GnuPG Security Disaster?

Bernard bht@actrix.gen.nz
Wed Jan 2 19:50:01 2002


Hi Bernd,

Thanks for your reply.

More than a year ago I tested Cryptix PGP on Linux successfully.
However at the time, encryption on a web server was my main focus and
Cryptix took more than 20 seconds on a slow machine even with HotSpot
VM to encrypt "Hello". That's why I did not look back into it.

Then I used pgp in an external process which took less than a second.

Have you had any experience with Cryptix lately?

I tend to think that in the long run Java is the better multi-platform
independent investment because it does not have the ugly interface
issues as you mention.

But then what is going to happen with Cryptix?
Why do you think that it is good that it is not GPL?

With Network Associates' pgp a "free for non-commercial use" bloated
product I could never find any indication what the cost of the
unrestricted product was and now I heard it's no longer supported by
them.

So I was happy to find GnuPG, something free that seems to work.

With the current command line/Java process issue under Windows solved
(again the problem does not exist under Linux with the same
command+options), I would have a pretty basic and fast solution.

Still I am very curious why the Java external process hangs in one
case (encryption) and not the other (decryption), one passing the
data, the other passing the passphrase through stdin.

It's either a Sun issue or a GnuPG issue, definitely not my error
because in that case it would not work under Linux.


Regards,
Bernard

On Wed, 2 Jan 2002 15:31:34 +0100, you wrote:

>On Wed, Jan 02, 2002 at 10:16:28PM +1300, Bernard wrote:
>> Today the subject has become even more interesting since I have
>> managed the first time to get the passphrase through stdin.
>> So the batch file issue for _decryption_ is gone :)
>
>If you dont want to use the ugly command line hack, there are a view =
nativ
>PGP Java Libs out there. For example Cryptix PGP. Good thing, they are =
not
>GPL.
>
>Greetings
>Bernd