What is it?

The GNU Privacy Guard (gpg, or gpg.exe on Windows) is a command-line program which provides support for programmatic access via spawning a separate process to run it and then communicating with that process from your program.

This project, python-gnupg, implements a Python library which takes care of the internal details and allows its users to generate and manage keys, encrypt and decrypt data, and sign and verify messages.


Installing from PyPI

You can install this package from the Python Package Index (pyPI) by running:

pip install python-gnupg

Installing from a source distribution archive

To install this package from a source distribution archive, do the following:

  1. Extract all the files in the distribution archive to some directory on your system.
  2. In that directory, run python install.
  3. Optionally, run python to ensure that the package is working as expected.


  • The developers of the GNU Privacy Guard.
  • The original version of this module was developed by Andrew Kuchling.
  • It was improved by Richard Jones.
  • It was further improved by Steve Traugott.

The present incarnation, based on the earlier versions, uses the subprocess module and so works on Windows as well as Unix/Linux platforms. It's not, however, 100% backwards-compatible with earlier incarnations.

Change log

N.B: GCnn refers to an issue nn on Google Code.

0.3.7 (future)

Released: Not yet.


Released: 2014-02-05

  • Fixed GC82: Enabled fast random tests on gpg as well as gpg2.
  • Fixed GC85: Avoided deleting temporary file to preserve its permissions.
  • Fixed GC87: Avoided writing passphrase to log.
  • Fixed GC94: Added export-minimal and armor options when exporting keys.
  • Fixed GC95: Added verify_data() method to allow verification of signatures in memory.
  • Fixed GC96: Regularised end-of-line characters.
  • Fixed GC98: Rectified problems with earlier fix for shell injection.


Released: 2013-08-30

  • Added improved shell quoting to guard against shell injection.
  • Fixed GC76: Added search_keys() and send_keys() methods.
  • Fixed GC77: Allowed specifying a symmetric cipher algorithm.
  • Fixed GC78: Fell back to utf-8 encoding when no other could be determined.
  • Fixed GC79: Default key length is now 2048 bits.
  • Fixed GC80: Removed the Name-Comment default in key generation.


Released: 2013-06-05

  • Fixed GC65: Fixed encoding exception when getting version.
  • Fixed GC66: Now accepts sets and frozensets where appropriate.
  • Fixed GC67: Hash algorithm now captured in sign result.
  • Fixed GC68: Added support for --secret-keyring.
  • Fixed GC70: Added support for multiple keyrings.


Released: 2013-03-11

  • Fixed GC57: Handled control characters in list_keys().
  • Fixed GC61: Enabled fast random for testing.
  • Fixed GC62: Handled KEYEXPIRED status.
  • Fixed GC63: Handled NO_SGNR status.


Released: 2013-01-17

  • Fixed GC56: Disallowed blank values in key generation.
  • Fixed GC57: Handled colons and other characters in list_keys().
  • Fixed GC59/GC60: Handled INV_SGNR status during verification and removed calls requiring interactive password input from doctests.


Released: 2012-09-01

  • Fixed GC45: Allowed additional arguments to gpg executable.
  • Fixed GC50: Used latin-1 encoding in tests when it's known to be required.
  • Fixed GC51: Test now returns non-zero exit status on test failure.
  • Fixed GC53: Now handles INV_SGNR and KEY_NOT_CREATED statuses.
  • Fixed GC55: Verification and decryption now return trust level of signer in integer and text form.


Released: 2012-05-12

  • Fixed GC49: Reinstated Yann Leboulanger's change to support subkeys (accidentally left out in 0.2.7).


Released: 2012-03-29

  • Fixed GC36: Now handles CARDCTRL and POLICY_URL messages.
  • The random_binary_data file is no longer shipped, but constructed by the test suite if needed.


Released: 2011-09-02

  • Fixed GC29: Now handles IMPORT_RES while verifying.
  • Fixed GC30: Fixed an encoding problem.
  • Fixed GC33: Quoted arguments for added safety.


Released: 2011-04-10

  • Fixed GC24: License is clarified as BSD.
  • Fixed GC25: Incorporated Daniel Folkinshteyn's changes.
  • Fixed GC26: Incorporated Yann Leboulanger's subkey change.
  • Fixed GC27: Incorporated hysterix's support for symmetric encryption.
  • Did some internal cleanups of Unicode handling.


Released: 2011-01-25

  • Fixed GC14: Should be able to accept passphrases from GPG-Agent.
  • Fixed GC19: Should be able to create a detached signature.
  • Fixed GC21/GC23: Better handling of less common responses from GPG.


Released: 2010-10-13

  • Fixed GC11/GC16: Detached signatures can now be created.
  • Fixed GC3: Detached signatures can be verified.
  • Fixed GC12: Better support for RSA and IDEA.
  • Fixed GC15/GC17: Better support for non-ASCII input.


Released: 2010-03-01

  • Fixed GC9: Now allows encryption without armor and the ability to encrypt and decrypt directly to/from files.


Released: 2010-01-07

  • Fixed GC7: Made sending data to process threaded and added a test case. With a test data file used by the test case, the archive size has gone up to 5MB (the size of the test file).


Released: 2009-10-06

  • Fixed GC5/GC6: Added --batch when specifying --passphrase-fd and changed the name of the distribution file to add the python- prefix.


Released: 2009-08-07

  • Fixed GC2: Added handle_status() method to the ListKeys class.


Released: 2009-07-16

  • Various changes made to support Python 3.0.


Released: 2009-07-04

  • Initial release.