For encrypting and signing a message I want to use the python-gnupgp module. The module is a wrapper of gnupgp. The encryption works fine, but if I specify the sign option I get an error.
gpg: WARNING: unsafe permissions on homedir '/home//Programming/GnuPGP/pgphome'\ngpg: Warning: not using 'xxx' as default key: No secret key\ngpg: all values passed to '--default-key' ignored\n[GNUPG:] KEY_CONSIDERED xxx 0\n[GNUPG:] KEY_CONSIDERED AADFCABF9D6B54C7938195737DC2E276767872B0 0\ngpg: no default secret key: No secret key\n[GNUPG:] INV_SGNR 9\n[GNUPG:] FAILURE sign-encrypt 17\ngpg: [stdin]: sign+encrypt failed: No secret key\n"
But I have imported a secret key and want to encrypt using the other_public.asc and sign with my own private key.
I use the module python-openpgp. This is my code:
import gnupg
import os
pgp_home = os.path.join(os.getcwd(), 'pgphome')
gpg = gnupg.GPG(gnupghome=pgp_home)
cwd = os.getcwd()
own_priv_key_path = os.path.join(cwd, 'assets/keys/own_secret.asc')
own_priv_key_data = open(own_priv_key_path).read()
own_priv_key = gpg.import_keys(own_priv_key_data, passphrase="hellomatthias1")
own_public_key_path = os.path.join(cwd, 'assets/keys/own_public.asc')
own_public_key_data = open(own_public_key_path).read()
own_public_key = gpg.import_keys(own_public_key_data)
other_public_key_path = os.path.join(cwd, 'assets/keys/other_pub.asc')
other_public_key_data = open(other_public_key_path).read()
other_public_key = gpg.import_keys(other_public_key_data)
gpg.trust_keys(own_public_key.fingerprints, trustlevel="TRUST_ULTIMATE")
gpg.trust_keys(own_priv_key.fingerprints, trustlevel="TRUST_ULTIMATE")
gpg.trust_keys(other_public_key.fingerprints, trustlevel="TRUST_ULTIMATE")
dummy_file_path = os.path.join(cwd, 'assets/dummyfiles/hello.txt')
output_file_path = os.path.join(cwd, 'assets/dummyfiles/encrypted_hello.txt')
res = gpg.encrypt("hello how are you", recipients=other_public_key.fingerprints[0], sign=own_priv_key.fingerprints[0], passphrase='passphraseofownprivatekey1')
What am I doing wrong here?
I guess the problem doesn't come from the code but from the fact that the python-gnupg wrapper uses directly the gpg executable, thus is bound by the gpg executable requirements.
Reading the error messages, you can see that the gpg executable refuses your secret key :
gpg: WARNING: unsafe permissions on homedir '/home//Programming/GnuPGP/pgphome'
gpg: Warning: not using 'xxx' as default key: No secret key
gpg: all values passed to '--default-key' ignored
Gpg requires than the secret keys must be stored in a safe homedir, meaning a homedir with only user access. It seems you have to reduce permissions on the homedir /home//Programming/GnuPGP/pgphome to its own user with the following command :
$ chmod go-rwx /home//Programming/GnuPGP/pgphome
That done, gpg should not ignore your keys anymore.
It could be required to exclude write access, i don't think so but in case of, use then :
$ chmod u-wx,go-rwx /home//Programming/GnuPGP/pgphome