900 lines
27 KiB
Python
900 lines
27 KiB
Python
"""
|
|
This type stub file was generated by pyright.
|
|
"""
|
|
|
|
from typing import Any
|
|
|
|
__version__: str = ...
|
|
__author__: str = ...
|
|
__date__: str = ...
|
|
|
|
class StatusHandler:
|
|
"""
|
|
The base class for handling status messages from `gpg`.
|
|
"""
|
|
|
|
on_data_failure = ...
|
|
def __init__(self, gpg: GPG) -> None:
|
|
"""
|
|
Initialize an instance.
|
|
|
|
Args:
|
|
gpg (GPG): The :class:`GPG` instance in use.
|
|
"""
|
|
...
|
|
|
|
def handle_status(self, key: str, value: str) -> None:
|
|
"""
|
|
Handle status messages from the `gpg` child process. These are lines of the format
|
|
|
|
[GNUPG:] <key> <value>
|
|
|
|
Args:
|
|
key (str): Identifies what the status message is.
|
|
value (str): Identifies additional data, which differs depending on the key.
|
|
"""
|
|
...
|
|
|
|
class Verify(StatusHandler):
|
|
"""
|
|
This class handles status messages during signature verificaton.
|
|
"""
|
|
|
|
TRUST_EXPIRED: int = ...
|
|
TRUST_UNDEFINED: int = ...
|
|
TRUST_NEVER: int = ...
|
|
TRUST_MARGINAL: int = ...
|
|
TRUST_FULLY: int = ...
|
|
TRUST_ULTIMATE: int = ...
|
|
TRUST_LEVELS: dict[str, int] = ...
|
|
GPG_SYSTEM_ERROR_CODES: dict[int, str] = ...
|
|
GPG_ERROR_CODES: dict[int, str] = ...
|
|
returncode = ...
|
|
valid: bool = ...
|
|
fingerprint: str | None = ...
|
|
def __init__(self, gpg: GPG) -> None: ...
|
|
def __nonzero__(self) -> bool: ...
|
|
|
|
__bool__ = ...
|
|
def handle_status(self, key: str, value: str) -> None: ...
|
|
|
|
class ImportResult(StatusHandler):
|
|
"""
|
|
This class handles status messages during key import.
|
|
"""
|
|
|
|
counts = ...
|
|
returncode = ...
|
|
def __init__(self, gpg: GPG) -> None: ...
|
|
def __nonzero__(self) -> bool: ...
|
|
|
|
__bool__ = ...
|
|
ok_reason: dict[str, str] = ...
|
|
problem_reason: dict[str, str] = ...
|
|
def handle_status(self, key: str, value: str) -> None: ...
|
|
def summary(self) -> str:
|
|
"""
|
|
Return a summary indicating how many keys were imported and how many were not imported.
|
|
"""
|
|
...
|
|
|
|
ESCAPE_PATTERN = ...
|
|
BASIC_ESCAPES = ...
|
|
|
|
class SendResult(StatusHandler):
|
|
"""
|
|
This class handles status messages during key sending.
|
|
"""
|
|
|
|
returncode = ...
|
|
def handle_status(self, key: str, value: str) -> None: ...
|
|
|
|
class SearchKeys(StatusHandler, list[dict[Any, Any]]):
|
|
"""
|
|
This class handles status messages during key search.
|
|
"""
|
|
|
|
UID_INDEX = ...
|
|
FIELDS = ...
|
|
returncode = ...
|
|
def __init__(self, gpg: GPG) -> None: ...
|
|
def get_fields(self, args: Any) -> dict[str, Any]:
|
|
"""
|
|
Internal method used to update the instance from a `gpg` status message.
|
|
"""
|
|
...
|
|
|
|
def pub(self, args: Any) -> None:
|
|
"""
|
|
Internal method used to update the instance from a `gpg` status message.
|
|
"""
|
|
...
|
|
|
|
def uid(self, args: Any) -> None:
|
|
"""
|
|
Internal method used to update the instance from a `gpg` status message.
|
|
"""
|
|
...
|
|
|
|
def handle_status(self, key: str, value: str) -> None: ...
|
|
|
|
class ListKeys(SearchKeys):
|
|
"""
|
|
This class handles status messages during listing keys and signatures.
|
|
|
|
Handle pub and uid (relating the latter to the former).
