On 6/12/15 6:05 AM, Michael Greene wrote: > Hello there, I am the author of PGPy - I figured I’d chime in here, even > though I have clearly noticed this discussion a little bit late. > > When I decided that taking up the project of building a pure-Python > OpenPGP implementation would be worthwhile, I did so after evaluating > all of the existing Python libraries I could manage to find. The main > reason I started the project was because very nearly all of the Python > libraries for working with PGP were either wrappers around the gpg > binary, or GPGME bindings (which itself is a wrapper around the gpg > binary, but written in C).
I'm a fan of PGPy approach, because it rely on native crypto but implement the OpenPGP packets formats in pure python enabling full application control without having to do dirty stuff (such as python-gnupg relying on gpg making executing gpg in /dev/shm/ leading to tons of issues). The integration of third party security software based on execution of cmdline is very dirty, architectually speaking, and most gpg and Tor library must do that. Regarding GPGME, is it really exec()uting the gpg binary or is it calling directly the gpg as a library? We're considering switching the server-side operations of GPG of GlobaLeaks to PGPy or OpenPGP-Python, given proper streaming support (for memory/buffering reasons) and a public security audit that can be arranged. For PGPy i really suggest to make a wrapper API to facilitate replacement of python-gnupg with PGPy. -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - https://globaleaks.org - https://tor2web.org - https://ahmia.fi _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
