Decrypting GPG/PGP email messages

Benjamin Niemann pink at odahoda.de
Thu Sep 1 06:49:41 EDT 2005


<posted & mailed>

Alessandro Bottoni wrote:

> I know you will shake you head sadly but... I really have to perform such
> a suicidal task (even if for a short time and just for internal use).
> 
> I have to send by email (over the open internet) a XML file containing
> _system commands_ (yes: the kind of stuff like "rm -dfr /") to a server
> and have a Python program sitting on this server, fetching and parsing the
> e-mail message and executing the commands (maybe with _root privileges_).
> 
> Of course, I want to be sure that only the allowed people is able to send
> such dangerous messages to my server so I will ask my users to encrypt and
> digitally sign their messages using Thunderbird, Enigmail and GPG as
> described in this very fine tutorial:
> 
> http://goldenspud.com/webrog/archives/2005/03/10/encrypt-encrypt/
> 
> So far, so good, but I still have a couple of doubts about the server
> side:
> 
> 1) What would you use to decrypt the messages? The GPG module created by
> Andrew Kuchling is declared "incomplete" and "no more maintained" on his
> web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
> game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
> other module?

What about using the command line program via os.pipeX("gpg...")?
I've done it this way when I needed to _create_ encrypted mail attachments
using python (you'll need different gpg options for decrypting):

pipe_in, pipe_out = os.popen2("/usr/bin/gpg -q -r KEYID -s"
           "--passphrase-fd 0 --batch --no-tty -a -o - -e '%s'"
           % path_to_temporary_file)
pipe_in.write("passphrase")
pipe_in.close()

# read encrypted file from pipe_out
pipe_out.close()


> 2) I did not find any mention of _encrypted attachments_ on the Net. Does
> anybody know of a tutorial or a guide that explains how to encrypt (with
> Thunderbird/Enigmail) and decrypt (with Python) the (ANSI text) files
> attached to a email message?

I can't help you with Thunderbird. In the worst case, you'll have to encrypt
your command file manually and attach the encrypted version to your mail.
KMail does have checkboxes for encrypt/sign every attachment separately...


-- 
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://www.odahoda.de/



More information about the Python-list mailing list