gpg#

Core function to encrypt and decrypt message with gpg

async idem_core_functions.exec.core.encryption.gpg.encrypt(hub, data: str, recipients: List[str] = [], sign: str = None, always_trust: bool = False, passphrase: str = None, armor: bool = True, output: str = None, symmetric: bool | str = False, extra_args: List[str] = None, public_key: str = None) Dict[str, Any][source]#

Encrypt the message contained in the string ‘data’.

Parameters:

  • data (str) – The data or message that needs to be encrypted.

  • recipients (list[str], Optional) – A list of key fingerprints for recipients.

  • sign (str, Optional) – Either the Boolean value True, or the fingerprint of a key which is used to sign the encrypted data.

  • always_trust (bool, Optional) – Skip key validation and assume that used keys are always fully trusted.

  • passphrase (str, Optional) – A passphrase to use when accessing the keyrings.

  • armor (bool, Optional) – Whether to use ASCII armor. If False, binary data is produced.

  • output (str, Optional) – The name of an output file to write to.

  • symmetric (Union[bool, str], Optional) – If specified, symmetric encryption is used. In this case, specify recipients as None. If True is specified, then the default cipher algorithm (CAST5) is used. The cipher-algorithm to use (for example, ‘AES256’) can also be specified.

  • extra_args (list[str], Optional) – A list of additional arguments to pass to the gpg executable. For example, Pass extra_args=[‘-z’, ‘0’] to disable compression

  • public_key (str, Optional) – Public key of the recipient. This public key will be imported and trusted, if not already.

Returns:

{"result": True|False, "comment": list, "ret": None|dict}

Examples

Calling this exec module function from the cli

idem exec core.encryption.gpg.encrypt data=test-data-for-encryption

Using in a state:

Idem-state-name:
  exec.run:
    - path: core.encryption.gpg.encrypt
    - kwargs:
        data: test-data-for-encryption
async idem_core_functions.exec.core.encryption.gpg.decrypt(hub, message: str, always_trust: bool = False, passphrase: str = None, output: str = None, extra_args: List[str] = None, private_key: str = None) Dict[str, Any][source]#

Decrypt the message.

Parameters:

  • message (str) – The encrypted message.

  • always_trust (bool, Optional) – Skip key validation and assume that used keys are always fully trusted.

  • passphrase (str, Optional) – A passphrase to use when accessing the keyrings.

  • output (str, Optional) – The name of an output file to write to.

  • extra_args (list[str], Optional) – A list of additional arguments to pass to the gpg executable.

  • private_key (str, Optional) – The private key of the recipient for decryption. This private key will be imported and trusted, if not already.

Returns:

{"result": True|False, "comment": list, "ret": None|dict}

Examples

Calling this exec module function from the cli

idem exec core.encryption.gpg.decrypt message="This is for decryption test" passphrase="test"

Using in a state:

Idem-state-name:
  exec.run:
    - path: core.encryption.gpg.decrypt
    - kwargs:
        message: This is for decryption test
        passphrase: test