Questions about GPGME / GnuPG library

Taral taral at taral.net
Wed Dec 6 22:11:27 CET 2000


Quoting Florian Weimer <Florian.Weimer at RUS.Uni-Stuttgart.DE>:

> Taral <taral at taral.net> writes:
> 
> > If GPG were a library, your program (which may or may not be safe)
> > would also have to be setuid-root to take advantage of secure
> > memory.
> 
> If this is really an issue (many applications which would benifit from
> an OpenPGP library only need OpenPGP packet parsing and signature
> verification), it's better to fix the operating system to provide a
> certain (limited) amount of secure memory to unprivileged processes --
> or use encrypted swap.

Actually, I put out an RFC on this list a little while ago proposing a solution 
to our problem. It would modularize GPG such that people could use the pieces 
they needed. I am not, however, going to start on that until GPG itself it more 
cleanly implemented.

-- 
Taral <taral at taral.net>



More information about the Gnupg-devel mailing list