Quoting Fabio Pietrosanti (naif) - lists (2015-04-21 12:34:39) > for any developer willing to use OpenPGP with a python developed > application currently the main choice is to go with python-gnupg, that's > a wrapper on top of GnuPG binary (https://pythonhosted.org/python-gnupg/).
There is a fork of this project that tries to fix some security concerns of it: https://github.com/isislovecruft/python-gnupg I think mailpile also has their own gnupg wrapper in python, but AFAIK is not a library that can be reused. > That's architecturally a very bad choice, plenty of constraint (for > example you need to enable "/bin/sh" execution under apparmor sandboxing > profile of a python application under Linux). > > Currently there are only two pure-python OpenPGP implementation: > > * PGPy: https://github.com/SecurityInnovation/PGPy > > * OpenPGP-Python: https://github.com/singpolyma/OpenPGP-Python If you are searching just for a OpenPGP parser there is also this one: https://github.com/diafygi/openpgp-python > Both stacks rely on Python Cryptography for Cryptographic primitives > implementations https://pypi.python.org/pypi/cryptography . > > We're considering switching away from GnuPG for the server-side PGP > processing and would like to ask an opinion to the list about those > implementations. > > Are there anyone engaging in metrics to evaluate the security of an > OpenPGP implementation and/or already evaluated PGPy/OpenPGP-Python ? I'll be interested too to know if there is any of that, I didn't have a look in depth to anything besides Isis's python-gnupg. -- Ruben Pollan | http://meskio.net/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- My contact info: http://meskio.net/crypto.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Nos vamos a Croatan.
signature.asc
Description: signature
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
