Similar to this:
gnupg: There is no assurance this key belongs to the named user
But I want to set the trust level of an imported key pair within Python. Is this possible? And if so, how?
At the moment after trying to encrypt a file with the public key, I'm receiving the message:
"There is no assurance this key belongs to the named user\r\n[GNUPG:] INV_RECP 10 TestUser#Company.Com\r\n[GNUPG:] FAILURE sign-encrypt 53\r\ngpg: [stdin]: sign+encrypt failed: Unusable public key\r\n"
This is after running the following:
with open('Test.txt', 'rb') as f:
status = gpg.encrypt_file(
f,sign=public_key_fingerprint,
recipients=private_key_recipient,
output = output_file
)
status.status returns:
'invalid recipient'
EDIT:
private_key_recipient = 'TestUser#Company.Com'
Looking at pydoc gnupg I see:
trust_keys(self, fingerprints, trustlevel)
It's not documented, but it sounds like what you want.
I'm trying to use pgpy to decrypt a text file with a private key.
I can load the file and it seems decrypt it OK, but after decryption the contents is still a PGP Message, and the object has is_compressed=true. There is no error on decryption.
Is there a decryption flag to decompress as well? Or am I missing something basic here?
import pgpy
key, _ = pgpy.PGPKey.from_file('/path/private_key_file')
with key.unlock('passphrase') as ukey:
file_name = 'encrypted_file.pgp'
# decrypt it
enc_content=pgpy.PGPMessage.from_file(file_name)
clr_content = key.decrypt(enc_content)
# Write the content to a file
# ...
I get a warning on the decryption line: UserWarning: Message was encrypted with this key's subkey: A85C839A50F35A9A. Decrypting with that...
At this point, clr_content.is_compressed = true and str(clr_content) looks like:
'-----BEGIN PGP MESSAGE-----\n\nyP8AAOEdAnicxL3NcuPash54Oxwd0eEIv4EHGF3fG8bmwf
/PzCAIERBBgBsgpaMa\n+AQkokRskYQMkqWteol+E0d41ENHOPphet4DT5258EMSwAIgqY7PiSssct
8qVa6F\nXPmfX/6//+7f/NP/9X/8t//vP/3f699///f/9F//6d/8P//u8S/G6rfF78LfJE74\nm7H6
...
zn+3/Zud///2t+j997Uf0x940/eQbX/f6lx7656+8y/2l2k+9\n74fe/t+P/NGXPvGRr2sf+uIHHnr
tpz598PFvvf3/AYHoIHI=\n=cI/q\n-----END PGP MESSAGE-----\n'
I've tried pushing it through gzip, but didn't get anywhere.
Thanks in advance
Mike
Something like this should work:
clr_content = (key.decrypt(enc_content)).message
Having experimented a lot with this recently it seems that a decrypted PGPMessage is still a PGPMessage (obvious in retrospect) and to get the "clear" contents you need to retrieve the .message attribute of the object.
I'm trying to import a public key provided to me in python but for some reason the code always says "no fingerprint found" for this key. I've been able to use the same code to import another public gpg key. The only difference is that the one i was able to import looks normal when opening in a text file
-----BEGIN PGP MESSAGE-----
hQIMA4KP8a3P3lh+ARAArIKl7NQQ2nwLrbScEXB4YwHK8PaBU/zvcO4flo9XHfhj
...
-----END PGP MESSAGE-----
while the other one looks like a bunch of jumbled characters. snippit of jumbled file
Here is the python code i am using to do my import
import boto3
import os
import gnupg
from pprint import pprint
gpg = gnupg.GPG()
#commented out part where i pull file from s3 to /tmp/Public_key.txt
public_keys = gpg.list_keys()
private_keys = gpg.list_keys(True)
print ('public keys:')
pprint(public_keys)
print ('private keys:')
pprint(private_keys)
# import
key_data = open('/tmp/Public_Key.txt').read()
import_result = gpg.import_keys(key_data)
for k in import_result.results:
print("printing import results public key")
print(k)
Things i have tried are: reading the file as binary instead which also didn't work
with open('/tmp/Public_Key.txt', mode='rb') as file: # b is important -> binary
key_data = file.read()
Another thing to note, the key is able to be imported easily when i use CLI from my terminal using
gpg --import Public_Key.txt
So is it because i need to convert it to a string first that is messing it up?
The output of the import attempt in python is
{'fingerprint': None, 'status': 'No valid data found'}
Any idea how I can use the paramiko.RSAKey.from_private_key() function?
I know there is a from_private_key_file(), but I'm interested in using a function to parse a private key (like below) and use that private key for SSHClient.
