'', 'keyid': u'836024D82FD34F7F', 'expires': u'', 'rev': {}, 'sigs': {u'name (comment) <em@il>': []}, 'subkeys': [], 'length': u'2048', 'ownertrust': u'-', 'algo': u'1', 'fingerprint': u'A3F68FF91ABFE2486D830E99836024D82FD34F7F', 'date': u'1432591954', 'trust': u'-', 'type': u'pub', 'uids': [u'name (comment) <em@il>']}]

    If you need something that works by importing from a file, then you'll need to write some additional code to read in the contents of the file into a variable first, and then pass that to import_keys. (Alternatively, you could fall back to a subprocess solution to call straight to gpg --import like you mentioned.)