Should pinentry use libassuan and/or libgcrypt?

Werner Koch wk at gnupg.org
Sat Sep 7 12:24:30 CEST 2013


On Fri,  6 Sep 2013 22:54, orion at cora.nwra.com said:

> Please pardon this naive question.  From a packaging standpoint, I was
> trying to determine if pinentry "bundles" libassuan and/or parts of
> libgcrypt (as secmem).  Apparently there is a "stripped down"

Right - very stripped down.

> Is there a technical reason to do it this way rather than using libassuan
> and libgcrypt directly?  Naively I'm thinking that reusing security
> sensitive code via a library would be better than copies of source code
> making for multiple places to fix issues.

Nope: The goal is to make Pinentry as small as possible so that it can
be easily audited and regression in libraries don't reflect badly on it.
We don't need anything from Libgcrypt.  It is just a coincidence that
both try to protect malloced data from being paged out.  We could even
get rid of that if only the swap space would be encrypted.



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-devel mailing list