Hello, I have been playing around with the Passbolt API using Python, and am unsure if I might be overlooking a baked-in feature that can already handle this:
I have a need to encrypt a password (passed in to my python script as a string) and share it with a group containing a number of users. From my understanding, I will need to retrieve the public gpg key of each user in the group, create an object for each user containing the secret encrypted with their key, and then send a PUT request with this payload to the server.
Am I correct in assuming that there is no function or easy method built into the API sec for retrieving a list of user keys based off of a group id?
If so, are there any recommendations or suggestions for how one might easily pull users’ keys based on group membership?
Thank you! This works perfectly as far as retrieving each user’s key, but in terms of encrypting a password, is there a method that doesn’t involve importing each user’s key into the server’s keychain?
I have done most of my work in golang where I have a native crypto library to encrypt, decrypt sign and verify directly with the keys. No need to use the pgp / Gpg binarys and keyring. I don’t know if that exists for python.
Thank you again for the quick response! Since I wasn’t able to find such a library in Python, for the time being I decided to go with creating a temp gpg keychain each time the script runs. That way I’m pulling all the keys from the group I need to share with, I import all the keys, run the encryption, share the secret, and then wipe the temp keychain.
Is it the most cost-effective or most efficient use of machine resources? No. But at least it works!