Looking for GnuPG-compatible library for server application

Bernd R. Fix bernd at wauland.de
Sat Oct 20 13:35:40 CEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Am 19.10.2012 22:34, schrieb Werner Koch:
> Technically this is not required.  GPGME has been designed to allow 
> running the engines as co-process, communicating over pipes with
> gpg. This has already been implemented for gpgsm (aka S/MIME), but
> not yet for gpg.  That plan is to also have gpg running as a
> co-process.  There is already some code in gpg to do this for verify
> but it needs to be extended.

Understood and I don't mind if the problem can be solved without a
linkable OpenPGP library - as long as the requirements are meet:

The server application uses 384-bit ECDSA/ECDH keypairs, so this
approach will also require some additional work on the GnuPG-2.1 release
itself (aside from making it possible to run it as a co-process within
GPGME).

Am I correct that each server thread requires its own GPGME/GnuPG
instance? If that is the case, it would be nice if instances can be
pooled as threads come and go frequently.

But to be honest: I am not sure if gpg2 (with the mandatory gpg-agent
instance to handle private keys) is suitable at all for a server
environment where there are some 20'000 *private* keys (and counting).
- From our experience gpg2 does not scale well with increasing number of
private keys (although I have to admit that the project uses a very
early GnuPG-2.1 implementation and not the latest from the unstable branch).

But maybe I shouldn't bother the whole list with such details and I will
try to explain our problems and requirements in a private email to
anyone willing to help.

>> Are any GnuPG developers willing to code such a library? The
>> project has
> 
> My I race my hand ;-)

I appriciate your offer to help. I will describe the problem, financial
issues and timetables in a private email. I have to travel a lot the
next five days (including meetings), so I am not sure if I can send that
email before the next weekend. Hope you don't mind.

Cheers, Bernd.
- -- 

Wau-Holland-Stiftung                   W
Postfach 65 04 43              H O L L A N D
22364 Hamburg/Germany        S T I F T U N G
http://www.wauland.de

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBCAAGBQJQgoyEAAoJEN1A8liqzgHpEboIALW0S4Oa9FQZJG2mcILjpYF4
0VC2uG7pm5Vl8wQphyNFsYXkdutdFaPMvZyFW0m16872uC6zdFFEZ6GBBmXllnm9
RrY8VT37PnctKAsMoCECluYR1kOugyGpZxOl4Run6tSV9iEBLT/e/Kb45qzsnjVL
ts69i1S3qI1BvnuyOU5bGkiW6zDnxgSkgIBaoJFiB2oUfMQ88KrMaQY9WM4vAxpz
5N6I0O0tc2k4tlAlXydRs+gXIHPdPUsdjFQ2SADhZYmunTPgN6XXjcSaF+l6HXr6
TOIkLYn/WG0To+auIoHnXdbHEuogiV98qPRWb/piMQ/MSa3JKGLIgVp6Q4c9rJk=
=38eR
-----END PGP SIGNATURE-----



More information about the Gnupg-devel mailing list