Problem with C++ wrapper and gpgme

Yenot yenot at sec.to
Sat May 31 15:44:02 CEST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 30 May 2003 07:58 pm, David Shaw wrote:
>
> Note there is a gotcha here.  When parsing raw key data, there is
> no assurance that some items are valid or not without actually
> verifying the self-signatures.  To really use raw data in a key
> manager, you'd need to add signature verification and trustdb
> calculations, and pretty soon you've recreated GnuPG. ;)

Wouldn't the verification that GnuPG does when adding keys to the 
keyring be sufficient for key-display by a keymanager?

Displaying not yet imported keys is also the job of a keymanager.  How 
to hand off this key verification task to GnuPG without importing the 
key is not simple, but I think possible.

If GnuPG could export its own trust calculations as a trust packet (a 
special feature only for axillary programs), keymanagers would not 
have to do their own trust calculations.  Would it be possible for 
GnuPG to add such information to its raw --export output without 
slowing down the export process?

Using raw OpenPGP as the GUI<->GnuPG data exchange format isn't ideal, 
but it may be the only practical solution for a fast and 
full-featured GUI keymanager. 

 - Yenot
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+2KKMP247TY29IxARAt+RAJ9v+09EF7h/12arIkYXyxCCNay1IwCfd5ui
6mbOI8DHjvF9XgtkZ5lUk3Y=
=2DLA
-----END PGP SIGNATURE-----





More information about the Gnupg-devel mailing list