windows centos 使用 GPG 进行文件加密、解密功能 python 代码实现
1.安装必备环境
下载地址:地址
2.安装Python环境
由于使用的Python SDK调用,需安装对应的包:
pip install python-gnupg3.代码
生成密钥:
gpg = gnupg.GPG()
gpg.encoding = 'utf-8'
input_data = gpg.gen_key_input(passphrase="abcdefghi", name_real="test2", name_email="[email protected]", key_type="RSA", key_length=1024)
key = gpg.gen_key(input_data)
print(key)key即你密钥的ID
导出密钥:
分别导出公钥 密钥
gpg2 = gnupg.GPG()
key = "上一步生成的key的值"
ascii_armored_public_keys = gpg2.export_keys(key) # 公钥
print(ascii_armored_public_keys)
ascii_armored_private_keys = gpg2.export_keys(key, True, passphrase="abcdefghi")
with open('%s_public.asc' % key, mode='w') as f1:
f1.write(ascii_armored_public_keys)
with open('%s_private.asc' % key, mode='w') as f1:
f1.write(ascii_armored_private_keys)
加密 【公钥加密】
A用户有一个文档,需要提交给B用户处理,B用户需要获取到A用户的公钥,然后进行加密,加密完成以后给A用户,A用户用自己的私钥进行解密。
recipients字段可为 test2 或者 470F5AAA ,即 用谁的公钥加密,
可通过 gpg -k 查看相关信息
gpg = gnupg.GPG()
file_name = 'requirements.txt'
stream = open(file_name, mode='rb')
encrypted_ascii_data = gpg.encrypt_file(stream, recipients="B9947E6C718439890C5D4ED381645874470F5AAA", output="{0}.gpg".format(file_name))
解密 [私钥解密]
在本机上使用无需导入私钥,但在其他电脑上解密则需要私钥。
一般用其他人的公钥给文件加密,然后把加密后的文件发给他,他再使用自己的私钥解密,就算文件泄露也没有关系,因为没有私钥 无法解密。
gpg = gnupg.GPG(verbose=True)
# 导入私钥
command = "gpg --import {0}".format("B9947E6C718439890C5D4ED381645874470F5AAA_public.asc")
os.system(command)
# 解密文件
file_name = 'requirements.txt.gpg' # 对应上一步生成的加密的文件名
stream = open(file_name, mode='rb')
decrypted_data = gpg.decrypt_file(stream, passphrase="abcdefghi")
print(decrypted_data) # 解密后的数据
封装类:
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os
import gnupg
class GPGUtil:
def __init__(self, verbose=False):
"""
GPG工具类
:param verbose: 是否打印详情日志
"""
self.gpg = gnupg.GPG(verbose=verbose)
def create_cert(self, passphrase, name_real, name_email, key_type="RSA", key_length=1024):
self.gpg.encoding = 'utf-8'
input_data = self.gpg.gen_key_input(passphrase=passphrase, name_real=name_real, name_email=name_email, key_type=key_type, key_length=key_length)
key = self.gpg.gen_key(input_data)
print('已生成key:{0}'.format(key))
return key
def export_cert(self, key, secret=False, passphrase=None):
if secret:
assert passphrase is not None, 'the param `passphrase` is required'
print(passphrase)
ascii_armored_private_keys = self.gpg.export_keys(key, secret=True, passphrase=passphrase)
with open('%s_private.asc' % key, mode='w') as f1:
f1.write(ascii_armored_private_keys)
else:
ascii_armored_public_keys = self.gpg.export_keys(key)
with open('%s_public.asc' % key, mode='w') as f1:
f1.write(ascii_armored_public_keys)
def encrypt_file(self, file_path, recipients=None):
stream = open(file_path, mode='rb')
filepath, file_name = os.path.split(file_path)
self.gpg.encrypt_file(stream, always_trust=True, recipients=recipients, output="{0}.gpg".format(file_name))
print('文件已生成.')
def decrypted_file(self, file_path, out_file, private_cert_path, passphrase=None, ):
# 导入私钥
command = "gpg --import {0}".format(private_cert_path)
print(command)
os.system(command)
filepath, file_name = os.path.split(file_path)
stream = open(file_name, mode='rb')
decrypted_data = self.gpg.decrypt_file(stream, passphrase=passphrase)
print('解析成功')
# 返回值为 gnupg.Crypt 类型。
with open(out_file, 'w')as f:
f.write(str(decrypted_data))
if __name__ == '__main__':
gpg = GPGUtil(verbose=True)
# 生成证书
# gpg.create_cert(passphrase='test', name_real='test', name_email="[email protected]", key_length=2048)
# 导出私钥
# gpg.export_cert(key="DAF6ED23A3B3C0A640CE4BA61238F862F7A1304F", secret=True, passphrase="test")
# 用公钥加密
# gpg.encrypt_file("requirements.txt", recipients='test') # recipients 即 创建证书时的 name_real字段
# 用私钥解密
# gpg.decrypted_file("requirements.txt.gpg", "requirements.txt", "DAF6ED23A3B3C0A640CE4BA61238F862F7A1304F_private.asc", passphrase="test")