api for gpg?

Werner Koch wk at isil.d.shuttle.de
Fri Apr 17 12:18:41 CEST 1998 

Sen Nagata <sen_ml at eccosys.com> writes:

>   can gpg be used in library form?  if so, i take it there isn't 
> much documentation (bseides the source) :-)

I don't like the idea of putting everything into a library. 
GNUPG is a Unix program and the philosophy behind Unix is
KISS (Keep it Small and Simple); Probably we will have a GNU 
Cryptography Library sometime but this will not be a complete
GNUPG implementation.

>   i am also curious whether there is some mode of operation to
> support decryption followed by encryption in a single process

Of cource I could do so, but it is more easier (and not so error prone)
to make a shell script (or a simple C program) which calls multiple
instances of GNUPG and connects them in a pipeline.  Pipelines are
the reason which makes the power of a Unix OS - there is only a small
(if at all) performace penalty.  

> then re-encrypt the result using multiple keys w/o having to pipe from 

By the way, it is possible to encrypt a message for more than one
recipient - not very much tested, but it should work.

If you really need a very high performance utility, some stuff can be 
done to make the initial start up of the program faster.  An option you 
may like could be a mode which encrypts a message with the key for
every specified user and outputs a complete messages for every user,
where the message is encrypted with the same session key:

    plaintext 
       |
       |  perform symmetric encryption with a session key
       |
    sym-encrypted-message
       |
       |------------------------------+------------------------+-- ... 
       |  encrypt session key         |                        |
       |  for user A and build        |
       |  a mail for him.             |
       |                              |
     encrypted-message-for-A        encrypted-message-for-B
       |                              |
       |  send via sendmail to A      | send via sendmail to A
       |                              |
     mail-to-A                      mail-to-B
     

This scheme has the advantage, that you only need one session-key 
and symmetric encryption - which is perfectly okay, because the
message is the same for every recipient.  

Anyway, I don't think that this is really needed: messages in
a ML are quite short and the symmetric encryption is in that case
much faster than the public-key encrytion for a user.


Werner

More information about the Gnupg-devel mailing list