On Thu, 17 May 2018 13:11, roman.fied...@ait.ac.at said:

> How could that work together with the memory based "wipe" approach, you 
> envisioned in your message 
> https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060379.html , last 
> paragraph?

Tha is a different layer.  Basically a part of a MUA.  That feature
would be a safenet in case the actual MUA part does not check return
codes from GPGME.  GPGME has several types of data objects

  - Memory based
  - File based
  - File descriptor based
  - Callback based

For the first two we can clear the memory or delete the file in case of
an error and before we return to the caller.  It is actually a bit
complicate to implement because gpgme allows for synchornous and
asynchronous operation and for the latter we have not yet a way to
associate the data object with context.

> Would that imply, that using e.g. "--output /proc/self/3" would
> implicitly change the security behavior of gpg, e.g. by switching from
> "output before validation" model to "validation before output" model

No, gpg has no idea about this.  It only aware whether it is working on
a named file or on a file descriptor (which also includes a pipe)



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Attachment: pgp1ymasZ4luL.pgp
Description: PGP signature

Gnupg-users mailing list

Reply via email to