encrypting and signing for pgp2

Holger Schurig holger@holger.om.org
Tue, 13 Jul 1999 11:33:45 +0200

Werner Koch wrote:

> pgp2 uses temp file everywhere especially in -f mode
Okay, it seems that you always have to use a tempfile to use the pgp2 scheme. Even if you add an additional command line switch like --literal-data to GnuPG. Hmm, I just wonder what would in the end be better in case of speed, integration and even security: having the functionality outside GnuPG or inside GnuPG? Speed: I guess that this is not really an issue. Shuffling with temp files is always much slower than just sitting in the midst of a stream. However, doing it externally would needs some additional forks, but I guess they are cheap enougth. Functionality: it would certainly be much easier to use if the code to handle this would be integral part of GnuPG. I'm just wondering if this really needs to be in GnuPG itself or if this could also be inside a plugin module. As I understand the current plugin scheme, this can't be done. There is just an interface to ciphers, hashes and so, not even one for additional commandline parameters. Security: lets assume 10 people create this functionality with some bash/perl/xyz scripts. Now I bet then 8 of them get it wrong, e.g. with directory permissions, possibility of race conditions and so on. So I would plea for an integration of this functionality into GnuPG. Unfortunately, I'm not good enought to write it on my own (even when I finally send those you-get-the-copyright papers to RMS), so it's somewhat unfriendly to ask people to implement stuff that I need (but where I assume that others migth need it too). On the other side: I don't see much point why GnuPG became much more pgp2 compatible with 0.9.8 when the goal is not full compatibilty. That's a strictly personal opinion, just because I'm a "make right or not at all" person :-) -- Holger Schurig | Die Botschaft vom Kreuz ist dem Renzstr. 31 | Unglaeubigen eine Torheit. 74821 Mosbach | 1. Korinther 1:18