C/C++ API for GnuPG
Werner Koch
wk at gnupg.org
Fri Apr 18 11:20:01 CEST 2003
On Thu, 17 Apr 2003 11:53:26 -0700, Tony Mione said:
> fact that it forks another process and calls gpg at the command line. I am
Compared to the actual crypto operations a fork/exec is relative cheap
on any modern OS. There are however some domains where we would like
to have it faster. The plan for GnuPG 1.9 is to keep a once forked
process running and reusing it for further operations. We already did
this partly for gpgsm (gpg's S/MIME cousin). Anyway this is an
internal to gpgme and the API won't change.
> So, what are the security holes that may be openned if this is made
> into a library? Do people involved with Gpg believe that the same
There are no security hole but concerns about software complexity.
> In my mind, a programmatic API would be better than spawning processes
> that may need to have a passphrase in the command line. Does this make
A passphrase is never given on the command line but send via a pipe.
1.9 will even not require any passphrase handlinc because gpg-agent
takes care of this.
Salam-Shalom,
Werner
--
Nonviolence is the greatest force at the disposal of
mankind. It is mightier than the mightiest weapon of
destruction devised by the ingenuity of man. -Gandhi
More information about the Gnupg-devel
mailing list