|
|
|
|
We don't care about (info from GnuPG DETAILS file):
|
|
|
|
crt = X.509 certificate
|
|
crs = X.509 certificate and private key available
|
|
uat = user attribute (same as user id except for field 10).
|
|
sig = signature
|
|
rev = revocation signature
|
|
pkd = public key data (special field format, see below)
|
|
grp = reserved for gpgsm
|
|
rvk = revocation key
|
|
"""
|
|
|
|
UID_INDEX = ...
|
|
FIELDS = ...
|
|
fingerprints: list[str] = ...
|
|
def __init__(self, gpg: GPG) -> None: ...
|
|
def key(self, args: Any) -> None:
|
|
"""
|
|
Internal method used to update the instance from a `gpg` status message.
|
|
"""
|
|
...
|
|
sec = ...
|
|
def fpr(self, args: Any) -> None:
|
|
"""
|
|
Internal method used to update the instance from a `gpg` status message.
|
|
"""
|
|
...
|
|
|
|
def grp(self, args: Any) -> None:
|
|
"""
|
|
Internal method used to update the instance from a `gpg` status message.
|
|
"""
|
|
...
|
|
|
|
def sub(self, args: Any) -> None:
|
|
"""
|
|
Internal method used to update the instance from a `gpg` status message.
|
|
"""
|
|
...
|
|
|
|
def ssb(self, args: Any) -> None:
|
|
"""
|
|
Internal method used to update the instance from a `gpg` status message.
|
|
"""
|
|
...
|
|
|
|
def sig(self, args: Any) -> None:
|
|
"""
|
|
Internal method used to update the instance from a `gpg` status message.
|
|
"""
|
|
...
|
|
|
|
class ScanKeys(ListKeys):
|
|
"""
|
|
This class handles status messages during scanning keys.
|
|
"""
|
|
|
|
def sub(self, args: Any) -> None:
|
|
"""
|
|
Internal method used to update the instance from a `gpg` status message.
|
|
"""
|
|
...
|
|
|
|
class TextHandler: ...
|
|
|
|
_INVALID_KEY_REASONS = ...
|
|
|
|
class Crypt(Verify, TextHandler):
|
|
"""
|
|
This class handles status messages during encryption and decryption.
|
|
"""
|
|
|
|
ok: bool = ...
|
|
status: str = ...
|
|
data: bytes = ...
|
|
def __init__(self, gpg: GPG) -> None: ...
|
|
def __nonzero__(self) -> bool: ...
|
|
|
|
__bool__ = ...
|
|
def handle_status(self, key: str, value: str) -> None: ...
|
|
|
|
class GenKey(StatusHandler):
|
|
"""
|
|
This class handles status messages during key generation.
|
|
"""
|
|
|
|
returncode = ...
|
|
def __init__(self, gpg: GPG) -> None: ...
|
|
def __nonzero__(self) -> bool: ...
|
|
|
|
__bool__ = ...
|
|
def __str__(self) -> str: ...
|
|
def handle_status(self, key: str, value: str) -> None: ...
|
|
|
|
class AddSubkey(StatusHandler):
|
|
"""
|
|
This class handles status messages during subkey addition.
|
|
"""
|
|
|
|
returncode = ...
|
|
def __init__(self, gpg: GPG) -> None: ...
|
|
def __nonzero__(self) -> bool: ...
|
|
|
|
__bool__ = ...
|
|
def __str__(self) -> str: ...
|
|
def handle_status(self, key: str, value: str) -> None: ...
|
|
|
|
class ExportResult(GenKey):
|
|
"""
|
|
This class handles status messages during key export.
|
|
"""
|
|
|
|
def handle_status(self, key: str, value: str) -> None: ...
|
|
|
|
class DeleteResult(StatusHandler):
|
|
"""
|
|
This class handles status messages during key deletion.
|
|
"""
|
|
|
|
returncode = ...
|
|
def __init__(self, gpg: GPG) -> None: ...
|
|
def __str__(self) -> str: ...
|
|
|
|
problem_reason = ...
|
|
def handle_status(self, key: str, value: str) -> None: ...
|
|
def __nonzero__(self) -> bool: ...
|
|
|
|
__bool__ = ...
|
|
|
|
class TrustResult(DeleteResult):
|
|
"""
|
|
This class handles status messages during key trust setting.
|
|
"""
|
|
|
|
...
|
|
|
|
class Sign(StatusHandler, TextHandler):
|
|
"""
|
|
This class handles status messages during signing.
