C/C++ API for GnuPG

Jason Harris jharris at widomaker.com
Fri Apr 18 22:50:01 CEST 2003


On Fri, Apr 18, 2003 at 08:59:58AM -0700, Tony_Mione at peoplesoft.com wrote:

> |---------+---------------------------->
> |         |           "Werner Koch"    |
> |         |           <wk at gnupg.org>   |
> |         |           Sent by:         |
> |         |           gnupg-devel-admin|
> |         |           @gnupg.org       |

^^^ Gah! ^^^

[deleted stuff about GPG in library form]
libgcrypt doesn't have the right stuff?  (keyring handling?)

> Ok, if I wanted to, I could write a password to a temp file, open that
> file and pass the fd, correct? Then, of course, we remove the file after
> the passphrase is read. Some of the things we are trying to
> do need to be automated and I am looking for ways to do this SAFELY.

Writing the passphrase to disk isn't safe.  Open a pipe to the process
(GPG) before you fork() and exec() it and write the passphrase to the pipe.

> One more thing: is there a way to store a secret key blob in a database
> field?
> It looks like, if I try this, I would have to move the keyring packets from
> the
> DB into a temporary secret keyring file and set the appropriate options to
> tell gpgme/gpg where to find the public and secret keyriings. Is that
> correct.

--secret-keyring[-pipe]-fd, anyone?  :)  Don't seek() on it and it will
work.

Also, have you looked at cryptlib?

> got Crypto?

Definitely!

Got mutt[.org]?

-- 
Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris at widomaker.com | web:  http://jharris.cjb.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20030418/cee08a99/attachment.bin


More information about the Gnupg-devel mailing list