Trying to create auth key on GPF CryptoStick

Werner Koch wk at
Wed Jan 4 16:08:22 CET 2012

On Wed,  4 Jan 2012 14:27, nicholas.cole at said:

> problem.  Though gpg2.1 has lots of wonderful features, it IS a much
> bigger, much more complex package.  I've always liked the fact that

Not really.  Sure it has some extra features like S/MIME but you can
disable them.  A benefit is, that it is modularized, This allows us to
make changes in one module without affecting the stability of another
module.  The modules can be separately tested and due to the
well-defined interface it is much easier to debug.

> gpg1.4 can be built relatively simply, and the code-base looks

That is true.  But how many of you are using 20 years old Unix versions?
Is it really justified to spend so much time on it?

> downloading and building.  People using gpg2 often have to rely on
> third-party packagers.

There is a Makefile in gnupg/scripts/gpg-w32-dev which can easily be
adjusted for Unix systems.  It builds GnuPG 2.x and all libraries.

> expert, but I'd have thought that would be easier if deploying 1.4.
> Perhaps that is wrong, and in fact people can have better confidence
> in the new version.

The code in 2.0 is quite better than the cruft we collected of many
years in 1.4 ;-).

> I suppose I'd imagined that once the ECC code was written it would
> effectively be a module that could be integrated relatively easily
> into the old code.  I do understand if that's not the case, but there
> are reasons why 1.4 is still so popular.  Do you think those reasons

I don't know why 1.4 is so popular.  For a server, okay.  But for a
desktop, I really don't understand it.  Even for a server 2.1 will be
much better suited than the old 1.4.  

ECC is not just another plug-in algorithm but requires a lot more code.
In Libgcrypt we can easily improve the performance, while doing this in
1.4 can not be justified.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list