PGPy API¶

Exceptions¶

`PGPError`¶

exception pgpy.errors.PGPError¶: Raised as a general error in PGPy

`PGPEncryptionError`¶

exception pgpy.errors.PGPEncryptionError¶: Raised when encryption fails

`PGPDecryptionError`¶

exception pgpy.errors.PGPDecryptionError¶: Raised when decryption fails

`PGPOpenSSLCipherNotSupported`¶

exception pgpy.errors.PGPOpenSSLCipherNotSupported¶: Raised when OpenSSL does not support the requested cipher

`PGPInsecureCipher`¶

exception pgpy.errors.PGPInsecureCipher¶: Raised when a cipher known to be insecure is attempted to be used to encrypt data

`WontImplementError`¶

exception pgpy.errors.WontImplementError¶: Raised when something that is not implemented, will not be implemented

Constants¶

`PubKeyAlgorithm`¶

class pgpy.constants.PubKeyAlgorithm¶

Supported public key algorithms.

RSAEncryptOrSign¶: Signifies that a key is an RSA key.

DSA¶: Signifies that a key is a DSA key.

ElGamal¶: Signifies that a key is an ElGamal key.

ECDH¶: Signifies that a key is an ECDH key.

ECDSA¶: Signifies that a key is an ECDSA key.

`EllipticCurveOID`¶

class pgpy.constants.EllipticCurveOID¶

OIDs for supported elliptic curves.

Curve25519¶: DJB’s fast elliptic curve

Ed25519¶: Twisted Edwards variant of Curve25519

NIST_P256¶: NIST P-256, also known as SECG curve secp256r1

NIST_P384¶: NIST P-384, also known as SECG curve secp384r1

NIST_P521¶: NIST P-521, also known as SECG curve secp521r1

Brainpool_P256¶: Brainpool Standard Curve, 256-bit

Note

Requires OpenSSL >= 1.0.2

Brainpool_P384¶: Brainpool Standard Curve, 384-bit

Note

Requires OpenSSL >= 1.0.2

Brainpool_P512¶: Brainpool Standard Curve, 512-bit

Note

Requires OpenSSL >= 1.0.2

SECP256K1¶: SECG curve secp256k1

`SymmetricKeyAlgorithm`¶

class pgpy.constants.SymmetricKeyAlgorithm¶

Supported symmetric key algorithms.

IDEA¶: Warning

IDEA is insecure. PGPy only allows it to be used for decryption, not encryption!

TripleDES¶: Triple-DES with 168-bit key derived from 192

CAST5¶: CAST5 (or CAST-128) with 128-bit key

Blowfish¶: Blowfish with 128-bit key and 16 rounds

AES128¶: AES with 128-bit key

AES192¶: AES with 192-bit key

AES256¶: AES with 256-bit key

Camellia128¶: Camellia with 128-bit key

Camellia192¶: Camellia with 192-bit key

Camellia256¶: Camellia with 256-bit key

`CompressionAlgorithm`¶

class pgpy.constants.CompressionAlgorithm¶

Supported compression algorithms.

Uncompressed¶: No compression

ZIP¶: ZIP DEFLATE

ZLIB¶: ZIP DEFLATE with zlib headers

BZ2¶: Bzip2

`HashAlgorithm`¶

class pgpy.constants.HashAlgorithm¶

Supported hash algorithms.

MD5¶

SHA1¶

RIPEMD160¶

SHA256¶

SHA384¶

SHA512¶

SHA224¶

`SignatureType`¶

class pgpy.constants.SignatureType¶

Types of signatures that can be found in a Signature packet.

BinaryDocument¶: The signer either owns this document, created it, or certifies that it has not been modified.

CanonicalDocument¶: The signer either owns this document, created it, or certifies that it has not been modified. The signature is calculated over the text data with its line endings converted to <CR><LF>.

Standalone¶: This signature is a signature of only its own subpacket contents. It is calculated identically to a signature over a zero-length BinaryDocument.

Generic_Cert¶: The issuer of this certification does not make any particular claim as to how well the certifier has checked that the owner of the key is in fact the person described by the User ID.

Persona_Cert¶: The issuer of this certification has not done any verification of the claim that the owner of this key is the User ID specified.

Casual_Cert¶: The issuer of this certification has done some casual verification of the claim of identity.

