Python - GPG decrypt works but GNUPG doesn't

Question

I'm using pythons gnupg to decrypt a file I've downloaded with python:

        gpg = gnupg.GPG(gnupghome="/home/myname/.gnupg")
    with open('updates/'+filelist[i],'r') as f:
        print "Decrypting "+fn
        status=gpg.decrypt_file(f, passphrase="passphrase",output='updates/'+fn)

    print 'ok: ', status.ok
    print 'stderr: ',status.stderr

This fails saying 'secret key not available'. However when I run gpg -d filename from terminal the file decrypts without any errors. I've used gpg -K and checked that the secret certificate / key used to encrypt the file is imported + trusted etc.

This is all running on Ubuntu Server 12.04.

Can anyone suggest how I can get around this error?

Answer 1

Be aware that GnuPG is the "real" name of gpg, which is only the name of the binary. The python API is called python-gnupg.

The problem will most probably be caused by missing access privileges. As you already realized, each system user has its own GnuPG home directory (thus you provided another user's GnuPG-directory), not accessible by others. Make sure your web server user (probably www-data) has access to /home/myname/.gnupg, better export the private key and reimport it from within the webserver's user (GnuPG does not like extensive access rights and might send a warning or deny to run at all otherwise).

You can test if that really is the problem by running sudo -u www-data 'gpg --home-dir /home/myname/.gnupg -d filename (thus, run gpg under the web server's user).