windows centos 使用 GPG 進行文件加密、解密功能 python 代碼實現

1.安裝必備環境

下載地址：地址 

 

2.安裝Python環境

由於使用的Python SDK調用，需安裝對應的包：

pip install python-gnupg

3.代碼

生成密鑰：

    gpg = gnupg.GPG()
    gpg.encoding = 'utf-8'
    input_data = gpg.gen_key_input(passphrase="abcdefghi", name_real="test2", name_email="[email protected]", key_type="RSA", key_length=1024)
    key = gpg.gen_key(input_data)
    print(key)

key即你密鑰的ID

 

導出密鑰：

  分別導出公鑰 密鑰

    gpg2 = gnupg.GPG()
    key = "上一步生成的key的值"
    ascii_armored_public_keys = gpg2.export_keys(key)  # 公鑰
    print(ascii_armored_public_keys)
    ascii_armored_private_keys = gpg2.export_keys(key, True, passphrase="abcdefghi")
    with open('%s_public.asc' % key, mode='w') as f1:
        f1.write(ascii_armored_public_keys)
    with open('%s_private.asc' % key, mode='w') as f1:
        f1.write(ascii_armored_private_keys)

 

加密 【公鑰加密】

    A用戶有一個文檔，需要提交給B用戶處理，B用戶需要獲取到A用戶的公鑰，然後進行加密，加密完成以後給A用戶，A用戶用自己的私鑰進行解密。

recipients字段可爲 test2 或者 470F5AAA ，即 用誰的公鑰加密，

可通過 gpg -k 查看相關信息

    gpg = gnupg.GPG()
    file_name = 'requirements.txt'
    stream = open(file_name, mode='rb')
    encrypted_ascii_data = gpg.encrypt_file(stream, recipients="B9947E6C718439890C5D4ED381645874470F5AAA", output="{0}.gpg".format(file_name))

 

解密 [私鑰解密]

 在本機上使用無需導入私鑰，但在其他電腦上解密則需要私鑰。

一般用其他人的公鑰給文件加密，然後把加密後的文件發給他，他再使用自己的私鑰解密，就算文件泄露也沒有關係，因爲沒有私鑰 無法解密。

    gpg = gnupg.GPG(verbose=True)
    # 導入私鑰
    command = "gpg --import {0}".format("B9947E6C718439890C5D4ED381645874470F5AAA_public.asc")
    os.system(command)
    # 解密文件
    file_name = 'requirements.txt.gpg'  # 對應上一步生成的加密的文件名
    stream = open(file_name, mode='rb')
    decrypted_data = gpg.decrypt_file(stream, passphrase="abcdefghi")
    print(decrypted_data) # 解密後的數據

 

 

封裝類：

#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os

import gnupg


class GPGUtil:
    def __init__(self, verbose=False):
        """
        GPG工具類
        :param verbose: 是否打印詳情日誌
        """
        self.gpg = gnupg.GPG(verbose=verbose)

    def create_cert(self, passphrase, name_real, name_email, key_type="RSA", key_length=1024):
        self.gpg.encoding = 'utf-8'
        input_data = self.gpg.gen_key_input(passphrase=passphrase, name_real=name_real, name_email=name_email, key_type=key_type, key_length=key_length)
        key = self.gpg.gen_key(input_data)
        print('已生成key：{0}'.format(key))
        return key

    def export_cert(self, key, secret=False, passphrase=None):
        if secret:
            assert passphrase is not None, 'the param `passphrase` is required'
            print(passphrase)
            ascii_armored_private_keys = self.gpg.export_keys(key, secret=True, passphrase=passphrase)
            with open('%s_private.asc' % key, mode='w') as f1:
                f1.write(ascii_armored_private_keys)
        else:
            ascii_armored_public_keys = self.gpg.export_keys(key)
            with open('%s_public.asc' % key, mode='w') as f1:
                f1.write(ascii_armored_public_keys)

    def encrypt_file(self, file_path, recipients=None):

        stream = open(file_path, mode='rb')
        filepath, file_name = os.path.split(file_path)
        self.gpg.encrypt_file(stream, always_trust=True, recipients=recipients, output="{0}.gpg".format(file_name))
        print('文件已生成.')

    def decrypted_file(self, file_path, out_file, private_cert_path, passphrase=None, ):
        # 導入私鑰
        command = "gpg --import {0}".format(private_cert_path)
        print(command)
        os.system(command)
        filepath, file_name = os.path.split(file_path)
        stream = open(file_name, mode='rb')
        decrypted_data = self.gpg.decrypt_file(stream, passphrase=passphrase)
        print('解析成功')
        # 返回值爲 gnupg.Crypt 類型。
        with open(out_file, 'w')as f:
            f.write(str(decrypted_data))


if __name__ == '__main__':
    gpg = GPGUtil(verbose=True)
    # 生成證書
    # gpg.create_cert(passphrase='test', name_real='test', name_email="[email protected]", key_length=2048)
    # 導出私鑰
    # gpg.export_cert(key="DAF6ED23A3B3C0A640CE4BA61238F862F7A1304F", secret=True, passphrase="test")
    # 用公鑰加密
    # gpg.encrypt_file("requirements.txt", recipients='test')  # recipients 即 創建證書時的 name_real字段
    # 用私鑰解密
    # gpg.decrypted_file("requirements.txt.gpg", "requirements.txt", "DAF6ED23A3B3C0A640CE4BA61238F862F7A1304F_private.asc", passphrase="test")