Private key (sample):
-----BEGIN RSA PRIVATE KEY-----\nMIICXgIBAAKCAIEAmfgmlY95SHXhCeBNdkhSrsG4JVbqyew845yoZRX3wcS2/doz\niVQxgx0aiOwLi+/Rnkb3PLUIwoxb/LoD/W0YMS6/NSUMt+LdH+zsjeNF2iq4rDzU\nwDSqi27q/8u/egrK7H+9HNKEVXb/87utAAm3VTM9KqKaK3VuVFrNrnsDSuECAwEA\nAQKCAIBZn3y2KiGq8BLiMNJmO4sFdnW+Jm3cw8pdo17SGItzGxJ5iX3ePkfjzhkY\nAm5mMl6OBzj6+VX0CMeywIR6C/q8HwDYSmZcuU5v76/DoW5bI6xkPrroqEz6aRE5\nyN+2hf65RD3eoPATsdrP/kxiKjZg9uG9LhgIXyVwYFs1RcqewQJBAMCVJlEYXRio\neynUtyES9HNmUGUqHKmri1FZfO56/mFdG5ZXsKE48qURCAGVxI+goGQ4vtJIXB2J\nyTEr+5qYtE0CQQDMq9/iigk+XDOa9xGCbwxbLGdPawaEivezMVdPqVzH971L6kZ8\nhEnev1DqujgGCyR+QYPW1ZCXH05FY9CqWwrlAkATzYJyJlI0XebER2ZJVVyjnSq5\nLFpkLAqYY95P23/a3SsgC4ZTHbr9tEGhgBgFONwlUhx1HRGzy95PWxl1LSylAkBk\nwP93v8gJIM5urM27zfrhLxy0ZdVRji+d0N5QYuk/r19KbcvBJEZRFxE4W++UWgve\n81V5fqytGEYptpdUJXlZAkEArxZDiT1HXXGciIgzZbh53McogPCGHiKOOPSjpM41\npneDFVvwgezCWoDauxNDzu7Nl55qPJsmvfKZ+SKvCajrhQw==\n-----END RSA PRIVATE KEY-----\n
Code I wanted to run:
import paramiko
ssh = paramiko.SSHClient()
# how do I pass in the private_key, when my private_key (shown above) is in string?
mykey = paramiko.RSAKey.from_private_key(private_key)
ssh.connect('192.168.1.2', username = 'vinod', pkey = mykey)
Many thanks.
Lev's method worked for me:
>>> import paramiko
>>> f = open('/path/to/key.pem','r')
>>> s = f.read()
>>> import StringIO
>>> keyfile = StringIO.StringIO(s)
>>> mykey = paramiko.RSAKey.from_private_key(keyfile)
>>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
>>> ssh.connect('myserver.compute-1.amazonaws.com', username='ubuntu', pkey=mykey)
>>> stdin, stdout, stderr = ssh.exec_command('uptime')
>>> stdout.readlines()
[' 19:21:10 up 24 days, 42 min, 1 user, load average: 0.14, 0.06, 0.05\n']
This should do it:
import io
import paramiko
private_key_file = io.StringIO()
private_key_file.write('-----BEGIN RSA PRIVATE KEY-----\nlskjdflk\n...\n-----END RSA PRIVATE KEY-----\n')
private_key_file.seek(0)
private_key = paramiko.RSAKey.from_private_key(private_key_file)
from_private_key() apparently takes a file object:
from_private_key(cls, file_obj, password=None)
Create a key object by reading a private key from a file (or file-like) object. If the private key is encrypted and password is not None, the given password will be used to decrypt the key (otherwise PasswordRequiredException is thrown).
Parameters:
file_obj (file) - the file to read from
password (str) - an optional password to use to decrypt the key, if it's encrypted
Returns: PKey
a new key object based on the given private key
Raises:
IOError - if there was an error reading the key
PasswordRequiredException - if the private key file is encrypted, and password is None
SSHException - if the key file is invalid
So to feed it a key as a string you can use StringIO, something like:
private_key = StringIO.StringIO(key_string)
mykey = paramiko.RSAKey.from_private_key(private_key)
I have not tested this, though.
Here is where 'duck typing' comes in handy - it does not have to BE a duck (=file), it just has to BEHAVE like one.
A little experimentation shows that, any object that has a valid readlines() method is fine.
I faked it with:
def myfakefile(keystring):
myfakefile.readlines=lambda: keystring.split("\n")
return myfakefile
mykey = paramiko.RSAKey.from_private_key(myfakefile(keystring))
This is incredibly hacky, but it works.
What this does, is, when you call myfakefile(keystring), it creates myfakefile.readlines, which returns the (split) contents of keystrings.
Then, it returns the function.
The same function is passed to from_private_key. from_private_key, thinking it is a file, calls myfakefile.readlines(). This calls the newly created (lambda) function, which returns the sort of thing you would expect from file.readlines() - or, close enough, anyway.
Note that, saving the results will not work as expected:
k1=myfakefile(keystring1)
k2=myfakefile(keystring2)
# This will return keystring2, not keystring1!
paramkiko.RSAKey.from_private_keyfile(k1.readlines())
There are more robust methods of getting this to work as it should, but not worth the effort - just use StringIO if your needs are more complicated.
Very old question, but in case it helps some unfortunate soul: my sol'n to this problem was to generate a new key with default options, using
ssh-keygen -t rsa
My previous key was generated using
ssh-keygen -t rsa -b 4096 -a 100
which paramiko complained about as it did for OP.
M2Crypto package is not showing the 'recipient_public_key.pem' file at linux terminal.
How do I get/connect with recipient public key.
Exactly, I need to check how can I open this file through linux commands.
import M2Crypto
def encrypt():
recip = M2Crypto.RSA.load_pub_key(open('recipient_public_key.pem','rb').read())
print recip;
plaintext = whatever i need to encrypt
msg = recip.public_encrypt(plaintext,RSA.pkcs1_padding)
print msg;
after calling the function its not giving any output and even any error
i also tried as 'Will' said
pk = open('public_key.pem','rb').read()
print pk;
rsa = M2Crypto.RSA.load_pub_key(pk)
what is the mistake I am not getting?
I have never used M2Crypto, but according to the API documentation, load_pub_key expects the file name as the argument, not the key itself. Try
recip = M2Crypto.RSA.load_pub_key('recipient_public_key.pem')