encrypting and signing for pgp2

[Holger Schurig]

Werner Koch wrote:
> pgp2 uses temp file everywhere especially in -f mode

Okay, it seems that you always have to use a tempfile to use the pgp2
scheme. Even if you add an additional command line switch like
--literal-data to GnuPG.

Hmm, I just wonder what would in the end be better in case of speed,
integration and even security: having the functionality outside GnuPG or
inside GnuPG?

Speed: I guess that this is not really an issue. Shuffling with temp files
is always much slower than just sitting in the midst of a stream. However,
doing it externally would needs some additional forks, but I guess they are
cheap enougth.

Functionality: it would certainly be much easier to use if the code to
handle this would be integral part of GnuPG. I'm just wondering if this
really needs to be in GnuPG itself or if this could also be inside a plugin
module. As I understand the current plugin scheme, this can't be done. There
is just an interface to ciphers, hashes and so, not even one for additional
commandline parameters.

Security: lets assume 10 people create this functionality with some
bash/perl/xyz scripts. Now I bet then 8 of them get it wrong, e.g. with
directory permissions, possibility of race conditions and so on.


So I would plea for an integration of this functionality into GnuPG.
Unfortunately, I'm not good enought to write it on my own (even when I
finally send those you-get-the-copyright papers to RMS), so it's somewhat
unfriendly to ask people to implement stuff that I need (but where I assume
that others migth need it too).

On the other side: I don't see much point why GnuPG became much more pgp2
compatible with 0.9.8 when the goal is not full compatibilty. That's a
strictly personal opinion, just because I'm a "make right or not at all"
person :-)

-- 
Holger Schurig  |  Die Botschaft vom Kreuz ist dem
Renzstr. 31     |  Unglaeubigen eine Torheit.
74821 Mosbach   |                1. Korinther 1:18