Robert J. Hansen
rjh at sixdemonbag.org
Tue Mar 22 11:50:09 CET 2016
> This is an important point (using the API), because trying to use `gpg`
> in scripts is terribly difficult. I don't understand why `gpg` does not
> follow the unix philosophy of being easily used in scripts and
> cooperating easily with other commands.
GnuPG is, believe it or not, a lot more like Apache than it is like
grep, cat, or wc. When I start an Apache server it always asks me for
an SSL certificate password, it opens network connections, it spawns
daemons, it awaits connections... etc.
When I run "gpg2 --card-status", GnuPG has to spawn at least two
daemons: gpg-agent and scdaemon. When I do a "--recv-key" I'm opening
HTTPS connections with the outside world. When I do a signing
operation, gpg-agent has to connect with gpg2 and do complex handoffs
GnuPG isn't a single tool. GnuPG is a complete platform, a whole
system, the same way that Apache or MySQL are.
Thinking that the gpg command-line tool is GnuPG is sort of like
thinking apachectl is Apache. In both cases they're just tools that you
use to manipulate a far larger software ecosystem.
More information about the Gnupg-users