Positive_Cert¶: The issuer of this certification has done substantial verification of the claim of identity.

Attestation¶: This signature is issued by the primary key over itself and its user ID (or user attribute). See draft-ietf-openpgp-rfc4880bis-08

Subkey_Binding¶: This signature is a statement by the top-level signing key that indicates that it owns the subkey. This signature is calculated directly on the primary key and subkey, and not on any User ID or other packets.

PrimaryKey_Binding¶: This signature is a statement by a signing subkey, indicating that it is owned by the primary key and subkey. This signature is calculated the same way as a Subkey_Binding signature.

DirectlyOnKey¶: A signature calculated directly on a key. It binds the information in the Signature subpackets to the key, and is appropriate to be used for subpackets that provide information about the key, such as the Revocation Key subpacket. It is also appropriate for statements that non-self certifiers want to make about the key itself, rather than the binding between a key and a name.

KeyRevocation¶: A signature calculated directly on the key being revoked. Only revocation signatures by the key being revoked, or by an authorized revocation key, should be considered valid revocation signatures.

SubkeyRevocation¶: A signature calculated directly on the subkey being revoked. Only revocation signatures by the top-level signature key that is bound to this subkey, or by an authorized revocation key, should be considered valid revocation signatures.

CertRevocation¶: This signature revokes an earlier User ID certification signature or direct-key signature. It should be issued by the same key that issued the revoked signature or an authorized revocation key. The signature is computed over the same data as the certificate that it revokes.

Timestamp¶: This signature is only meaningful for the timestamp contained in it.

ThirdParty_Confirmation¶: This signature is a signature over some other OpenPGP Signature packet(s). It is analogous to a notary seal on the signed data.

`KeyFlags`¶

class pgpy.constants.KeyFlags¶

Flags that determine a key’s capabilities.

Certify¶: Signifies that a key may be used to certify keys and user ids. Primary keys always have this, even if it is not specified.

Sign¶: Signifies that a key may be used to sign messages and documents.

EncryptCommunications¶: Signifies that a key may be used to encrypt messages.

EncryptStorage¶: Signifies that a key may be used to encrypt storage. Currently equivalent to EncryptCommunications.

Split¶: Signifies that the private component of a given key may have been split by a secret-sharing mechanism. Split keys are not currently supported by PGPy.

Authentication¶: Signifies that a key may be used for authentication.

MultiPerson¶: Signifies that the private component of a key may be in the possession of more than one person.

`RevocationReason`¶

class pgpy.constants.RevocationReason¶

Reasons explaining why a key or certificate was revoked.

NotSpecified¶: No reason was specified. This is the default reason.

Superseded¶: The key was superseded by a new key. Only meaningful when revoking a key.

Compromised¶: Key material has been compromised. Only meaningful when revoking a key.

Retired¶: Key is retired and no longer used. Only meaningful when revoking a key.

UserID¶: User ID information is no longer valid. Only meaningful when revoking a certification of a user id.

Classes¶

`PGPKey`¶

class pgpy.PGPKey¶

PGPKey objects represent OpenPGP compliant keys along with all of their associated data.

PGPKey implements the __str__ method, the output of which will be the key composition in OpenPGP-compliant ASCII-armored format.

PGPKey implements the __bytes__ method, the output of which will be the key composition in OpenPGP-compliant binary format.

Any signatures within the PGPKey that are marked as being non-exportable will not be included in the output of either of those methods.

ascii_headers¶: An OrderedDict of headers that appear, in order, in the ASCII-armored form of this object.

classmethod from_file(filename)¶

Create a new PGPKey object, with contents loaded from a file. May be binary or ASCII armored.

Parameters:	filename (`str`) – The path to the file to load.
Raises:	`ValueError` if a properly formed PGP block was not found in the file at `filename`
Raises:	`PGPError` if de-armoring or parsing failed
Returns:	A two element `tuple` of `PGPKey`, `OrderedDict`. The `OrderedDict` has the following format: key, others = PGPKey.from_file('path/to/keyfile') # others: { (Fingerprint, bool(key.is_public)): PGPKey }

classmethod from_blob(blob)¶

Create a new PGPKey object, with contents loaded from a blob. May be binary or ASCII armored.

