On 06/24/2009 11:06 AM, Brian Mearns wrote: > GPGME just invokes gnupg in a subshell, right? And parses the > response? Not that this won't work, it just seems so inelegant.
Communicating a well-defined syntax across a process boundary doesn't need to be inelegant. There are many good implementations of various tools that take advantage of the natural segmentation that the OS provides via distinct processes. One advantage for gnupg, for example, is that secret key material is never loaded directly into the memory of the parent process, so it cannot be copied or tampered with from there. This is not to say that the GPGME arrangement is perfect, just that the process separation model itself isn't inherently a bad one. > Does > anyone know of efforts to right an actual free-software library that > implements OpenPGP? There are several, but none are in terribly good shape for generic use from what i can tell. OpenPGPSDK (sponsored by nominet, a UK DNS registrar) links against OpenSSL for most of its crypto, and doesn't yet produce a shared library (you can build statically-linked apps though). Targets RFC 4880 (the latest OpenPGP RFC), but still has substantial gaps in its coverage of the RFC. http://openpgp.nominet.org.uk/ Crypt::OpenPGP is a perl module, but it requires Math::Pari. Unfortunately, the author of Math::Pari seems to think that you should need to rebuild perl itself to use his module, so this doesn't lend itself to binary redistribution (.debs and .rpms). Crypt::OpenPGP only implements RFC 2440 (the older version, deprecated). http://search.cpan.org/~btrott/Crypt-OpenPGP/ OpenCDK used to be a separate library, but the latest versions seem to be bundled with the GnuTLS source. It uses gcrypt for its crypto, but has been stripped down to do just what GnuTLS needs. Reviving it as a separate project with its own life would be nice, i think. It's also GPL'ed, which is nice if you want to link it to GNU software. (i can't even find an upstream OpenCDK link anymore, so: http://www.gnu.org/software/gnutls/ ) FWIW, i've recently started trying to revise the dependencies of Crypt::OpenPGP to get it to work without Math::Pari (upstream has been non-responsive to a couple of queries), and OpenPGPSDK folks are receptive to hearing about problems, though the project seems starved of developer time to actually fix things; some patches offered languish unapplied. I need to investigate more into the history of choices behind OpenCDK's evolution, but have not yet done so. If anyone knows of other free implementations, i'd be happy to hear about them too. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