|
|
"""
|
|
|
|
returncode = ...
|
|
fingerprint: str | None = ...
|
|
status: str | None = ...
|
|
def __init__(self, gpg: GPG) -> None: ...
|
|
def __nonzero__(self) -> bool: ...
|
|
|
|
__bool__ = ...
|
|
def handle_status(self, key: str, value: str) -> None: ...
|
|
|
|
class AutoLocateKey(StatusHandler):
|
|
"""
|
|
This class handles status messages during key auto-locating.
|
|
fingerprint: str
|
|
key_length: int
|
|
created_at: date
|
|
email: str
|
|
email_real_name: str
|
|
"""
|
|
|
|
def __init__(self, gpg: GPG) -> None: ...
|
|
def handle_status(self, key: str, value: str) -> None: ...
|
|
def pub(self, args: Any) -> None:
|
|
"""
|
|
Internal method to handle the 'pub' status message.
|
|
`pub` message contains the fingerprint of the public key, its type and its creation date.
|
|
"""
|
|
...
|
|
|
|
def uid(self, args: Any) -> None: ...
|
|
def sub(self, args: Any) -> None: ...
|
|
def fpr(self, args: Any) -> None: ...
|
|
|
|
VERSION_RE = ...
|
|
HEX_DIGITS_RE = ...
|
|
PUBLIC_KEY_RE = ...
|
|
|
|
class GPG:
|
|
"""
|
|
This class provides a high-level programmatic interface for `gpg`.
|
|
"""
|
|
|
|
error_map = ...
|
|
encoding: str = ...
|
|
decode_errors: str = ...
|
|
buffer_size = ...
|
|
result_map = ...
|
|
def __init__(
|
|
self,
|
|
gpgbinary: str = ...,
|
|
gnupghome: str | None = ...,
|
|
verbose: bool = ...,
|
|
use_agent: bool = ...,
|
|
keyring: str | list[str] | None = ...,
|
|
options: list[str] | None = ...,
|
|
secret_keyring: str | list[str] | None = ...,
|
|
env: dict[str, str] | None = ...,
|
|
) -> None:
|
|
"""Initialize a GPG process wrapper.
|
|
|
|
Args:
|
|
gpgbinary (str): A pathname for the GPG binary to use.
|
|
|
|
gnupghome (str): A pathname to where we can find the public and private keyrings. The default is
|
|
whatever `gpg` defaults to.
|
|
|
|
keyring (str|list): The name of alternative keyring file to use, or a list of such keyring files. If
|
|
specified, the default keyring is not used.
|
|
|
|
options (list): A list of additional options to pass to the GPG binary.
|
|
|
|
secret_keyring (str|list): The name of an alternative secret keyring file to use, or a list of such
|
|
keyring files.
|
|
|
|
env (dict): A dict of environment variables to be used for the GPG subprocess.
|
|
"""
|
|
...
|
|
|
|
def make_args(self, args: list[str], passphrase: str) -> list[str]:
|
|
"""
|
|
Make a list of command line elements for GPG. The value of ``args``
|
|
will be appended. The ``passphrase`` argument needs to be True if
|
|
a passphrase will be sent to `gpg`, else False.
|
|
|
|
Args:
|
|
args (list[str]): A list of arguments.
|
|
passphrase (str): The passphrase to use.
|
|
"""
|
|
...
|
|
|
|
def is_valid_file(self, fileobj: Any) -> bool:
|
|
"""
|
|
A simplistic check for a file-like object.
|
|
|
|
Args:
|
|
fileobj (object): The object to test.
|
|
Returns:
|
|
bool: ``True`` if it's a file-like object, else ``False``.
|
|
"""
|
|
...
|
|
|
|
def sign(self, message: str | bytes, **kwargs: Any) -> Sign:
|
|
"""
|
|
Sign a message. This method delegates most of the work to the `sign_file()` method.
|
|
|
|
Args:
|
|
message (str|bytes): The data to sign.
|
|
kwargs (dict): Keyword arguments, which are passed to `sign_file()`:
|
|
|
|
* keyid (str): The key id of the signer.
|
|
|
|
* passphrase (str): The passphrase for the key.
|
|
|
|
* clearsign (bool): Whether to use clear signing.
|
|
|
|
* detach (bool): Whether to produce a detached signature.
|
|
|
|
* binary (bool): Whether to produce a binary signature.