Parameters:	blob (`str`, `bytes`, `unicode`, `bytearray`) – The data to load.
Raises:	`TypeError` if blob is not in the expected types above
Raises:	`ValueError` if a properly formed PGP block was not found in `blob`
Raises:	`PGPError` if de-armoring or parsing failed
Returns:	A two element `tuple` of `PGPKey`, `OrderedDict`. The `OrderedDict` has the following format: key, others = PGPKey.from_file('path/to/keyfile') # others: { (Fingerprint, bool(key.is_public)): PGPKey }

created¶: A datetime object of the creation date and time of the key, in UTC.

expires_at¶: A datetime object of when this key is to be considered expired, if any. Otherwise, None

fingerprint¶: The fingerprint of this key, as a Fingerprint object.

is_expired¶: True if this key is expired, otherwise False

is_primary¶: True if this is a primary key; False if this is a subkey

is_protected¶: True if this is a private key that is protected with a passphrase, otherwise False

is_public¶: True if this is a public key, otherwise False

is_unlocked¶: False if this is a private key that is protected with a passphrase and has not yet been unlocked, otherwise True

key_algorithm¶: The constants.PubKeyAlgorithm pertaining to this key

key_size¶: The size pertaining to this key. int for non-EC key algorithms; constants.EllipticCurveOID for EC keys.

New in version 0.4.1.

magic¶: The magic string identifier for the current PGP type

pubkey¶: If the PGPKey object is a private key, this method returns a corresponding public key object with all the trimmings. If it is already a public key, just return it.

signers¶: A set of key ids of keys that were used to sign this key

subkeys¶: An OrderedDict of subkeys bound to this primary key, if applicable, selected by 16-character keyid.

userids¶: A list of PGPUID objects containing User ID information about this key

userattributes¶: A list of PGPUID objects containing one or more images associated with this key

revocation_keys¶

A generator with the list of keys that can revoke this key.

See also PGPSignature.revocation_key()

classmethod new(key_algorithm, key_size, created=None)¶

Generate a new PGP key

Parameters:	key_algorithm (`PubKeyAlgorithm`) – Key algorithm to use. key_size (`int` or `EllipticCurveOID`) – Key size in bits, unless key_algorithm is `ECDSA` or `ECDH`, in which case it should be the Curve OID to use. created (`datetime` or `None`) – When was the key created? (`None` or unset means now)
Returns:	A newly generated `PGPKey`

protect(passphrase, enc_alg, hash_alg)¶

Add a passphrase to a private key. If the key is already passphrase protected, it should be unlocked before a new passphrase can be specified.

Has no effect on public keys.

Parameters:	passphrase (`str`, `unicode`) – A passphrase to protect the key with enc_alg (`SymmetricKeyAlgorithm`) – Symmetric encryption algorithm to use to protect the key hash_alg (`HashAlgorithm`) – Hash algorithm to use in the String-to-Key specifier

unlock(passphrase)¶

Context manager method for unlocking passphrase-protected private keys. Has no effect if the key is not both private and passphrase-protected.

When the context managed block is exited, the unprotected private key material is removed.

Example:

privkey = PGPKey()
privkey.parse(keytext)

assert privkey.is_protected
assert privkey.is_unlocked is False
# privkey.sign("some text") <- this would raise an exception

with privkey.unlock("TheCorrectPassphrase"):
    # privkey is now unlocked
    assert privkey.is_unlocked
    # so you can do things with it
    sig = privkey.sign("some text")

# privkey is no longer unlocked
assert privkey.is_unlocked is False

Emits a UserWarning if the key is public or not passphrase protected.

Parameters:	passphrase (`str`) – The passphrase to be used to unlock this key.
Raises:	`PGPDecryptionError` if the passphrase is incorrect

add_uid(uid, selfsign=True, **prefs)¶

Add a User ID to this key.

Parameters:	uid (`PGPUID`) – The user id to add selfsign (`bool`) – Whether or not to self-sign the user id before adding it

Valid optional keyword arguments are identical to those of self-signatures for PGPKey.certify(). Any such keyword arguments are ignored if selfsign is False

get_uid(search)¶

Find and return a User ID that matches the search string given.

Parameters:	search (`str`, `unicode`) – A text string to match name, comment, or email address against
Returns:	The first matching `PGPUID`, or `None` if no matches were found.

del_uid(search)¶

Find and remove a user id that matches the search string given. This method does not modify the corresponding PGPUID object; it only removes it from the list of user ids on the key.

