Looking for GnuPG-compatible library for server application
Bernd R. Fix
bernd at wauland.de
Sat Oct 20 13:35:40 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Am 19.10.2012 22:34, schrieb Werner Koch:
> Technically this is not required. GPGME has been designed to allow
> running the engines as co-process, communicating over pipes with
> gpg. This has already been implemented for gpgsm (aka S/MIME), but
> not yet for gpg. That plan is to also have gpg running as a
> co-process. There is already some code in gpg to do this for verify
> but it needs to be extended.
Understood and I don't mind if the problem can be solved without a
linkable OpenPGP library - as long as the requirements are meet:
The server application uses 384-bit ECDSA/ECDH keypairs, so this
approach will also require some additional work on the GnuPG-2.1 release
itself (aside from making it possible to run it as a co-process within
Am I correct that each server thread requires its own GPGME/GnuPG
instance? If that is the case, it would be nice if instances can be
pooled as threads come and go frequently.
But to be honest: I am not sure if gpg2 (with the mandatory gpg-agent
instance to handle private keys) is suitable at all for a server
environment where there are some 20'000 *private* keys (and counting).
- From our experience gpg2 does not scale well with increasing number of
private keys (although I have to admit that the project uses a very
early GnuPG-2.1 implementation and not the latest from the unstable branch).
But maybe I shouldn't bother the whole list with such details and I will
try to explain our problems and requirements in a private email to
anyone willing to help.
>> Are any GnuPG developers willing to code such a library? The
>> project has
> My I race my hand ;-)
I appriciate your offer to help. I will describe the problem, financial
issues and timetables in a private email. I have to travel a lot the
next five days (including meetings), so I am not sure if I can send that
email before the next weekend. Hope you don't mind.
Postfach 65 04 43 H O L L A N D
22364 Hamburg/Germany S T I F T U N G
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Gnupg-devel