Problem with C++ wrapper and gpgme
yenot at sec.to
Sat May 31 15:44:02 CEST 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Friday 30 May 2003 07:58 pm, David Shaw wrote:
> Note there is a gotcha here. When parsing raw key data, there is
> no assurance that some items are valid or not without actually
> verifying the self-signatures. To really use raw data in a key
> manager, you'd need to add signature verification and trustdb
> calculations, and pretty soon you've recreated GnuPG. ;)
Wouldn't the verification that GnuPG does when adding keys to the
keyring be sufficient for key-display by a keymanager?
Displaying not yet imported keys is also the job of a keymanager. How
to hand off this key verification task to GnuPG without importing the
key is not simple, but I think possible.
If GnuPG could export its own trust calculations as a trust packet (a
special feature only for axillary programs), keymanagers would not
have to do their own trust calculations. Would it be possible for
GnuPG to add such information to its raw --export output without
slowing down the export process?
Using raw OpenPGP as the GUI<->GnuPG data exchange format isn't ideal,
but it may be the only practical solution for a fast and
full-featured GUI keymanager.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-devel