Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. GnuPG>
  3. users
GPGME (for python) questions
gnupg-users at gnupg
Oct 23, 2020, 12:48 PM
Post #1 of 2 (117 views)
Permalink
Is there a guide anywhere for what versions of GnuPG are supported by what versions of GPGME?

I only need encryption and decryption as part of an automated software framework, and I’m trying to migrate from an existing toolset that uses GnuPG v1.4 and python-gnupg. We need to be able to pgp encrypt and decrypt without human interaction. I’m working through the various ways to move up to more current software, and latest GPGME with latest GnuPG is probably the best, if I can figure out the python bindings and if GnuPG works with pinentry for automated decryption.

Any tips, any good documents out there? Are there archives of this list somewhere, or is that private for the same reason the subscribers’ list is?

Thanks!

Rich Hammett
Re: GPGME (for python) questions [ In reply to ]
kloecker at kde
Oct 24, 2020, 10:34 AM
Post #2 of 2 (117 views)
Permalink
On Freitag, 23. Oktober 2020 21:48:49 CEST Hammett, Rich via Gnupg-users
wrote:
> Is there a guide anywhere for what versions of GnuPG are supported by what
> versions of GPGME?

Check the documentation of gpgme. The README of the current version reads
"For support of the OpenPGP and the CMS protocols, you should use the
latest version of GnuPG (>= 2.1.18) , available at:
https://gnupg.org/ftp/gcrypt/gnupg/."

Note that GnuPG 2.1.x is no longer supported (even if it might still work with
gpgme).

In general, old functionality in gpgme that worked with an old version of
GnuPG should still work with the latest version of gpgme, but there are no
guarantees. New functionality of gpgme usually is only developed to work with
the current GnuPG release (because often the new gpgme API needs new internal
API in GnuPG and its helpers).

So, if possible, use the most recent GnuPG 2.2 release with the most recent
release of gpgme.

> I only need encryption and decryption as part of an automated software
> framework, and I’m trying to migrate from an existing toolset that uses
> GnuPG v1.4 and python-gnupg.

Note that gpgme now includes the Python bindings.

> We need to be able to pgp encrypt and decrypt
> without human interaction. I’m working through the various ways to move up
> to more current software, and latest GPGME with latest GnuPG is probably
> the best, if I can figure out the python bindings and if GnuPG works with
> pinentry for automated decryption.

I suggest to check out the tests of the Python bindings, in particular,
t-decrypt.py and t-callbacks.py (for passphrase callbacks).

A common recommendation on this list is to use a passphrase-less secret key
for automated decryption because this isn't really less secure than storing
the passphrase in cleartext in some script file next to the secret key.

Another approach is to inject the passphrase into gpg-agent's passphrase cache
with an unlimited (or near unlimited) expiration time. The latter approach
requires human interaction (or scripted interaction from another system) for
entering the passphrase into the cache after every restart of gpg-agent (e.g.
after a system reboot) and is obviously much more error-prone than a
passphrase-less key.

> Any tips, any good documents out there? Are there archives of this list
> somewhere, or is that private for the same reason the subscribers’ list
> is?

The archive of this list is available via the link at the bottom of this
message (which is added automatically by the mailing list).

Regards,
Ingo

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal