GnuPG v2.x?

Werner Koch wk at
Thu Apr 3 18:41:24 CEST 2008

On Fri, 28 Mar 2008 16:33, rjh at said:

> to your question, and one I suspect they will emphatically disagree
> with.  :)

Let's see ...

> exist mostly as rules of thumb and handed-down wisdom.  I use 1.4.x only
> because of the latter kind of reasons: particularly, the Small Tools
> Principle and the Second System Effect.

That is why we promised to keep 1.4 alive.

> of the Small Tools Principle.  When I build my own 1.4.x GnuPG, I
> typically turn off all the options I don't need.  The smaller my trusted
> codebase, the more reliable the final product will be.

Right.  However there are so many features in gpg that I have doubts
that it is really a small tool.  The major problem is that gpg tries to
implement the entire OpenPGP standard and quite some extra features.

> doesn't sit well with me.  I don't need the new capabilities of 2.x;
> why, then, should I migrate to it?

For my part, the convenience of the gpg-agent.

> understand the architecture and design of the system.  As GnuPG 1.0
> turned into 1.2 and 1.4, I kept track of the changes.  I've not yet had
> the time to study GnuPG 2.x.  I don't know the architecture and design.

The OpenPGP code (gpg2) is identical to the one from GnuPG 1.4.  There
are some exceptions: All low level crypto code has been moved out to
Libgcrypt which in turn was created from the GnuPG 1.x code base.
passphrase.c has been modified to use the standard code to access the
gpg-agent (gpg1 uses some simplied code).  In general we try to keep the
code as similar as possible between gpg1 and gpg2 - this make
maintenacne much easier.

Of course there are plans to better integrate gpg2 into the entire
GnuPG-2 framework.  For example all secret key processing will
eventually be moved to gpg-agent.  This is to follow the crypto
pronciple of putting all your keys into one basket and watch that basket
very carefully.

The real reason for GnuPG-2 is the support for S/MIME.  This is all
plain new code and you can't consider this the second system effect.
S/MIME is an orthogonal addition to GnuPG.  The code is definitely not
as matured as the one for gpg 1.4 but it works reasonable well.

I hope that I will eventually find the time to get trapped by the Second
System Effect ;-).



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list