Decrypting GPG/PGP email messages
Benjamin Niemann
pink at odahoda.de
Thu Sep 1 06:49:41 EDT 2005
<posted & mailed>
Alessandro Bottoni wrote:
> I know you will shake you head sadly but... I really have to perform such
> a suicidal task (even if for a short time and just for internal use).
>
> I have to send by email (over the open internet) a XML file containing
> _system commands_ (yes: the kind of stuff like "rm -dfr /") to a server
> and have a Python program sitting on this server, fetching and parsing the
> e-mail message and executing the commands (maybe with _root privileges_).
>
> Of course, I want to be sure that only the allowed people is able to send
> such dangerous messages to my server so I will ask my users to encrypt and
> digitally sign their messages using Thunderbird, Enigmail and GPG as
> described in this very fine tutorial:
>
> http://goldenspud.com/webrog/archives/2005/03/10/encrypt-encrypt/
>
> So far, so good, but I still have a couple of doubts about the server
> side:
>
> 1) What would you use to decrypt the messages? The GPG module created by
> Andrew Kuchling is declared "incomplete" and "no more maintained" on his
> web pages (http://www.amk.ca/python/code/gpg) so I think it is out of the
> game. Would you use OpenPGP (http://www.aonalu.net/openpgp/python)? Any
> other module?
What about using the command line program via os.pipeX("gpg...")?
I've done it this way when I needed to _create_ encrypted mail attachments
using python (you'll need different gpg options for decrypting):
pipe_in, pipe_out = os.popen2("/usr/bin/gpg -q -r KEYID -s"
"--passphrase-fd 0 --batch --no-tty -a -o - -e '%s'"
% path_to_temporary_file)
pipe_in.write("passphrase")
pipe_in.close()
# read encrypted file from pipe_out
pipe_out.close()
> 2) I did not find any mention of _encrypted attachments_ on the Net. Does
> anybody know of a tutorial or a guide that explains how to encrypt (with
> Thunderbird/Enigmail) and decrypt (with Python) the (ANSI text) files
> attached to a email message?
I can't help you with Thunderbird. In the worst case, you'll have to encrypt
your command file manually and attach the encrypted version to your mail.
KMail does have checkboxes for encrypt/sign every attachment separately...
--
Benjamin Niemann
Email: pink at odahoda dot de
WWW: http://www.odahoda.de/
More information about the Python-list
mailing list