Re: gnupg binaries too big? / OpenBSD Moving Towards Signed Packages — Based On D. J. Bernstein Crypto

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Jan 21 00:00:46 CET 2014


On 01/19/2014 08:46 AM, Mark Schneider wrote:

> Is there any possibility to create a minimal version of gnupg?

gnupg already can produce gpgv, which (on debian at least) is 356KiB,
though it also dynamically links to libresolv and libz and libbz2 and
libc.  I'm sure you could reduce that further if you wanted to tune it.

Debian's package manager (apt) has been using signed manifests for
years, and makes good use of gpgv for this.  I'm sure OpenBSD could do
the same if that was their goal.

djb's Ed25519 signature mechanisms aren't bad, though, and if the goal
is a particular targetted deployment (like it sounds like for openbsd's
package management) then it shouldn't be too awkward (though it sounds
like their implementation does some funny things with memory to be able
to apply djb's code to their particular workload).

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140120/e47248f0/attachment.sig>


More information about the Gnupg-users mailing list