FAQ
Curious if any of you are using GPG or PGP encryption and/or signatures
in your Python apps?

In particular are you:

1. clearsigning specific emails?
2. validating clearsigned emails from others?
3. encrypting/decrypting files?
4. generating signatures for files that you are exchanging/posting for
download?
5. what public keyring services are you using?

I'm also looking for recommendations on which 3rd party modules you're
using for these tasks? In particular is there a particular module you
prefer or have concerns about?

Here's my short list of modules that *might* support encryption and
signing in general:

- m2crypto
- pycrypto (standalone or with expycrypto or yawpycrypto wrappers)
- tlslite
- pyme
- evpy
- python-gnupg (by developer of Python's logging module)

Any comments on using the subprocess module to wrap the gpg or openssl
command line utilities? This seems to be a common technique for
encryption and signing solutions and appears to the technique used by
python-gnupg (for example).

Thank you,
Malcolm

Search Discussions

  • Steve at Jul 2, 2010 at 5:45 am

    On Jul 2, 4:48?am, pyt... at bdurham.com wrote:
    Curious if any of you are using GPG or PGP encryption and/or signatures
    in your Python apps?

    In particular are you:

    1. clearsigning specific emails?
    2. validating clearsigned emails from others?
    3. encrypting/decrypting files?
    4. generating signatures for files that you are exchanging/posting for
    download?
    5. what public keyring services are you using?

    I'm also looking for recommendations on which 3rd party modules you're
    using for these tasks? In particular is there a particular module you
    prefer or have concerns about?

    Here's my short list of modules that *might* support encryption and
    signing in general:

    - m2crypto
    - pycrypto (standalone or with expycrypto or yawpycrypto wrappers)
    - tlslite
    - pyme
    - evpy
    - python-gnupg (by developer of Python's logging module)

    Any comments on using the subprocess module to wrap the gpg or openssl
    command line utilities? This seems to be a common technique for
    encryption and signing solutions and appears to the technique used by
    python-gnupg (for example).

    Thank you,
    Malcolm
    I used python-gnupg successfully to create some Django utilities for
    sending encrypted email.

    You can grab the source code at http://github.com/stephenmcd/django-email-extras

    Cheers,
    Steve
  • Geremy condra at Jul 2, 2010 at 7:39 am

    On Thu, Jul 1, 2010 at 11:48 AM, wrote:
    Curious if any of you are using GPG or PGP encryption and/or signatures
    in your Python apps?
    Yes; disclaimer: I'm the author of evpy and am currently working on a
    openssl wrapper proposed for inclusion in the stdlib.
    In particular are you:

    1. clearsigning specific emails?
    Yes; I use python-gnupg.
    2. validating clearsigned emails from others?
    Yes, see above.
    3. encrypting/decrypting files?
    Yes, I use evpy.
    4. generating signatures for files that you are exchanging/posting for
    download?
    Yes, evpy again.
    5. what public keyring services are you using?
    Can't comment on this as I don't use them.
    I'm also looking for recommendations on which 3rd party modules you're
    using for these tasks? In particular is there a particular module you
    prefer or have concerns about?
    Obviously I'm biased towards evpy, but I'm a really, really big fan of
    people not rolling their own crypto. It sounds like for most of what
    you want to do gpg or python-gnupg are pretty good options.
    Here's my short list of modules that *might* support encryption and
    signing in general:

    - m2crypto
    Supports encryption and signing; a high quality library with much to
    recommend it, assuming you need the full power of openssl and are
    able to use SWIG'd software. I think you probably have easier to
    use alternatives here, though.
    - pycrypto (standalone or with expycrypto or yawpycrypto wrappers)
    pycrypto is a good library as far as it goes, but I see a lot of
    nonexperts do things very badly with it, and AFAICS it hasn't seen
    the same level of scrutiny that something like openssl has,
    especially WRT side channel cryptanalysis. That's very worrying.
    - tlslite
    - pyme
    no experience here, can't comment.
    - evpy
    I like it ;). It supports encryption (public and private key) as well
    as signing and verification routines, and as long as you know
    your threat model it's reasonably hard to screw up. Having said
    that, it doesn't do anything with the web of trust or key revocation
    etc OOTB, so if what you're really looking for is gpg in python, use
    the right tool for the job.
    - python-gnupg (by developer of Python's logging module)
    I use it and like it for the reasons above.
    Any comments on using the subprocess module to wrap the gpg or openssl
    command line utilities? This seems to be a common technique for
    encryption and signing solutions and appears to the technique used by
    python-gnupg (for example).
    Seems fine, just make sure you know and trust where your keys are
    going.

    Geremy Condra
  • Stef Mientki at Jul 2, 2010 at 10:15 am

    On 02-07-2010 09:39, geremy condra wrote:
    On Thu, Jul 1, 2010 at 11:48 AM, wrote:
    Curious if any of you are using GPG or PGP encryption and/or signatures
    in your Python apps?
    Yes; disclaimer: I'm the author of evpy and am currently working on a
    openssl wrapper proposed for inclusion in the stdlib.
    Great Geremy !,
    but it's difficult to find,
    and I couldn't find any documentation.
    Did I not look at the right places ?

    thanks
    Stef Mientki
  • Geremy condra at Jul 2, 2010 at 4:58 pm

    On Fri, Jul 2, 2010 at 6:15 AM, Stef Mientki wrote:
    ?On 02-07-2010 09:39, geremy condra wrote:
    On Thu, Jul 1, 2010 at 11:48 AM, ?wrote:
    Curious if any of you are using GPG or PGP encryption and/or signatures
    in your Python apps?
    Yes; disclaimer: I'm the author of evpy and am currently working on a
    openssl wrapper proposed for inclusion in the stdlib.
    Great Geremy !,
    but it's difficult to find,
    and I couldn't find any documentation.
    Did I not look at the right places ?
    I assume you're talking about the proposed (and unnamed) crypto
    library, in which case I would be very surprised if you found it
    unless you looked on my hard drive ;). I don't usually release
    security-critical code for general use until I've done extensive
    testing and I simply haven't had time for that over the last week
    or so.

    If you're talking about evpy, the documentation for the three
    user-facing modules is in the docstrings, and I'm almost
    always here or available by email if you have any questions.

    Geremy Condra
  • Martin Manns at Jul 3, 2010 at 1:53 am

    On Thu, 01 Jul 2010 14:48:47 -0400 python at bdurham.com wrote:

    Curious if any of you are using GPG or PGP encryption and/or
    signatures in your Python apps? ...
    4. generating signatures for files that you are exchanging/posting for
    download?
    I use pyme to create and check save file signatures.
    5. what public keyring services are you using? None
    Any comments on using the subprocess module to wrap the gpg or openssl
    command line utilities? This seems to be a common technique for
    encryption and signing solutions and appears to the technique used by
    python-gnupg (for example).
    pyme works great with Linux.
    However, I have never installed it on a Windows system.

    Martin

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppython-list @
categoriespython
postedJul 1, '10 at 6:48p
activeJul 3, '10 at 1:53a
posts6
users5
websitepython.org

People

Translate

site design / logo © 2022 Grokbase