C/C++ API for GnuPG

Werner Koch wk at gnupg.org
Fri Apr 18 11:20:01 CEST 2003

On Thu, 17 Apr 2003 11:53:26 -0700, Tony Mione said:

> fact that it forks another process and calls gpg at the command line. I am

Compared to the actual crypto operations a fork/exec is relative cheap
on any modern OS.  There are however some domains where we would like
to have it faster.  The plan for GnuPG 1.9 is to keep a once forked
process running and reusing it for further operations.  We already did
this partly for gpgsm (gpg's S/MIME cousin).  Anyway this is an
internal to gpgme and the API won't change.

> So, what are the security holes that may be openned if this is made
> into a library? Do people involved with Gpg believe that the same

There are no security hole but concerns about software complexity.

> In my mind, a programmatic API would be better than spawning processes
> that may need to have a passphrase in the command line. Does this make

A passphrase is never given on the command line but send via a pipe.
1.9 will even not require any passphrase handlinc because gpg-agent
takes care of this.



  Nonviolence is the greatest force at the disposal of
  mankind. It is mightier than the mightiest weapon of
  destruction devised by the ingenuity of man. -Gandhi

More information about the Gnupg-devel mailing list