|
|
|
|
* output (str): The path to write a detached signature to.
|
|
|
|
* extra_args (list[str]): Additional arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def set_output_without_confirmation(self, args: list[str], output: str) -> None:
|
|
"""
|
|
If writing to a file which exists, avoid a confirmation message by
|
|
updating the *args* value in place to set the output path and avoid
|
|
any cpmfirmation prompt.
|
|
|
|
Args:
|
|
args (list[str]): A list of arguments.
|
|
output (str): The path to the outpur file.
|
|
"""
|
|
...
|
|
|
|
def is_valid_passphrase(self, passphrase: str) -> bool:
|
|
"""
|
|
Confirm that the passphrase doesn't contain newline-type characters - it is passed in a pipe to `gpg`,
|
|
and so not checking could lead to spoofing attacks by passing arbitrary text after passphrase and newline.
|
|
|
|
Args:
|
|
passphrase (str): The passphrase to test.
|
|
|
|
Returns:
|
|
bool: ``True`` if it's a valid passphrase, else ``False``.
|
|
"""
|
|
...
|
|
|
|
def sign_file(
|
|
self,
|
|
fileobj_or_path: Any,
|
|
keyid: str | None = ...,
|
|
passphrase: str | None = ...,
|
|
clearsign: bool = ...,
|
|
detach: bool = ...,
|
|
binary: bool = ...,
|
|
output: str | None = ...,
|
|
extra_args: list[str] | None = ...,
|
|
) -> Sign:
|
|
"""
|
|
Sign data in a file or file-like object.
|
|
|
|
Args:
|
|
fileobj_or_path (str|file): The file or file-like object to sign.
|
|
|
|
keyid (str): The key id of the signer.
|
|
|
|
passphrase (str): The passphrase for the key.
|
|
|
|
clearsign (bool): Whether to use clear signing.
|
|
|
|
detach (bool): Whether to produce a detached signature.
|
|
|
|
binary (bool): Whether to produce a binary signature.
|
|
|
|
output (str): The path to write a detached signature to.
|
|
|
|
extra_args (list[str]): Additional arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def verify(self, data: str | bytes, **kwargs: Any) -> Verify:
|
|
"""
|
|
Verify the signature on the contents of the string *data*. This method delegates most of the work to
|
|
`verify_file()`.
|
|
|
|
Args:
|
|
data (str|bytes): The data to verify.
|
|
kwargs (dict): Keyword arguments, which are passed to `verify_file()`:
|
|
|
|
* fileobj_or_path (str|file): A path to a signature, or a file-like object containing one.
|
|
|
|
* data_filename (str): If the signature is a detached one, the path to the data that was signed.
|
|
|
|
* close_file (bool): If a file-like object is passed in, whether to close it.
|
|
|
|
* extra_args (list[str]): Additional arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def verify_file(
|
|
self,
|
|
fileobj_or_path: Any,
|
|
data_filename: str | None = ...,
|
|
close_file: bool = ...,
|
|
extra_args: list[str] | None = ...,
|
|
) -> Verify:
|
|
"""
|
|
Verify a signature.
|
|
|
|
Args:
|
|
fileobj_or_path (str|file): A path to a signature, or a file-like object containing one.
|
|
|
|
data_filename (str): If the signature is a detached one, the path to the data that was signed.
|
|
|
|
close_file (bool): If a file-like object is passed in, whether to close it.
|
|
|
|
extra_args (list[str]): Additional arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def verify_data(
|
|
self, sig_filename: str, data: str | bytes, extra_args: list[str] | None = ...
|
|
) -> Verify:
|
|
"""
|
|
Verify the signature in sig_filename against data in memory
|
|
|
|
Args:
|
|
sig_filename (str): The path to a signature.
|
|
|
|
data (str|bytes): The data to be verified.
|
|
|
|
extra_args (list[str]): Additional arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def import_keys(
|
|
self,
|
|
key_data: str | bytes,
|
|
extra_args: list[str] | None = ...,
|
|
passphrase: str | None = ...,
|
|
) -> ImportResult:
|
|
"""
|
|
Import the key_data into our keyring.
|
|
|
|
Args:
|
|
key_data (str|bytes): The key data to import.
|
|
|
|
passphrase (str): The passphrase to use.
|
|
|
|
extra_args (list[str]): Additional arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def import_keys_file(self, key_path: str, **kwargs: Any) -> ImportResult:
|
|
"""
|
|
Import the key data in key_path into our keyring.
