GPG Text Tools Plugin for Dify

This plugin provides a suite of tools for performing common GPG (GNU Privacy Guard) operations on text directly within Dify, utilizing the Python library. It allows users and AI agents to encrypt, decrypt, sign, and verify messages, as well as generate new GPG key pairs.

Features

The plugin includes the following tools:

1. GPG Encrypt Message (): Encrypts a plaintext message using a recipient's GPG public key.
2. GPG Decrypt Message (): Decrypts a GPG-encrypted message using the recipient's private key and optional passphrase.
3. GPG Sign Message (): Creates a detached GPG signature for a plaintext message using the signer's private key and optional passphrase.
4. GPG Verify Signature (): Verifies a detached GPG signature against the original message using the signer's public key.
5. GPG Generate Key Pair (): Generates a new GPG key pair (public and private keys) with specified user details and optional parameters.

Setup

No specific setup is required beyond adding the plugin to Dify. The necessary library is included in the plugin's requirements.

Usage

Each tool requires specific inputs, typically provided as parameters within Dify.

1. Encrypt Message

• Parameters:
  • : The text message you want to encrypt.
  • : The recipient's full ASCII-armored GPG public key block.
• Output: The encrypted message in ASCII-armored PGP format.

2. Decrypt Message

• Parameters:
  • : The full ASCII-armored PGP encrypted message block.
  • : Your full ASCII-armored GPG private key block. Handle with extreme care.
  • (Optional): The passphrase protecting your private key, if applicable.
• Output: The decrypted plaintext message.

3. Sign Message

• Parameters:
  • : The text message you want to sign.
  • : Your full ASCII-armored GPG private key block used for signing. Handle with extreme care.
  • (Optional): The passphrase protecting your private key, if applicable.
• Output: The detached ASCII-armored GPG signature.

4. Verify Signature

• Parameters:
  • : The original plaintext message that was signed.
  • : The detached ASCII-armored GPG signature block.
  • : The signer's full ASCII-armored GPG public key block.
• Output: A boolean value ( or ) indicating if the signature is valid, along with a descriptive text message.

5. Generate Key Pair

• Parameters:
  • : The name to associate with the key (e.g., "Alice Wonderland").
  • : The email address to associate with the key (e.g., "[email protected]").
  • (Optional): A passphrase to protect the generated private key. Highly recommended.
  • (Optional): The primary key algorithm (e.g., , ). Defaults to .
  • (Optional): Key length (for RSA/DSA) or curve name (for ECC). Defaults depend on .
• Output: The generated public key and private key in ASCII-armored format. Securely store the private key and passphrase immediately.

Security Considerations

• Private Key Handling: Private keys and passphrases are highly sensitive. This plugin requires them as direct input parameters for decryption and signing. Be extremely cautious about how and where you provide this information within Dify. Avoid storing them directly in prompts or workflow configurations if possible. Consider using secure credential management features if available in your Dify setup.
• No Key Storage: This plugin does not store any keys or passphrases beyond the immediate execution scope of a tool invocation. The responsibility for secure key management lies entirely with the user.
• Generated Keys: When generating keys, immediately copy and securely store the private key and its passphrase outside of Dify. The plugin will output them, but does not retain them.

Underlying Library

This plugin uses the pgpy library for all cryptographic operations.