我在尝试使用 AWS lambda 中的 gnupg 加密文件时遇到问题。 我得到的错误:
gpg returned a non-zero error code: 2
所以我有一个 lambda 函数的 ECR 映像,其中包含 gnupg 的二进制文件,我可以使用 S3 存储桶中的事件触发 lambda,以便 lambda 加密该文件并放入另一个 S3 存储桶文件夹中。
对于公钥,我将字符串文件存储在秘密管理器中,格式如下:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGUowL8BDADUvYGdRKKn4j4ORdZ8q6GDtAJ3rVi0dxoM9HzY4MVtSB4NeFGr
/s+1BlqCnOV3p7Eg/jVf/PfAcr49P0g9rBlqMTbhBPG8ter+m3FrtvJ0iPcfhERD
umTWmWO1WFE4d+NhTQY8MXC7Jv2170/kU7TRZ9SkxSzvv/lktoqsiGZ3G91y2Hom
8iHWzVwGiM/BMjH33SPaCZNG885URYPSw8CJliC4HesTU0L/Zs0f/kLVOhj3Q8oz
EsyPapRJdMZil7QM1FtiXVqyJM9Cq4z2x0GbyUcxUkzhBBsEYzmuVgVsm1ksyqEN
ZkaXxonhV4cSFJDBJ+ffpZQR7QlpAsh8JNRYsuSD2nCADE//zreLHPr7mRKHbnk/
5GMNyL/Xvj0feQfj/KSpyd3nqFPLzbTts88I4HKb8YzoJ3efwnZTcV41rffy+Sca
cYngMEConQ4DiWqoIASmVEdi0SWzWqKx37g9YgzB3GzETtWLEZxzXOtOUzlfPGlw
LThgYpP9Vq+6cQUAEQEAAbQeYW5keSBwaGFtIDxhbmR5cGhhbUBnbWFpbC5jb20+
iQHUBBMBCgA+FiEE1DZISCCJ3amO+qOU30T6iI8+tN8FAmUowL8CGwMFCQPCZwAF
CwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ30T6iI8+tN9kSwwAtpXPZIL8CUic
lODyq4e0LSo7eMOg9gadCKpJFgzDNtQdqD0Z1Dyz7jIYaYI8ZXk2b73G6onsLZPD
KA710JBE6lXPvM4Zyjv2ewwVn2kFtyi2RRD/3AQASl3C3NEarOTEYUSRxfBz85WD
5ssj3Zlzz1KEyYdA8HF/AmL/iLX+90HH/mTWjTI0gYULmYHK+dNJ5mC54J+z1EZ3
EQHLbk3AgXoEfJTTtNIobtIG4FvisWN+6L734vU/inpeyvAExZ4vschTuGY4xe7b
qgbgqfajwzckitGMeV1KGNvaCmpMb8L3qE7JPPoLHFNtV8BofMn1sM82woG3TDCS
uHxlxn5wwFrzmvnJ7y1D7DHqCW9FchFjfV2alkX4yttN1QVTpeXBIgSu5hlbmGLm
ZmsRg2itQACjrNqLwRObtHxY8qc3K9tMg0UVSDcGWFxSvrPzHMmDWufCIEd1ZYbC
jtKIa1mT9IjrET+i5EiWq3Jp4duWAEnLuCsgj35wyE8LDf6H7mOPuQGNBGUowL8B
DAC4jwLpS3lLt8XJT9dTAKTgujDGQNeAL58ikE2x9qi32eGqEHcjYMeODxcgsfab
iF1JDhPo5t94eIvmzk6D2FB6Jtiop3vJI2EQwW0IzzsSDqrOJ+nX0Z143DO9zRAb
aRLbI9k65KJFKb5JUoF0JJhSTx/+eSaZZ8mxXILv8aIMsFd8ByfhIRVmXqAL/vJn
+1NhOSueN6MHr6V9JcXIv6KpRyHlehMGUAU//K1nbJPvElPj2pjUxGo6vtGfMloc
uSQk1VXe/DhivI5ywcxZx+rl07Qs8eD1VZc2skFNpeu/34sYvvhYUEp/TyGWmYR2
L+p/3yjHd10R/XtolNRB20jB7UVf167B2PLh+1pjKAFoF0wYJGzpFpVhjkoOsrZ2
2W57W42ox7II2Ww7rPxWYTA7rzeo+M3kenjo+L60SuB6IxO8YI94xMu2DN+dSnBS
8QkCgovmx4TzEWKQl3MpFTehUNNtx31xHnBpY/rZJjEDt4RXXb6X6QwZ7UbOCuyE
VA8AEQEAAYkBvAQYAQoAJhYhBNQ2SEggid2pjvqjlN9E+oiPPrTfBQJlKMC/AhsM
BQkDwmcAAAoJEN9E+oiPPrTfgUAMAJWtbtKYd3TgwozOilvaKKFD9Cz4SsHX+tq8
TaLMlKcP1Z17UpOG6szWKmwf8OgccIngmwsJwmwpnvg4lL+yQFLHTuTNrUHPLGqr
NEzajMtyMgcfkCpcC0CaEss7vIh78yB4d+EioNGnjOyQSMw/X4kIKws6qWAOETtf
8FoJHXPwBd8Gg3PgZpNAp2qWcdX2bECjWhqquJaPirL1Z+YKIzZPFGzh0o7CUVwZ
rD0cHuFbXYIRu5dP5n2iec6F+55AHwCuUxaKanyINauP7x+Nf5stqvfZjPaTirZU
jf9jhkgWVBxIfeMyAmT7kXXZqyXFavjFHsf/I4sTBmIn+HlWIg9zh+d9yQRX8M2u
