Lamnda Python 3.8 GPG decryption can not find gpg binary

Question

I'm trying to use a lambda function to decrypt files coming to S3, I download the files without issues, but when I try to decrypt them the gpg can not be found. I;ve tried using both python-gnupg and gnupg but both failed mentioning that gnupg is not available on the OS. Below my code for isntantiating GPG in python It works well with python 3.7, but if I upgrade to 3.8, Lambda uses AMazon Linux 2, which doesn't come with gpg. How can I make it work with python 3.8 in Lambda?

gpg = gnupg.GPG(gnupghome='/tmp')

Error:

OSError: Unable to run gpg (gnupg) - it may not be available

All the examples I've found don't seem to do anything extra. I'm packaging the python-gnugp package and all other python packages for my function

is the gpg binary available in Lambda? how can I make this work?

Answer 1

You have to bundle the gpg binary and its dependencies and deliver them in your package. In my package i bundle them into a folder named 'gpg', then when I use gpg in my Lambda function, I do this:

def lambda_handler(event, context):
    old = os.environ.get("LD_LIBRARY_PATH")
    if old:
        os.environ["LD_LIBRARY_PATH"] = "./gpg" + ":" + old
    else:
        os.environ["LD_LIBRARY_PATH"] = "./gpg"
    
    gpg = gnupg.GPG(gnupghome='/tmp', gpgbinary='./gpg/gpg2', verbose=False)

Answer 2

It appears that 3.7 lambda python environment includes the GPG, while the later versions don't. I think it's better to use a Python implementation of the PGP protocol rather than relying on GPG that you would have to bundle with the lambda (and bundling it is a pain).

See this answer for example (it suggests using pgpy library)