Miscellaneous questions

David Shaw dshaw at jabberwocky.com
Wed Apr 16 00:29:44 CEST 2008


On Mon, Apr 14, 2008 at 08:43:14PM -0500, Robert J. Hansen wrote:
> Herbert Furting wrote:
> > gpg is probably THE main implementation of OpenPGP (sorry to the 
> > commercial PGP folks ;) ),... as such I think it should support most
> > of the stuff from OpenPGP, or not?
> 
> Depends on who you ask.  A few people on-list (myself being one of them)
> think GnuPG supports too much of OpenPGP.

This is a very real issue.  The problem is that GPG tries to support a
very wide swath of users.  Some want lots of ciphers, some don't care.
Some want photo IDs, some don't care.  Different keyserver types,
different trust models, etc, etc.  Then there is the third group of
people, who not only don't want feature X, they don't even want it in
the binary.

We can't make all three groups happy with one program.  At best, we
can do the first two.

There is an - admittedly limited - attempt at making the third group
happy built in to the code, however.  If you build GPG from source,
you can tell autoconf to simply leave out chunks of code you don't
want.  For example, you can do "--disable-XXXXX" where XXXXX can be
things like "AES" or "RSA", or even things like keyservers.  Do a
"./configure --help" for the complete list.

See also "./configure --enable-minimal" which turns off (almost)
everything that isn't required for OpenPGP compliance.  The end result
is a GPG that understands only DSA, Elgamal, 3DES, MD5, SHA1,
RIPEMD160, ZIP and ZLIB.  No keyserver support and no photo ID
support.

David



More information about the Gnupg-users mailing list