1avceP0xjqlw9LHQ6BNaSddpBAFxjF5yK5iaHQTsUGpddh4RFCtxiPZGl+PPRdnl
Cxra/rG86JbKPNvDusKFsnuquTCO2zLZOTx3w42j5MwUi6MaGC1hJpkW8fNO+pEU
RDe7g1DRBHPCYodIhcVBIhCxDGg2aZkBjQRlKWPpAQwAmqpu4T5BCifY9rQgLjic
NlpNdns7xRtEXmDQVKzyLi4c1inTJrZLI0LpvZBSjN+/EmNQT1wDEcV6fwtqMVeE
90RzjrNpQsA4bmbpOCd7RDBeSL7C679YsL9CZu/RPR0TsOpZyRkSQr8NiKZ0k1XR
VnIe/0uUhCnkhqy4ro2qtf5Mwo2mA49bnA5RhCwTsYvx4KyCACyKdj+7X0cBf00A
0QmE+qPRty7P+8BhbzrVer+jiNPRdg2RurxFHXOFQ67T+GICosxlfz/lPZENPb6S
2i0NNysaNxh+Iol3NeU+yFJZCu16D1L8L94mi9kX8fCKD/Ed1JjX1taPZV+MAlGO
CSWxS7YOLk8lo9HC6qdbIkXBz7Ch7Xzi1FSV8w0O+GuNwNmnmmF7R7mKDts5Fd1r
1vbOqsqNuGNctJW9TnL4zDnxsLiZU7m5LgRUJRvVkqVtG/Yv6gCEfm185BzDyjnn
Cdzb5iQOl1pC00j61oWFWZtLT0QHnGhLuASGHBcDqQWnABEBAAG0HWFuZHlwaGFt
IDxhbmR5cGhhbUBnbWFpbC5jb20+iQHUBBMBCgA+FiEEiU7hrk7ezt9S98gmJU+e
kw5tGsgFAmUpY+kCGwMFCQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQ
JU+ekw5tGsigfwv+MgG+0IsY9oeEDZKYIONrRIOvLaW+AySleE7sgp/V3m9dYeUm
tE0RTxlifp8xHctxbmEEsfSmrFNCwqQOK7VhXP7UPTC09XRAWGV2tc3z8gxXY7ZD
LyE3f+zabqazo+PKUOKRR1lGARX/n5fyF3yZcr21c+ZbO07DBSqeoa/02e0aNUZc
eFxiHji1sGLpQRqhnq/h11cr47DNDGpFwISAgvs61Hm+EWtd+/+t/GzjVfM2+/eS
wTtsxZtJ1pP4Rrni6RNnG9uqUGBVoghMs1SqxaE9JqKQy19+NUop9ZpSWewzX6J6
hlVNFcz/ttEJ0Mx940Hk5QhGBh0/1pPamLkfqxQ5z17QpqI7mDJtqxKkV+guMRbR
Gs898rf8hJB4iIQc/5SvUaXJvac3sj1rMuk259SY3IoUjxva5dLgcOmhV2Mkf8jn
erhGZninvsGIK7VRJKsAQrffxF2WaWHtbCN/4wsCqq8V3rPHHeoLbZExGqzraDef
wp/Cz2n/a+9iAgP+uQGNBGUpY+kBDADoowDn+dYdhx9tElKHXiZXiCLGZ1Sb+y+U
32OgcX+4QDNUPb3ncvz0ExOHa9mIc/DN1PcmwKlAqaQw3oI+mBU9biJQHFuHGdpJ
N4G0Ybm/4kmoV/77FcBEHL6Xwtcowu+TK/Fvfp+ppeYHjP0BzYlz3tEpWHOZWWDY
P/+DuHO6bQkTbb8z2F2O4g+Bwuy8WmRFs5djUKWjq0T8DAIvl+QZgBYoIq3qtDen
PupH2/d6ohE0qG8KkdKpILpCQJ9HjFxFoTNvYZiOLtAP2yLCuBChoMxCc5z4g/M1
M/Ts5W5ydct0DOc0oscYT7BccK5JTTXQq8tvkNYJk6mBl/KVhjDzve2KDyLqHUOM
YJAyXeEb4INtuaqAEB8GSbmpzW87MyCYKIguuCQcWEHLZz745VD7LExjGailOFor
q7cy/SQcTmfhpQ1nPqX3XXfCJN+Kge10pX0qcVwt6+x06buiRT0jw1qGy1dyGlTL
uxd4feyzRdEJnRSzccAaef6BhUg/kksAEQEAAYkBvAQYAQoAJhYhBIlO4a5O3s7f
UvfIJiVPnpMObRrIBQJlKWPpAhsMBQkDwmcAAAoJECVPnpMObRrIln0L/RoQOFXW
qLWRNLy6KpBDv0HhmXN385ibtk4nIJv8rGpVjj2RlWrINMI2V3w2UUVdHCmFwA2+
VRW+XVRhjq+Rch9G2i0gNAWo+UVubD+NcFMMkVICS/88XFY4KyHzyVjfAnYbkwAj
WAlPLYeSM3+33wbd0/EBdRXO+qGrpwItj3Jo9RWK/hBZlZy1jhTfLGqkkCTtx5io
ecd4vIZsWSuh2AUtLb+TLiMlM9fX9Aag/xFWk0cnB5y0YThbzef5ZWtw6L8+9OSL
BoXwu6jxA8ynVYHRcLMt2O22/XaCC0eddjEl6PYkCdhYcLgDjfu2g1W9E3dDvY8G
OeZ8LYoXeFc5erqyXJ9O5LGxXrZY2AUvpXMGwIREg3IWrw3BZzbsg9SrnT94b+aa
n+YJXmiegCgGUb4Ds0BL/ShNsdLvKXlpp/SeGym3oIwSrN/w90ZPfzptWZtiWHER
WU0pS09T+dFxBv5JIG4yLorGXABuRvwYjMq2eB4OOwiPYEkQ+ACjQ8g1zQ==
=8h+y