|
|
|
|
Args:
|
|
key_path (str): A path to the key data to be imported.
|
|
"""
|
|
...
|
|
|
|
def recv_keys(self, keyserver: str, *keyids: str, **kwargs: Any) -> ImportResult:
|
|
"""
|
|
Import one or more keys from a keyserver.
|
|
|
|
Args:
|
|
keyserver (str): The key server hostname.
|
|
|
|
keyids (str): A list of key ids to receive.
|
|
"""
|
|
...
|
|
|
|
def send_keys(self, keyserver: str, *keyids: str, **kwargs: Any) -> SendResult:
|
|
"""
|
|
Send one or more keys to a keyserver.
|
|
|
|
Args:
|
|
keyserver (str): The key server hostname.
|
|
|
|
keyids (list[str]): A list of key ids to send.
|
|
"""
|
|
...
|
|
|
|
def delete_keys(
|
|
self,
|
|
fingerprints: str | list[str],
|
|
secret: bool = ...,
|
|
passphrase: str | None = ...,
|
|
expect_passphrase: bool = ...,
|
|
exclamation_mode: bool = ...,
|
|
) -> DeleteResult:
|
|
"""
|
|
Delete the indicated keys.
|
|
|
|
Args:
|
|
fingerprints (str|list[str]): The keys to delete.
|
|
|
|
secret (bool): Whether to delete secret keys.
|
|
|
|
passphrase (str): The passphrase to use.
|
|
|
|
expect_passphrase (bool): Whether a passphrase is expected.
|
|
|
|
exclamation_mode (bool): If specified, a `'!'` is appended to each fingerprint. This deletes only a subkey
|
|
or an entire key, depending on what the fingerprint refers to.
|
|
|
|
.. note:: Passphrases
|
|
|
|
Since GnuPG 2.1, you can't delete secret keys without providing a passphrase. However, if you're expecting
|
|
the passphrase to go to `gpg` via pinentry, you should specify expect_passphrase=False. (It's only checked
|
|
for GnuPG >= 2.1).
|
|
"""
|
|
...
|
|
|
|
def export_keys(
|
|
self,
|
|
keyids: str | list[str],
|
|
secret: bool = ...,
|
|
armor: bool = ...,
|
|
minimal: bool = ...,
|
|
passphrase: str | None = ...,
|
|
expect_passphrase: bool = ...,
|
|
output: str | None = ...,
|
|
) -> ExportResult:
|
|
"""
|
|
Export the indicated keys. A 'keyid' is anything `gpg` accepts.
|
|
|
|
Args:
|
|
keyids (str|list[str]): A single keyid or a list of them.
|
|
|
|
secret (bool): Whether to export secret keys.
|
|
|
|
armor (bool): Whether to ASCII-armor the output.
|
|
|
|
minimal (bool): Whether to pass `--export-options export-minimal` to `gpg`.
|
|
|
|
passphrase (str): The passphrase to use.
|
|
|
|
expect_passphrase (bool): Whether a passphrase is expected.
|
|
|
|
output (str): If specified, the path to write the exported key(s) to.
|
|
|
|
.. note:: Passphrases
|
|
|
|
Since GnuPG 2.1, you can't export secret keys without providing a passphrase. However, if you're expecting
|
|
the passphrase to go to `gpg` via pinentry, you should specify expect_passphrase=False. (It's only checked
|
|
for GnuPG >= 2.1).
|
|
"""
|
|
...
|
|
|
|
def list_keys(
|
|
self, secret: bool = ..., keys: str | list[str] | None = ..., sigs: bool = ...
|
|
) -> ListKeys:
|
|
"""
|
|
List the keys currently in the keyring.
|
|
|
|
Args:
|
|
secret (bool): Whether to list secret keys.
|
|
|
|
keys (str|list[str]): A list of key ids to match.
|
|
|
|
sigs (bool): Whether to include signature information.
|
|
|
|
Returns:
|
|
list[dict]: A list of dictionaries with key information.
|
|
"""
|
|
...
|
|
|
|
def scan_keys(self, filename: str) -> ScanKeys:
|
|
"""
|
|
List details of an ascii armored or binary key file without first importing it to the local keyring.
|
|
|
|
Args:
|
|
filename (str): The path to the file containing the key(s).
