Simple symmetric GPG file encryption and decryption

1.4.1 · maintenance · verified Mon Apr 13

The `crypto` library provides a simple command-line interface for symmetric Gnu Privacy Guard (gpg) encryption and decryption of one or more files on Unix and Linux platforms. It acts as a wrapper around the external `gpg` command-line tool. Encryption is performed using the AES256 cipher algorithm. The current version is 1.4.1. While the GitHub repository shows some minor activity, the last PyPI release was in 2015, indicating a low maintenance or stable (feature-complete but not actively developed) status for this specific Python package.

Warnings

gotcha This `crypto` library is a command-line wrapper around GPG for file encryption/decryption, NOT a general-purpose Python cryptography library. For robust, general-purpose cryptographic primitives (e.g., hash functions, symmetric/asymmetric encryption, TLS), consider using `cryptography` or `PyCryptodome` instead.
Fix: Evaluate your actual cryptographic needs. If you require programmatic access to low-level crypto primitives or a modern, actively maintained library, use `cryptography` or `PyCryptodome`. If you specifically need to interact with `gpg` from Python, `python-gnupg` might be a more suitable library.
deprecated The name `crypto` is ambiguous and can be easily confused with the *deprecated and insecure* `PyCrypto` library. `PyCrypto` is unmaintained and contains known security vulnerabilities. Ensure you are installing `chrissimpkins/crypto` if that is your intention, but be aware of the naming collision.
Fix: Always verify the source and purpose of a cryptographic library. For new projects, prefer `cryptography` or `PyCryptodome` which are actively maintained and clearly distinguish themselves.
gotcha The `crypto` library requires the external `gpg` (Gnu Privacy Guard) command-line tool to be installed and configured on the operating system where it is run. It will not function without a working `gpg` installation.
Fix: Install `gpg` on your operating system (e.g., `brew install gpg` on macOS, `sudo apt-get install gnupg` on Debian/Ubuntu) and ensure it's accessible in your system's PATH.
gotcha The last PyPI release of `crypto` (v1.4.1) was in May 2015. While the tool might be stable for its specific purpose, the lack of recent updates for a security-sensitive domain implies it may not incorporate the latest security best practices or address newly discovered vulnerabilities in its implementation or interaction with `gpg`.
Fix: For critical applications, assess the risks of using an un-updated library for encryption. Consider alternatives like `cryptography` or `PyCryptodome` which have active development and regular security updates. If using `chrissimpkins/crypto`, ensure your underlying `gpg` installation is kept up-to-date independently.

Install

pip install crypto Install via pip
brew install gpg # For macOS sudo apt-get install gnupg # For Debian/Ubuntu System-level GPG installation (required)

Imports

Not typically imported programmatically

This library is primarily designed for command-line use via the `crypto` and `decrypto` executables. It does not expose a commonly used Python API for direct import and programmatic encryption/decryption within other Python code.

Quickstart

This quickstart demonstrates how to use the `crypto` library via its command-line interface from within a Python script using `subprocess`. It encrypts a temporary file and then decrypts it to standard output. Note that `gpg` must be installed on your system, and the `crypto` and `decrypto` commands must be in your system's PATH. You will be prompted for a passphrase by `gpg` during execution.

import subprocess
import os

# Create a dummy file for encryption
with open('secret_message.txt', 'w') as f:
    f.write('This is a highly sensitive secret!')

print('Encrypting secret_message.txt...')
# Encrypt the file using the 'crypto' command-line tool
# The user will be prompted for a passphrase in the terminal
encrypt_process = subprocess.run(['crypto', 'secret_message.txt'], capture_output=True, text=True)
print(encrypt_process.stdout)
if encrypt_process.stderr:
    print('Encryption Error:', encrypt_process.stderr)

# Check if the encrypted file exists (usually .gpg or .crypt extension)
encrypted_file_exists = False
for f in os.listdir('.'):
    if f.startswith('secret_message.txt.') and (f.endswith('.gpg') or f.endswith('.crypt')):
        encrypted_file = f
        encrypted_file_exists = True
        break

if encrypted_file_exists:
    print(f'File encrypted to {encrypted_file}. Now attempting decryption...')
    # Decrypt the file using the 'decrypto' command-line tool to standard output
    # The user will be prompted for the passphrase again
    decrypt_process = subprocess.run(['decrypto', '--stdout', encrypted_file], capture_output=True, text=True)
    if decrypt_process.stderr:
        print('Decryption Error:', decrypt_process.stderr)
    else:
        print('Decrypted Content:', decrypt_process.stdout.strip())

# Clean up dummy files
if os.path.exists('secret_message.txt'):
    os.remove('secret_message.txt')
if encrypted_file_exists and os.path.exists(encrypted_file):
    os.remove(encrypted_file)

view raw JSON →