Any UNIX API for GPG available?
mearns.b at gmail.com
Fri Jun 26 14:46:14 CEST 2009
On Wed, Jun 24, 2009 at 12:28 PM, Daniel Kahn
Gillmor<dkg at fifthhorseman.net> wrote:
> On 06/24/2009 11:06 AM, Brian Mearns wrote:
>> GPGME just invokes gnupg in a subshell, right? And parses the
>> response? Not that this won't work, it just seems so inelegant.
> Communicating a well-defined syntax across a process boundary doesn't
> need to be inelegant. There are many good implementations of various
> tools that take advantage of the natural segmentation that the OS
> provides via distinct processes.
> One advantage for gnupg, for example, is that secret key material is
> never loaded directly into the memory of the parent process, so it
> cannot be copied or tampered with from there.
> This is not to say that the GPGME arrangement is perfect, just that the
> process separation model itself isn't inherently a bad one.
Perhaps inelegant was a little off the mark: how about inefficient?
The program has already done all this work to create data structs and
other binary data out of keys, and passphrases, and packets, and
whatnot, and now it has to convert them into ASCII and send them to
another program, just so that program can parse it all and turn it
back into data structs and stuff. There's this whole long step in the
middle that is essentially like climbing a set of stairs, then walking
The other thing that bothers me is that as a programmer, I know a well
written program shouldn't be too difficult to abstract into a library.
The fact that gnupg has been around so long and so many people have
expressed interest in a library, and yet there remains no
library...makes me question whether this is a philosophical decision
that a library is unnecessary, or the program is actually implemented
in an ugly and convoluted way, making the prospect of turning it into
a library daunting.
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net
More information about the Gnupg-users