|
|
|
|
.. warning:: Warning:
|
|
Care is needed. The function works on modern GnuPG by running:
|
|
|
|
$ gpg --dry-run --import-options import-show --import filename
|
|
|
|
On older versions, it does the *much* riskier:
|
|
|
|
$ gpg --with-fingerprint --with-colons filename
|
|
"""
|
|
...
|
|
|
|
def scan_keys_mem(self, key_data: str | bytes) -> ScanKeys:
|
|
"""
|
|
List details of an ascii armored or binary key without first importing it to the local keyring.
|
|
|
|
Args:
|
|
key_data (str|bytes): The key data to import.
|
|
|
|
.. warning:: Warning:
|
|
Care is needed. The function works on modern GnuPG by running:
|
|
|
|
$ gpg --dry-run --import-options import-show --import filename
|
|
|
|
On older versions, it does the *much* riskier:
|
|
|
|
$ gpg --with-fingerprint --with-colons filename
|
|
"""
|
|
...
|
|
|
|
def search_keys(
|
|
self, query: str, keyserver: str = ..., extra_args: list[str] | None = ...
|
|
) -> SearchKeys:
|
|
"""
|
|
search a keyserver by query (using the `--search-keys` option).
|
|
|
|
Args:
|
|
query(str): The query to use.
|
|
|
|
keyserver (str): The key server hostname.
|
|
|
|
extra_args (list[str]): Additional arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def auto_locate_key(
|
|
self, email: str, mechanisms: list[str] | None = ..., **kwargs: Any
|
|
) -> AutoLocateKey:
|
|
"""
|
|
Auto locate a public key by `email`.
|
|
|
|
Args:
|
|
email (str): The email address to search for.
|
|
mechanisms (list[str]): A list of mechanisms to use. Valid mechanisms can be found
|
|
here https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Options.html
|
|
under "--auto-key-locate". Default: ['wkd', 'ntds', 'ldap', 'cert', 'dane', 'local']
|
|
"""
|
|
...
|
|
|
|
def gen_key(self, input: str) -> GenKey:
|
|
"""
|
|
Generate a key; you might use `gen_key_input()` to create the input.
|
|
|
|
Args:
|
|
input (str): The input to the key creation operation.
|
|
"""
|
|
...
|
|
|
|
def gen_key_input(self, **kwargs: Any) -> str:
|
|
"""
|
|
Generate `--gen-key` input (see `gpg` documentation in DETAILS).
|
|
|
|
Args:
|
|
kwargs (dict): A list of keyword arguments.
|
|
Returns:
|
|
str: A string suitable for passing to the `gen_key()` method.
|
|
"""
|
|
...
|
|
|
|
def add_subkey(
|
|
self,
|
|
master_key: str,
|
|
master_passphrase: str | None = ...,
|
|
algorithm: str = ...,
|
|
usage: str = ...,
|
|
expire: str = ...,
|
|
) -> AddSubkey:
|
|
"""
|
|
Add subkeys to a master key,
|
|
|
|
Args:
|
|
master_key (str): The master key.
|
|
|
|
master_passphrase (str): The passphrase for the master key.
|
|
|
|
algorithm (str): The key algorithm to use.
|
|
|
|
usage (str): The desired uses for the subkey.
|
|
|
|
expire (str): The expiration date of the subkey.
|
|
"""
|
|
...
|
|
|
|
def encrypt_file(
|
|
self,
|
|
fileobj_or_path: Any,
|
|
recipients: str | list[str],
|
|
sign: str | None = ...,
|
|
always_trust: bool = ...,
|
|
passphrase: str | None = ...,
|
|
armor: bool = ...,
|
|
output: str | None = ...,
|
|
symmetric: bool = ...,
|
|
extra_args: list[str] | None = ...,
|
|
) -> Crypt:
|
|
"""
|
|
Encrypt data in a file or file-like object.
|
|
|
|
Args:
|
|
fileobj_or_path (str|file): A path to a file or a file-like object containing the data to be encrypted.
|
|
|
|
recipients (str|list): A key id of a recipient of the encrypted data, or a list of such key ids.
|
|
|
|
sign (str): If specified, the key id of a signer to sign the encrypted data.
|
|
|
|
always_trust (bool): Whether to always trust keys.
|
|
|
|
passphrase (str): The passphrase to use for a signature.
|
|
|
|
armor (bool): Whether to ASCII-armor the output.
|
|
|
|
output (str): A path to write the encrypted output to.