Parameters:	search (`str`, `unicode`) – A text string to match name, comment, or email address against

add_subkey(key, **prefs)¶

Add a key as a subkey to this key.

Parameters:	key – A private `PGPKey` that does not have any subkeys of its own usage (`set`) – A `set` of key usage flags, as `KeyFlags` for the subkey to be added.

Other valid optional keyword arguments are identical to those of self-signatures for PGPKey.certify()

sign(subject, **prefs)¶

Sign text, a message, or a timestamp using this key.

Parameters:	subject (`str`, `PGPMessage`, `None`) – The text to be signed
Raises:	`PGPError` if the key is passphrase-protected and has not been unlocked
Raises:	`PGPError` if the key is public
Returns:	`PGPSignature`

The following optional keyword arguments can be used with PGPKey.sign(), as well as PGPKey.certify(), PGPKey.revoke(), and PGPKey.bind():

Parameters:

expires (datetime, timedelta) – Set an expiration date for this signature
notation (dict) – Add arbitrary notation data to this signature.
policy_uri (str) – Add a URI to the signature that should describe the policy under which the signature was issued.
revocable (bool) – If False, this signature will be marked non-revocable
user (str) – Specify which User ID to use when creating this signature. Also adds a “Signer’s User ID” to the signature.
created (datetime) – Specify the time that the signature should be made. If unset or None, it will use the present time.
intended_recipients (list) – Specify a list of PGPKey objects that will be encrypted to.
include_issuer_fingerprint (bool) – Whether to include a hashed subpacket indicating the issuer fingerprint. (only for v4 keys, defaults to True)

certify(subject, level=SignatureType.Generic_Cert, **prefs)¶

Sign a key or a user id within a key.

Parameters:	subject (`PGPKey`, `PGPUID`) – The user id or key to be certified. level – `Generic_Cert`, `Persona_Cert`, `Casual_Cert`, or `Positive_Cert`. Only used if subject is a `PGPUID`; otherwise, it is ignored.
Raises:	`PGPError` if the key is passphrase-protected and has not been unlocked
Raises:	`PGPError` if the key is public
Returns:	`PGPSignature`

In addition to the optional keyword arguments accepted by PGPKey.sign(), the following optional keyword arguments can be used with PGPKey.certify().

These optional keywords only make sense, and thus only have an effect, when self-signing a key or User ID:

Parameters:

usage (set) – A set of key usage flags, as KeyFlags. This keyword is ignored for non-self-certifications.
ciphers (list) – A list of preferred symmetric ciphers, as SymmetricKeyAlgorithm. This keyword is ignored for non-self-certifications.
hashes (list) – A list of preferred hash algorithms, as HashAlgorithm. This keyword is ignored for non-self-certifications.
compression (list) – A list of preferred compression algorithms, as CompressionAlgorithm. This keyword is ignored for non-self-certifications.
key_expiration (datetime.datetime, datetime.timedelta) – Specify a key expiration date for when this key should expire, or a timedelta of how long after the key was created it should expire. This keyword is ignored for non-self-certifications.
attested_certifications (list) – A list of third-party certifications, as PGPSignature, that the certificate holder wants to attest to for redistribution with the certificate. Alternatively, any element in the list can be a bytes or bytearray object of the appropriate length (the length of this certification’s digest). This keyword is only used for signatures of type Attestation.
keyserver (str, unicode, bytes) – Specify the URI of the preferred key server of the user. This keyword is ignored for non-self-certifications.
keyserver_flags (set) – A set of Key Server Preferences, as KeyServerPreferences.
primary (bool) – Whether or not to consider the certified User ID as the primary one. This keyword is ignored for non-self-certifications, and any certifications directly on keys.

These optional keywords only make sense, and thus only have an effect, when signing another key or User ID:

Parameters:

trust (tuple of two int s) – Specify the level and amount of trust to assert when certifying a public key. Should be a tuple of two int s, specifying the trust level and trust amount. See RFC 4880 Section 5.2.3.13. Trust Signature for more on what these values mean.
regex (str) – Specify a regular expression to constrain the specified trust signature in the resulting signature. Symbolically signifies that the specified trust signature only applies to User IDs which match this regular expression. This is meaningless without also specifying trust level and amount.
exportable (bool) – Whether this certification is exportable or not.

revoke(target, **prefs)¶

Revoke a key, a subkey, or all current certification signatures of a User ID that were generated by this key so far.

