In one of our projects, we implemented GPG decryption.

What is GPG ?

GPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP).

We used GPGME gem for this purpose. It provides three levels of API. In our case, we used Crypto which has the high level convenience methods to encrypt, decrypt, sign and verify signatures.

We needed to import private key for decrypting a file that was encrypted using paired public key. First let’s import the required private key.

GPGME::Key.import File.open('certs/pgp.key')

Let’s decrypt the file.

crypto = GPGME::Crypto.new
options = { output: File.open('file.csv', 'wb') }

crypto.decrypt File.open('file.csv.gpg'), options

Above code has one problem. It will open a pop up for password input that has been used when public and private keys have been generated.

To support password input without pop up, we updated the code as below.

crypto = GPGME::Crypto.new
options = {
            output: File.open('file.csv', 'wb'),
            pinentry_mode: GPGME::PINENTRY_MODE_LOOPBACK,
            password: 'welcome'
          }

crypto.decrypt File.open('file.csv.gpg'), options

Here, pinentry_mode option allows password input without pop up.

We did not use latest version of GPG since it does not support pinentry_mode option. Instead, We used 2.1.20 version which has support for this option. Here is the build instruction for that.