|
|
|
|
symmetric (bool): Whether to use symmetric encryption,
|
|
|
|
extra_args (list[str]): A list of additional arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def encrypt(
|
|
self, data: str | bytes, recipients: str | list[str], **kwargs: Any
|
|
) -> Crypt:
|
|
"""
|
|
Encrypt the message contained in the string *data* for *recipients*. This method delegates most of the work to
|
|
`encrypt_file()`.
|
|
|
|
Args:
|
|
data (str|bytes): The data to encrypt.
|
|
|
|
recipients (str|list[str]): A key id of a recipient of the encrypted data, or a list of such key ids.
|
|
|
|
kwargs (dict): Keyword arguments, which are passed to `encrypt_file()`:
|
|
* sign (str): If specified, the key id of a signer to sign the encrypted data.
|
|
|
|
* always_trust (bool): Whether to always trust keys.
|
|
|
|
* passphrase (str): The passphrase to use for a signature.
|
|
|
|
* armor (bool): Whether to ASCII-armor the output.
|
|
|
|
* output (str): A path to write the encrypted output to.
|
|
|
|
* symmetric (bool): Whether to use symmetric encryption,
|
|
|
|
* extra_args (list[str]): A list of additional arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def decrypt(self, message: str | bytes, **kwargs: Any) -> Crypt:
|
|
"""
|
|
Decrypt the data in *message*. This method delegates most of the work to
|
|
`decrypt_file()`.
|
|
|
|
Args:
|
|
message (str|bytes): The data to decrypt. A default key will be used for decryption.
|
|
|
|
kwargs (dict): Keyword arguments, which are passed to `decrypt_file()`:
|
|
|
|
* always_trust: Whether to always trust keys.
|
|
|
|
* passphrase (str): The passphrase to use.
|
|
|
|
* output (str): If specified, the path to write the decrypted data to.
|
|
|
|
* extra_args (list[str]): A list of extra arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def decrypt_file(
|
|
self,
|
|
fileobj_or_path: Any,
|
|
always_trust: bool = ...,
|
|
passphrase: str | None = ...,
|
|
output: str | None = ...,
|
|
extra_args: list[str] | None = ...,
|
|
) -> Crypt:
|
|
"""
|
|
Decrypt data in a file or file-like object.
|
|
|
|
Args:
|
|
fileobj_or_path (str|file): A path to a file or a file-like object containing the data to be decrypted.
|
|
|
|
always_trust: Whether to always trust keys.
|
|
|
|
passphrase (str): The passphrase to use.
|
|
|
|
output (str): If specified, the path to write the decrypted data to.
|
|
|
|
extra_args (list[str]): A list of extra arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def get_recipients(self, message: str | bytes, **kwargs: Any) -> list[str]:
|
|
"""Get the list of recipients for an encrypted message. This method delegates most of the work to
|
|
`get_recipients_file()`.
|
|
|
|
Args:
|
|
message (str|bytes): The encrypted message.
|
|
|
|
kwargs (dict): Keyword arguments, which are passed to `get_recipients_file()`:
|
|
|
|
* extra_args (list[str]): A list of extra arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def get_recipients_file(
|
|
self, fileobj_or_path: Any, extra_args: list[str] | None = ...
|
|
) -> list[str]:
|
|
"""
|
|
Get the list of recipients for an encrypted message in a file or file-like object.
|
|
|
|
Args:
|
|
fileobj_or_path (str|file): A path to a file or file-like object containing the encrypted data.
|
|
|
|
extra_args (list[str]): A list of extra arguments to pass to `gpg`.
|
|
"""
|
|
...
|
|
|
|
def trust_keys(self, fingerprints: str | list[str], trustlevel: str) -> TrustResult:
|
|
"""
|
|
Set the trust level for one or more keys.
|
|
|
|
Args:
|
|
fingerprints (str|list[str]): A key id for which to set the trust level, or a list of such key ids.
|
|
|
|
trustlevel (str): The trust level. This is one of the following.
|
|
|
|
* ``'TRUST_EXPIRED'``
|
|
* ``'TRUST_UNDEFINED'``
|
|
* ``'TRUST_NEVER'``
|
|
* ``'TRUST_MARGINAL'``
|
|
* ``'TRUST_FULLY'``
|
|
* ``'TRUST_ULTIMATE'``
|
|
"""
|
|
...
|