Use PGP to decrypt a file stored on SFTP server with Python

Question

I have an SFTP that I set up with *.PGP Files on that server. The package I use to connect to the SFTP from python is Paramiko as shown below.

import paramiko

transport = paramiko.Transport(json_data["host"], 22)
transport.connect(username=json_data["username"], password=json_data["password"])
sftp = paramiko.SFTPClient.from_transport(transport)

Also, I use pgpy for decrypting the message. Basically the key comes from a google cloud storage bucket and load it into the keychain and decrypt the file

I have set up this the decryption already for a local file but can't seem to figure out how to decrypt the message on the server.

I can't use the get function because I will be running this code on Google cloud functions, thus won't be able to access a local dir.

Is there any way I can load the file into Python, decrypt the file and then load it into a Pandas. The end file is a .CSV file.

The actual code used for decrypting local files.

import pgpy
key = pgpy.PGPKey().from_file("path/to/file/keyfile.asc")

with key[0].unlock("password") as ukey:
    message = pgpy.PGPMessage().from_file("path/to/file/file.pgp")
    f = ukey.decrypt(message).message
    print(f)

This would decrypt the message locally.

Martin Prikryl · Answer 1 · 2020-09-23T05:24:23.323

1

You should be able to download the file from SFTP server to memory (e.g. to BytesIO object). And then use PGPMessage().from_blob.

Something like this (untested):

with io.BytesIO() as fl:
    sftp.getfo(file_name, fl)
    fl.seek(0)
    bytes = fl.read()
    message = pgpy.PGPMessage().from_blob(bytes)

edited Sep 23 '20 at 05:24

answered Jul 19 '20 at 19:15

Martin Prikryl

188,800
56
490
992

Alfonzo Sanfilippo · Answer 2 · 2020-07-24T15:28:27.987

I figured out how to do this after some time, Prep the incoming data from the SFTP

x = sftp.open("File.csv.pgp", 'rb').read()
    toread = io.BytesIO()
    toread.write(x)
    toread.seek(0)

then Import the key mine comes from Google cloud storage and open the key

with gcsfs.GCSFileSystem(project="proj").open('path/to/*.asc','rb') as token:
   creds = pgpy.PGPKey().from_blob(token.read())#load key
   with creds[0].unlock("pass") as ukey:
       message = pgpy.PGPMessage().from_blob(toread.read())#load file body
       decryptedmessage = ukey.decrypt(message).message#decryt file body
       decryptedmessagestr = decryptedmessage.decode()#decode bytes
       DMIo = io.StringIO(decryptedmessagestr)#convert decoded bytes to string
       dataframe = pd.read_csv(DMIo) #insert into pandas

`sftp.getfo(file_name, toread)` should be more effective – both in term of time and memory consumption. — Martin Prikryl, Jul 24 '20 at 15:28

Use PGP to decrypt a file stored on SFTP server with Python

2 Answers2