Parameters:	target (`PGPKey`, `PGPUID`) – The key to revoke
Raises:	`PGPError` if the key is passphrase-protected and has not been unlocked
Raises:	`PGPError` if the key is public
Returns:	`PGPSignature`

In addition to the optional keyword arguments accepted by PGPKey.sign(), the following optional keyword arguments can be used with PGPKey.revoke().

Parameters:	reason (One of `constants.RevocationReason`.) – Defaults to `constants.RevocationReason.NotSpecified` comment (`str`) – Defaults to an empty string.

revoker(revoker, **prefs)¶

Generate a signature that specifies another key as being valid for revoking this key.

Parameters:	revoker (`PGPKey`) – The `PGPKey` to specify as a valid revocation key.
Raises:	`PGPError` if the key is passphrase-protected and has not been unlocked
Raises:	`PGPError` if the key is public
Returns:	`PGPSignature`

In addition to the optional keyword arguments accepted by PGPKey.sign(), the following optional keyword arguments can be used with PGPKey.revoker().

Parameters:	sensitive (`bool`) – If `True`, this sets the sensitive flag on the RevocationKey subpacket. Currently, this has no other effect.

bind(key, **prefs)¶

Bind a subkey to this key.

In addition to the optional keyword arguments accepted for self-signatures by PGPkey.certify(), the following optional keyword arguments can be used with PGPKey.bind().

Parameters:	crosssign (`bool`) – If `False`, do not attempt a cross-signature (defaults to `True`). Subkeys which are not capable of signing will not produce a cross-signature in any case. Setting `crosssign` to `False` is likely to produce subkeys that will be rejected by some other OpenPGP implementations.

verify(subject, signature=None)¶

Verify a subject with a signature using this key.

Parameters:	subject (`str`, `unicode`, `None`, `PGPMessage`, `PGPKey`, `PGPUID`) – The subject to verify signature (`PGPSignature`) – If the signature is detached, it should be specified here.
Returns:	`SignatureVerification`

encrypt(message, [sessionkey=None, ]**prefs)¶

Encrypt a PGPMessage using this key.

Parameters:	message (`PGPMessage`) – The message to encrypt. sessionkey (`bytes`, `str`) – Provide a session key to use when encrypting something. Default is `None`. If `None`, a session key of the appropriate length will be generated randomly. Warning Care should be taken when making use of this option! Session keys absolutely need to be unpredictable! Use the `gen_key()` method on the desired `SymmetricKeyAlgorithm` to generate the session key!
Raises:	`PGPEncryptionError` if encryption failed for any reason.
Returns:	A new `PGPMessage` with the encrypted contents of `message`

The following optional keyword arguments can be used with PGPKey.encrypt():

Parameters:	cipher (`SymmetricKeyAlgorithm`) – Specifies the symmetric block cipher to use when encrypting the message. user (`str`, `unicode`) – Specifies the User ID to use as the recipient for this encryption operation, for the purposes of preference defaults and selection validation.

decrypt(message)¶

Decrypt a PGPMessage using this key.

Parameters:	message – An encrypted `PGPMessage`
Raises:	`PGPError` if the key is not private, or protected but not unlocked.
Raises:	`PGPDecryptionError` if decryption fails for any other reason.
Returns:	A new `PGPMessage` with the decrypted contents of `message`.

parse(data)¶: this method is too abstract to understand

PGPKeyring objects represent in-memory keyrings that can contain any combination of supported private and public keys. It can not currently be conveniently exported to a format that can be understood by GnuPG.

ascii_headers¶: An OrderedDict of headers that appear, in order, in the ASCII-armored form of this object.

load(*args)¶

Load all keys provided into this keyring object.

Parameters:	*args (`list`, `tuple`, `str`, `unicode`, `bytes`, `bytearray`) – Each arg in `args` can be any of the formats supported by `PGPKey.from_file()` and `PGPKey.from_blob()` or a `PGPKey` instance, or a `list` or `tuple` of these.
Returns:	a `set` containing the unique fingerprints of all of the keys that were loaded during this operation.

key(identifier)¶

A context-manager method. Yields the first PGPKey object that matches the provided identifier.