-----END PGP PUBLIC KEY BLOCK-----
我在想,当我将上面的字符串复制并粘贴到秘密管理器值部分时,它会更改格式,从而使 gpnup 无法正确处理它。
我也尝试使用
\n导入密钥代码是:
gpg = gnupg.GPG(gnupghome='/tmp', gpgbinary='/usr/bin/gpg')
public_key_secret = fetch_secret(PUBLIC_KEY_SECRET_NAME)
public_key_str = private_key_secret["public_key_file"]
gpg.import_keys(public_key_str)
加密代码为:
with open(temp_path, "rb") as f:
encrypted_path = f'/tmp/{encrypted_name}'
encrypted_data = gpg.encrypt_file(f, '[email protected]', always_trust = True, output=encrypted_path)
如果有人有相同的解决方案经验,请帮助建议我。 非常感谢
这是我的工作代码:
gpg = gnupg.GPG(gnupghome='/tmp', verbose=True)
print('gpg initiation:', gpg)
temp_file_path = f'/tmp/{filename}'
pgp_file_path = '/tmp/<pgp_key_name>>.pub.asc'
pgp_encrypt_file_path = f'/tmp/{filename}.gpg'
pgp_bucket_name = '<your bucket where pgp pub key stored>'
pgp_file_key = '<bucket key of pgp pub key includig path>.pub.asc'
recipient='[email protected]'
s3_pgp_encryption_path = f'<s3_path_to_upload_encrypted_file>/{filename}.gpg'
s3_client = boto3.client('s3')
# Get S3 file details from event
bucket_name = bucket
file_key = key
s3_download_resp = s3_client.download_file(bucket_name, file_key, temp_file_path)
# Load PGP public key (ensure key is properly formatted)
s3_download_pgppubkey_resp = s3_client.download_file(pgp_bucket_name, pgp_file_key, pgp_file_path)
print('below s3 files downloaded:')
files = os.listdir("/tmp")
# Print the list of files
for file in files:
print(file)
with open(pgp_file_path, 'r') as key_file:
key_data = key_file.read()
print('key data looks like:',key_data)
try:
import_result = gpg.import_keys_file(pgp_file_path)
except Exception as e:
logging.error('Found errors while encrypting the file.')
print('Error is: ', e)
logging.error(e)
# import_result = gpg.import_keys(key_data)
print('import_result is: ', import_result)
if import_result.count == 0:
print("Failed to import public key.")
else:
print("Sucessfully imported public key.")
public_key_fingerprint = import_result.fingerprints[0]
# Read the content of the file
with open(temp_file_path, 'rb') as f:
file_data = f.read()
# Encrypt the file
encrypted_data = gpg.encrypt(file_data, public_key_fingerprint)
if encrypted_data.ok:
with open(pgp_encrypt_file_path,'wb') as f:
f.write(encrypted_data.data)
print('File encrypted successfully.')
else:
print('Failed to encrypt file:',encrypted_data.stderr)
# Upload encrypted file to S3
s3_upload_resp = s3_client.upload_file(pgp_encrypt_file_path, bucket_name, s3_pgp_encryption_path)
print('Successfully uploaded encrypted file to S3')