Python OpenPGP

This package is for entertainment only. It relies on an old version of PyCrypto. Run the test modules independently to see which ones break - some tests use pickles which reference invalid objects like DSAobj and IDEA.

RFC2440 is obsolete. A rewrite for RFC4880 is on my list of things to do.

Everything that follows is old news.


My intent is to organize OpenPGP tools for Python. So far I've written an implementation ('sap') which aims to be very flexible rather than bulletproof. I wanted a tool I could use to tinker with the possibilities. The result is a handful of simple functions representing most operations outlined in the OpenPGP standard (draft, proposal, whatever).

If you're interested in more security-oriented OpenPGP options for Python, see the GnuPG interface:

or the cryptlib interface:


GnuPG 1.2.2 (C implementation)

  • hashing methods
  • PKCS encoding
  • CFB and 'cryption quirks
pgpmsg-1.0 source (Python packet reader)

  • index/slice packet parsing method
  • CRC, ASCII-Armoring translation, crc24()
Cryptix OpenPGP CVS (Java implementation)

  • string-to-key madness
Crypt::OpenPGP (Perl implementation)

  • string-to-key madness OpenPGP mailing list

Applied Cryptography, Second Edition by Bruce Schneier


To install this package, run:

# python install

This package depends on PyCrypto ( so please install that, too.

Quick start

  1. Run the tests. Go into the test/sap/ directory and run ./ Everything should pass.

  2. Browse the source documentation or some nice, generated HTML (instructions on how to do this are in doc/).

  3. Give the the runnable 'openpgp/sap/' script a nice alias (I use 'sap'):

    $ alias sap="PATH/TO/"

    ..and use it to learn more about the commandline actions and the string-based functions which support them:

    $ sap -h
    $ sap --explain sign
    $ sap --explain-func sign
    $ sap --explain verify
    $ sap --explain-func verify
    $ sap --explain encrypt
    $ sap --explain-func encrypt
    $ sap --explain decrypt
    $ sap --explain-func decrypt


TODO priority

See doc/TODO.txt for a somewhat relevant TODO list.

The most important thing I want TODO is replace the packet classes in 'sap.pkt' with those in 'snap' once they are cleaned up. Once done..

  • The focus will be on the packet bodies and not the entire packet. Packet version, type, and length will be tacked on, meta-wise.
  • All packet components defined in the spec in terms of octets will be represented as instance attributes. MPI count and order will be inferred from algorithm codes.
  • All "manufactured" packet components (like key fingerprints) will be available using methods.
  • All instances will support read() and write() methods on the packet and attribute level.

Message instances (and everything above them) will be overhauled to reflect the changes.