gpg-verify c api
Jeroen Ooms
jeroen.ooms at stat.ucla.edu
Fri Dec 4 14:06:33 CET 2015
On Fri, Dec 4, 2015 at 1:41 PM, Neal H. Walfield <neal at walfield.org> wrote:
> There is no such library as far as I know. The closest that I'm aware
> of is gpgv, which just verifies signatures (it part of the GnuPG).
But gpgv only has a command line interface, correct? Or does it also
provide a C API?
> A signature is not much more use than a checksum if you don't also
> check the key's validity. How were you planning on doing this? Were
> you just going to hard code a few keys?
Yes, I was thinking of shipping trusted keys with the R installation,
possibly with the option to update them via https. The R archive
network already has SSL certs for it's root servers so that should be
fine I think.
> At the very least, you need to parse the OpenPGP message, which is
> what gpg does.
Is this available at the C level, similar to <openssl/pem.h> ?
https://www.openssl.org/docs/manmaster/crypto/pem.html
More information about the Gnupg-devel
mailing list