EasyGnuPG

Robert J. Hansen rjh at sixdemonbag.org
Tue Mar 22 11:50:09 CET 2016


> This is an important point (using the API), because trying to use `gpg`
> in scripts is terribly difficult. I don't understand why `gpg` does not
> follow the unix philosophy of being easily used in scripts and
> cooperating easily with other commands.

GnuPG is, believe it or not, a lot more like Apache than it is like
grep, cat, or wc.  When I start an Apache server it always asks me for
an SSL certificate password, it opens network connections, it spawns
daemons, it awaits connections... etc.

When I run "gpg2 --card-status", GnuPG has to spawn at least two
daemons: gpg-agent and scdaemon.  When I do a "--recv-key" I'm opening
HTTPS connections with the outside world.  When I do a signing
operation, gpg-agent has to connect with gpg2 and do complex handoffs
between them.

GnuPG isn't a single tool.  GnuPG is a complete platform, a whole
system, the same way that Apache or MySQL are.

Thinking that the gpg command-line tool is GnuPG is sort of like
thinking apachectl is Apache.  In both cases they're just tools that you
use to manipulate a far larger software ecosystem.



More information about the Gnupg-users mailing list