How to prevent passphrase-caching from within a gpgme-based Python script?

Kynn Jones kynnjo at gmail.com
Fri Apr 12 13:12:18 CEST 2019 

Hi everyone!

The following short Python script takes three command-line arguments: a
passphrase, an input path, and an output path.  Then it uses the passphrase
to decrypt the contents of the input path, and puts the decrypted content
in the output path.

    from gpg import Context
    import sys

    pp = sys.argv[1]    # passphrase
    enc = sys.argv[2]   # input file (assumed to be encrypted)
    dec = sys.argv[3]   # output file

    with open(enc, 'rb') as reader, open(dec, 'wb') as writer, Context() as
ctx:

        try:

            ctx.decrypt(reader, sink=writer, passphrase=pp)

        except Exception as e:
            print(str(e), file=sys.stderr)


This decryption works fine, as long as the correct passphrase is provided,
but it apparently results in the caching of such correct passphrase, so
that any subsequent decryption attempts succeed irrespective of the
passphrase one provides.  (I give a fuller illustration of what I mean at
the end of this post, together with version details.)

Clearly, there's some passphrase caching going on, but I don't really
understand the details.

What I want to know is: how can I modify the Python script so that it
disables the caching of passphrases?  Note that I am not interested in how
to disable passphrase caching outside of the script!  I want the script to
disable passphrase caching autonomously.  Is that possible?

Thank you in advance!

kj

P.S. Here's a detailed example of what I alluded to in my post.  The script
./demo.py is the one whose source I listed above.  IMPORTANT: the code
given below behaved as shown only when I executed it from the command
line.  If I put in a file and execute it (or source it) as a script, then
all decryptions with the wrong passphrase fail, irrespective of any prior
successful decryptions with the correct passphrase.

    # Prologue: preparation

    # First, define some variables

    % ORIGINAL=/tmp/original.txt
    % ENCRYPTED=/tmp/encrypted.gpg
    % DECRYPTED=/tmp/decrypted.txt
    % PASSPHRASE=yowzayowzayowza

    # Next, create a cleartext original:

    % echo 'Cool story, bro!' > "$ORIGINAL"

    # Next, encrypt the original using /usr/bin/gpg

    % rm -f "$ENCRYPTED"
    % /usr/bin/gpg --batch --symmetric --cipher-algo=AES256
--compress-algo=zlib --passphrase="$PASSPHRASE" --output="$ENCRYPTED"
"$ORIGINAL"

    # Confirm encryption

    % od -c "$ENCRYPTED"
    0000000 214  \r 004  \t 003 002 306 366   ^ 236   5 250   a   b 361 322
    0000020   X 001 263 332 302 250 027 300 222 271 345 235 027   E   K 302
    0000040 306   - 346 372 324   o   6 304  \a   "   9 270   ~ 307 361 302
    0000060 227 267  \f   ` 003   & 203 317 212   ^   1 240 267 234 321   '
    0000100 361 363 277  \v   :  \f   6 366 036 224   R 370   E 033  \r 261
    0000120   9 026 337   2 363 206 017 251 027   U   A 377 336 023 217 025
    0000140   p 333   ; 257   b 223 223   G   <
    0000151


    # Now, the demonstration proper.

    # Initially, decryption with the wrong passphrase fails:

    % rm -f "$DECRYPTED"
    % python ./demo.py "certainly the wrong $PASSPHRASE" "$ENCRYPTED"
"$DECRYPTED"
    gpgme_op_decrypt_verify: GPGME: Decryption failed


    # Decryption with the right passphrase succeeds:

    % rm -f "$DECRYPTED"
    % python ./demo.py "$PASSPHRASE" "$ENCRYPTED" "$DECRYPTED"
    % od -c "$DECRYPTED"
    0000000   C   o   o   l       s   t   o   r   y   ,       b   r   o   !
    0000020  \n
    0000021


    # After the first successful decryption with the right
    # passphrase, decryption with the wrong passphrase always
    # succeeds:

    % rm -f "$DECRYPTED"
    % python ./demo.py "certainly the wrong $PASSPHRASE" "$ENCRYPTED"
"$DECRYPTED"
    % od -c "$DECRYPTED"
    0000000   C   o   o   l       s   t   o   r   y   ,       b   r   o   !
    0000020  \n
    0000021


    # Some relevant version info

    % python -c 'import gpg; print((gpg.version.versionstr,
gpg.version.gpgme_versionstr))'
    ('1.10.0', '1.8.0')

    % gpg --version
    gpg (GnuPG) 2.1.18
    libgcrypt 1.7.6-beta
    Copyright (C) 2017 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <
https://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Home: /home/kj146/.gnupg
    Supported algorithms:
    Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
    Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
            CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compression: Uncompressed, ZIP, ZLIB, BZIP2

    % python --version
    Python 3.5.3

    % uname -ar
    Linux parakeet 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30)
x86_64 GNU/Linux
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190412/ba437641/attachment.html>

More information about the Gnupg-users mailing list