I am writing software to retrieve encrypted files, decrypt them and populate a data lake on AWS S3 with the information contained in them on a scheduled basis. The files are encrypted with a GPG key and we are using the pygpgme (https://launchpad.net/pygpgme) package for cryptography. I am on a Mac, I have GPG 2.2.16 and pygpgme 0.3 installed.
The private key we use to decrypt the files has a passphrase.
I've tried multiple techniques/suggestions I've found online, including:
- http://www.topdog.za.net/2012/05/23/python-modules-you-should-know:-pygpgme/
- trying to change the
Context().pinentry_modeparameter, which seems to not exist in my version ofpygpgme - trying to add parameters to
{GNUPGHOME}/gpg.conf:- batch
- use-agent
None disable the prompt.
Here is the code I use for assigning the passphrase callback:
ctx.passphrase_cb = \
lambda uid_hint, passphrase_info, prev_was_bad, fd: os.write(
fd, b'{}\\n'.format(EQF_PASSPHRASE)
)
Here is my gpg.conf:
# don't prompt for a password!
batch
# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to
# the agent before it asks for a passphrase.
use-agent
Nonetheless, I get a prompt asking for a passphrase in the command line every time I run the service. How can I make the software use the callback I provide?
After hours of tinkering around, I've made it work using the following configuration at
{GNUPGHOME}/gpg.conf:I can the use
passphrase_cbin the Python code as intended.Hope this helps!