Parameters:	identifier (`PGPMessage`, `PGPSignature`, `str`) – The identifier to use to select a loaded key.
Raises:	`KeyError` if there is no loaded key that satisfies the identifier.

fingerprints(keyhalf='any', keytype='any')¶

List loaded fingerprints with some optional filtering.

Parameters:	keyhalf (`str`) – Can be ‘any’, ‘public’, or ‘private’. If ‘public’, or ‘private’, the fingerprints of keys of the the other type will not be included in the results. keytype (`str`) – Can be ‘any’, ‘primary’, or ‘sub’. If ‘primary’ or ‘sub’, the fingerprints of keys of the the other type will not be included in the results.
Returns:	a `set` of fingerprints of keys matching the filters specified.

unload(key)¶

Unload a loaded key and its subkeys.

Parameters:	key (`PGPKey`) – The key to unload.

The easiest way to do this is to select a key using PGPKeyring.key() first:

with keyring.key("DSA von TestKey") as key:
    keyring.unload(key)

`PGPMessage`¶

class pgpy.PGPMessage¶

PGPMessage objects represent OpenPGP message compositions.

PGPMessage implements the __str__ method, the output of which will be the message composition in OpenPGP-compliant ASCII-armored format.

PGPMessage implements the __bytes__ method, the output of which will be the message composition in OpenPGP-compliant binary format.

Any signatures within the PGPMessage that are marked as being non-exportable will not be included in the output of either of those methods.

ascii_headers¶: An OrderedDict of headers that appear, in order, in the ASCII-armored form of this object.

classmethod from_file(filename)¶

Create a new PGPMessage object, with contents loaded from a file. May be binary or ASCII armored.

Parameters:	filename (`str`) – The path to the file to load.
Raises:	`ValueError` if a properly formed PGP block was not found in the file at `filename`
Raises:	`PGPError` if de-armoring or parsing failed
Returns:	`PGPMessage`

classmethod from_blob(blob)¶

Create a new PGPMessage object, with contents loaded from a blob. May be binary or ASCII armored.

Parameters:	blob (`str`, `bytes`, `unicode`, `bytearray`) – The data to load.
Raises:	`TypeError` if blob is not in the expected types above
Raises:	`ValueError` if a properly formed PGP block was not found in `blob`
Raises:	`PGPError` if de-armoring or parsing failed
Returns:	`PGPMessage`

encrypters¶: A set containing all key ids (if any) to which this message was encrypted.

filename¶: If applicable, returns the original filename of the message. Otherwise, returns an empty string.

is_compressed¶: True if this message will be compressed when exported

is_encrypted¶: True if this message is encrypted; otherwise, False

is_sensitive¶: True if this message is marked sensitive; otherwise False

is_signed¶: True if this message is signed; otherwise, False. Should always be False if the message is encrypted.

issuers¶: A set containing all key ids (if any) which have signed or encrypted this message.

magic¶: The magic string identifier for the current PGP type

message¶: The message contents

signatures¶: A set containing all key ids (if any) which have signed this message.

signers¶: A set containing all key ids (if any) which have signed this message.

classmethod new(message, **kwargs)¶

Create a new PGPMessage object.

Parameters:	message (`str`, `unicode`, `bytes`, `bytearray`) – The message to be stored.
Returns:	`PGPMessage`

The following optional keyword arguments can be used with PGPMessage.new():

Parameters:

file (bool) – if True, message should be a path to a file. The contents of that file will be read and used as the contents of the message.
cleartext (bool) – if True, the message will be cleartext with inline signatures.
sensitive (bool) – if True, the filename will be set to ‘_CONSOLE’ to signal other OpenPGP clients to treat this message as being ‘for your eyes only’. Ignored if cleartext is True.
format (str) – Set the message format identifier. Ignored if cleartext is True.
compression – Set the compression algorithm for the new message. Defaults to CompressionAlgorithm.ZIP. Ignored if cleartext is True.
encoding (str representing a valid codec in codecs) – Set the Charset header for the message.

encrypt(passphrase, [sessionkey=None, ]**prefs)¶

Encrypt the contents of this message using a passphrase.

