Azure function app v2 python with gnupg for encrypting file with public key failing

Question

Environmental info: python code with gnupg to encrypt file with public key and recipient, running in azure function app on Linux based OS. In an event based architecture, daily 1000's of files are encrypted and saved to azure storage. Multiple public keys are available to choose from based on criteria.

Issue:

Consider there are three publickey with recipients namely recipient1, recipient2, recipient3

After running successfully for months, when we try to add new "recipient4". The new publickey always fails with error "invalid public key" even though public key is valid.

In this situation we delete the function app and recreate the resource again in Azure. Now all 4 recipients work perfectly fine.

Same issue repeats when we add new recipient5.

Debugged information:

1. in bash I checked the .gnupg/ location and found the pubring.ksc file. While checking new recipients are not reflected in the file.

2. Restarting the function app won't help as gpg software in Linux is not affected as part of the function app re-start (only recreation of environment helps)

Kindly help me in the right direction to understand better the situation

Answer 1

Instead of recreating a Function App again, Generate a new key separately for recipient4 in the Function App > Kudu > SSH and then encrypt and decrypt it.

I have visited > Function App > Advanced Tools > Go > SSH >

And ran the commands below:-

apt-get install -y gnupg gnupg1
cp -a /usr/bin/gpg /usr/bin/gpg2
ln -sf /usr/bin/gpg1 /usr/bin/gpg
gpg --gen-key - #for recipient1
gpg --gen-key #for recipient2
gpg --gen-key #for recipient3
gpg --list-keys
echo "Top secret message for recipient1" > file_recipient1.txt
gpg --encrypt --recipient "recipient1" file_recipient1.txt
# Repeat for recipient2 and recipient3
echo "Top secret message for recipient2" > file_recipient1.txt
gpg --encrypt --recipient "recipient2" file_recipient1.txt
echo "Top secret message for recipient2" > file_recipient2.txt
gpg --encrypt --recipient "recipient2" file_recipient1.txt
echo "Top secret message for recipient2" > file_recipient2.txt
gpg --encrypt --recipient "recipient2" file_recipient2.txt
echo "Top secret message for recipient3" > file_recipient3.txt
gpg --encrypt --recipient "recipient3" file_recipient3.txt
gpg --decrypt file_recipient1.txt.gpg
gpg --gen-key #for recipient4
echo "Top secret message for recipient4" > file_recipient4.txt
gpg --encrypt --recipient "recipient4" file_recipient4.txt
gpg --list-keys | grep "recipient4"
gpg --decrypt file_recipient4.txt.gpg

Output:-

Recipient 4 file encrypted and decrypted correctly, After I added a new key:-