C/C++ API for GnuPG

Tony_Mione at peoplesoft.com Tony_Mione at peoplesoft.com
Fri Apr 18 19:07:02 CEST 2003

|         |           "Werner Koch"    |
|         |           <wk at gnupg.org>   |
|         |           Sent by:         |
|         |           gnupg-devel-admin|
|         |           @gnupg.org       |
|         |                            |
|         |                            |
|         |           04/18/2003 01:22 |
|         |           AM               |
|         |                            |
  |                                                                                                                              |
  |       To:       gnupg-devel at gnupg.org                                                                                        |
  |       cc:                                                                                                                    |
  |       Subject:  Re: C/C++ API for GnuPG                                                                                      |

>On Thu, 17 Apr 2003 11:53:26 -0700, Tony Mione said:
>> So, what are the security holes that may be openned if this is made
>> into a library? Do people involved with Gpg believe that the same
>There are no security hole but concerns about software complexity.

Ok, and, yes, complexity is a Bad Thing when working with security
Got it.

>> In my mind, a programmatic API would be better than spawning processes
>> that may need to have a passphrase in the command line. Does this make
>A passphrase is never given on the command line but send via a pipe.
>1.9 will even not require any passphrase handlinc because gpg-agent
>takes care of this.

Ok, if I wanted to, I could write a password to a temp file, open that
file and pass the fd, correct? Then, of course, we remove the file after
the passphrase is read. Some of the things we are trying to
do need to be automated and I am looking for ways to do this SAFELY.

One more thing: is there a way to store a secret key blob in a database
It looks like, if I try this, I would have to move the keyring packets from
DB into a temporary secret keyring file and set the appropriate options to
tell gpgme/gpg where to find the public and secret keyriings. Is that

>   Werner


Take care.

Antonino N. Mione           PeopleTools Security and Infrastructure
PeopleSoft, Inc., 4411 PeopleSoft Pkwy., Pleasanton, Ca. 94588
Antonino_Mione at peoplesoft.com                    +1-(925)-694-6118
got Crypto?

More information about the Gnupg-devel mailing list