Parameters:	passphrase (`str`, `unicode`, `bytes`) – The passphrase to use for encrypting this message. sessionkey (`bytes`, `str`) – Provide a session key to use when encrypting something. Default is `None`. If `None`, a session key of the appropriate length will be generated randomly. Warning Care should be taken when making use of this option! Session keys absolutely need to be unpredictable! Use the `gen_key()` method on the desired `SymmetricKeyAlgorithm` to generate the session key!
Raises:	`PGPEncryptionError`
Returns:	A new `PGPMessage` containing the encrypted contents of this message.

decrypt(passphrase)¶

Attempt to decrypt this message using a passphrase.

Parameters:	passphrase (`str`, `unicode`, `bytes`) – The passphrase to use to attempt to decrypt this message.
Raises:	`PGPDecryptionError` if decryption failed for any reason.
Returns:	A new `PGPMessage` containing the decrypted contents of this message

parse(packet)¶: this method is too abstract to understand

`PGPSignature`¶

class pgpy.PGPSignature¶

PGPSignature objects represent OpenPGP compliant signatures.

PGPSignature implements the __str__ method, the output of which will be the signature object in OpenPGP-compliant ASCII-armored format.

PGPSignature implements the __bytes__ method, the output of which will be the signature object in OpenPGP-compliant binary format.

ascii_headers¶: An OrderedDict of headers that appear, in order, in the ASCII-armored form of this object.

classmethod from_file(filename)¶

Create a new PGPSignature object, with contents loaded from a file. May be binary or ASCII armored.

Parameters:	filename (`str`) – The path to the file to load.
Raises:	`ValueError` if a properly formed PGP block was not found in the file at `filename`
Raises:	`PGPError` if de-armoring or parsing failed
Returns:	`PGPSignature`

classmethod from_blob(blob)¶

Create a new PGPSignature object, with contents loaded from a blob. May be binary or ASCII armored.

Parameters:	blob (`str`, `bytes`, `unicode`, `bytearray`) – The data to load.
Raises:	`TypeError` if blob is not in the expected types above
Raises:	`ValueError` if a properly formed PGP block was not found in `blob`
Raises:	`PGPError` if de-armoring or parsing failed
Returns:	`PGPSignature`

cipherprefs¶: A list of preferred symmetric algorithms specified in this signature, if any. Otherwise, an empty list.

compprefs¶: A list of preferred compression algorithms specified in this signature, if any. Otherwise, an empty list.

created¶: A datetime of when this signature was created.

expires_at¶: A datetime of when this signature expires, if a signature expiration date is specified. Otherwise, None

exportable¶: False if this signature is marked as being not exportable. Otherwise, True.

features¶: A set of implementation features specified in this signature, if any. Otherwise, an empty set.

hashprefs¶: A list of preferred hash algorithms specified in this signature, if any. Otherwise, an empty list.

hash_algorithm¶: The HashAlgorithm used when computing this signature.

is_expired¶: True if the signature has an expiration date, and is expired. Otherwise, False

key_algorithm¶: The PubKeyAlgorithm of the key that generated this signature.

key_flags¶: A set of KeyFlags specified in this signature, if any. Otherwise, an empty set.

keyserver¶: The preferred key server specified in this signature, if any. Otherwise, an empty str.

keyserverprefs¶: A list of KeyServerPreferences in this signature, if any. Otherwise, an empty list.

magic¶: The magic string identifier for the current PGP type

notation¶: A dict of notation data in this signature, if any. Otherwise, an empty dict.

policy_uri¶: The policy URI specified in this signature, if any. Otherwise, an empty str.

revocable¶: False if this signature is marked as being not revocable. Otherwise, True.

attested_certifications¶

Returns a set of all the hashes of attested certifications covered by this Attestation Key Signature.

Unhashed subpackets are ignored.

signer¶: The 16-character Key ID of the key that generated this signature.

signer_fingerprint¶: The fingerprint of the key that generated this signature, if it contained. Otherwise, an empty str.

intended_recipients¶: Returns an iterator over all the primary key fingerprints marked as intended encrypted recipients for this signature.

type¶: The SignatureType of this signature.

attests_to(othersig)¶: returns True if this signature attests to othersig (acknolwedges it for redistribution)

parse(packet)¶: this method is too abstract to understand

`PGPUID`¶

class pgpy.PGPUID¶

PGPUID objects represent User IDs and User Attributes for keys.

