Skip to main content

Using PGPy to encrypt and decrypt files and messages

 PGPy is a library for python that enables the creation, storage, and encryption/decryption of PGP keys and files in python. Recently, in a small project to reacquaint myself with python, I used PGPy for key generation and encryption and decryption. That project can be found in my github at The goal of the project was to use command-line switches to control the program, and to provide basic encryption and decryption capabilities, along with rot13 and base64 encoding. 

First, to load in a key use key, _ = pgpy.PGPKey.from_file(keyfilename). This loads the key from either a binary or ASCII armored file. You can swap out .from_file for .from_blob, if you plan on using a key stored in a string or bytes object rather than a file. In my example code, I pull the key from a file, as I found it to be the simpler method. 

Next, you'll need to open a file or create a string or bytes object that contains the message you wish to encrypt. We'll call this file_message. To open a message from a file, you will want to do something like this, file_message =, file=True). This will create a PGPMessage object called file_message. You can also import from a string or bytes object string_message ="string or string object here"). To encrypt this message, encrypted_file_message = key.encrypt(file_message). This uses the key we opened early to encrypt the file or message. This will give an error if a private key is loaded, so make sure that the key object is loaded with a public key.  Outputting this is easy enough, output_file.write(str(encrypted_file_message). This will convert the encrypted message to a string, and store it inside a file. I recommend writing to PGP files.

To decrypt this message, make sure that the key you have open is the matching private key to the public key that was used to encrypt the original message. To open the encrypted message, encrypted_message = pgpy.PGPMessage.from_file(encrypted_message_file_location). This opens the encrypted message file we made earlier as a PGPMessage object. You can also run this with .from_blob and use a string or bytes object. 

Now that the encrypted message is open, we need to decrypt it. We can decrypt it using key.decrypt. decrypted_message = key.decrypt(encrypted_message). This creates a new object containing the decrypted message. This cannot be written directly to a file, as it is still an encrypted object. To get the decrypted message from the object, we need to use decrypted_message.message. This will give us access to the decrypted message. It sounds a bit silly, but this took me ages to figure out. Fully written out, this looks like str_decrypted_message = decrypted_message.message. To write this to a file, we do output_file.write(str_decrypted_message). I believe you could do output_file.write(decrypted_message.message), but I didn't do this myself.

More info on PGPy can be found on their website,


Popular posts from this blog

Frag Attacks - A critical Wifi vulnerability

Wifi fragmentation and aggregation attacks (FragAttacks) are a new collection of vulnerabilities in which a threat actor can exfiltrate data or attack victims within radio range. Mathy Vanhoef, a postdoctoral researcher at New York University Abu Dhabi, recently published his paper, Fragment and Forge: Breaking Wi-Fi through Frame Aggregation and Fragmentation , detailing several attack vectors and examining the intricacies of the aggregation vulnerabilities that have been part of the 802.11 standards since the inception in 1997.  Quite interestingly, every device tested was susceptible to one or more of the FragAttacks. While several 802.11 standards make these attacks harder to perform, they can be executed on all devices across all standards. It's a good thing then, that there was a nine-month embargo on information related to these attacks, allowing manufacturers to provide security updates to affected devices. Mathy Vanhoef has also created a website documenting the FragAttack

Examining RFC 791

 This will be the start of several posts that will examine the RFC 791 documentation. RFC 791 covers the Internet Protocol and provides an introduction, overview, and specifications of the protocol. For this post, we'll be reviewing the introduction, as well as outlining some key terminology needed to understand the protocol. This review will be somewhat limited, and may not be overly technical, but it should provide a decent overview of the Internet Protocol.  To start, we'll cover the "who", the "why", and the "how's" of IP and give a small background on the history of the protocol.  We will also cover the basics of packet switching networks, the OSI and TCP/IP, and the structure of Internet datagrams. Hopefully, by the end of this post, you will be able to understand what these concepts are and how they fit into the Internet Protocol, as well as other protocols and standards.  The document we will be examining is RFC 791, this is not the fir