PGPUID implements the __format__ method for User IDs, returning a string in the format ‘name (comment) <email>’, leaving out any comment or email fields that are not present.

name¶: If this is a User ID, the stored name. If this is not a User ID, this will be an empty string.

comment¶: If this is a User ID, this will be the stored comment. If this is not a User ID, or there is no stored comment, this will be an empty string.,

email¶: If this is a User ID, this will be the stored email address. If this is not a User ID, or there is no stored email address, this will be an empty string.

userid¶: If this is a User ID, this will be the full UTF-8 string. If this is not a User ID, this will be None.

image¶: If this is a User Attribute, this will be the stored image. If this is not a User Attribute, this will be None.

is_primary¶: If the most recent, valid self-signature specifies this as being primary, this will be True. Otherwise, False.

is_uid¶: True if this is a User ID, otherwise False.

is_ua¶: True if this is a User Attribute, otherwise False.

selfsig¶: This will be the most recent, self-signature of this User ID or Attribute. If there isn’t one, this will be None.

signers¶: This will be a set of all of the key ids which have signed this User ID or Attribute.

third_party_certifications¶: A generator returning all third-party certifications

attested_to(certifications)¶: filter certifications, only returning those that have been attested to by the first party

attested_third_party_certifications¶: A generator that provides a list of all third-party certifications attested to by the primary key.

classmethod new(pn, comment='', email='')¶

Create a new User ID or photo.

Parameters:	pn (`bytearray`, `str`, `unicode`) – User ID name, or photo. If this is a `bytearray`, it will be loaded as a photo. Otherwise, it will be used as the name field for a User ID. comment (`str`, `unicode`) – The comment field for a User ID. Ignored if this is a photo. email (`str`, `unicode`) – The email address field for a User ID. Ignored if this is a photo.
Returns:	`PGPUID`

Other Objects¶

These are objects that are returned during certain operations, but are probably not useful to instantiate directly.

`SignatureVerification`¶

class pgpy.types.SignatureVerification¶

Returned by PGPKey.verify()

Can be compared directly as a boolean to determine whether or not the specified signature verified.

good_signatures¶

A generator yielding namedtuples of all signatures that were successfully verified in the operation that returned this instance. The namedtuple has the following attributes:

sigsubj.verified - bool of whether the signature verified successfully or not.

sigsubj.by - the PGPKey that was used in this verify operation.

sigsubj.signature - the PGPSignature that was verified.

sigsubj.subject - the subject that was verified using the signature.

bad_signatures¶

A generator yielding namedtuples of all signatures that were not verified in the operation that returned this instance. The namedtuple has the following attributes:

sigsubj.verified - bool of whether the signature verified successfully or not.

sigsubj.by - the PGPKey that was used in this verify operation.

sigsubj.signature - the PGPSignature that was verified.

sigsubj.subject - the subject that was verified using the signature.

`Fingerprint`¶

class pgpy.types.Fingerprint¶

A subclass of str. Can be compared using == and != to str, unicode, and other Fingerprint instances.

Primarily used as a key for internal dictionaries, so it ignores spaces when comparing and hashing

PGPy 0.5.4 documentation

PGPy API¶

Exceptions¶

`PGPError`¶

`PGPEncryptionError`¶

`PGPDecryptionError`¶

`PGPOpenSSLCipherNotSupported`¶

`PGPInsecureCipher`¶

`WontImplementError`¶

Constants¶

`PubKeyAlgorithm`¶

`EllipticCurveOID`¶

`SymmetricKeyAlgorithm`¶

`CompressionAlgorithm`¶

`HashAlgorithm`¶

`SignatureType`¶

`KeyFlags`¶

`RevocationReason`¶

Classes¶

`PGPKey`¶

`PGPKeyring`¶

`PGPMessage`¶

`PGPSignature`¶

`PGPUID`¶

Other Objects¶

`SignatureVerification`¶

`Fingerprint`¶

Table of Contents

Previous topic

Next topic

This Page

PGPy API¶

Exceptions¶

Constants¶

Classes¶

Other Objects¶

SignatureVerification¶

Fingerprint¶

`SignatureVerification`¶

`Fingerprint`¶