Key Storage Abstraction?

Jamie H. geniegate at
Sun Oct 15 22:35:12 CEST 2017


I've been looking for a way to provide GNUPGP with a custom implementation of a key ring, as I gather there is such a thing as WKS, but I cannot find any documentation on how I can implement this myself.

What I need from GPG is a tool that does this:

1.) Sign Messages with a private key (of my choosing)

2.) Encrypt messages with a public key (of my choosing)
  - ideally to multiple recipients.

3.) Verify a message was signed by whoever owns a public key I have.
  - I don't care about GPG's "Trust levels" and would like to disregard them.

4.) Decrypt messages using a private key that I specify.

If things go the way I'd like, there may be several of these operations taking place in parallel.

There may be thousands, or even millions of keys in my own database, I don't want to (and indeed, I would have to scrap the open source project) import anything into GPG's keyring. I don't particularly want to implement WKS, and if I did it would be read-only, I don't ever want PGP to "upload" anything or change the system in any way. The idea is, this application manages the keys (it needs to for other reasons not really related to GPG)

So, I'm looking for a way to just feed GPG the keys it needs when it needs them. It'd be nice if I could just give it a shell script that takes an argument (whatever key it's looking for) and GPG reads the key on its standard input, but that doesn't seem possible.

Any ideas? and any pointers on where I might look if I had to implement a subset of WKS?

Unrelated: This is in python, I see some GPG libraries, they all seem overly complicated, I'd like to actually access GPG *as* a library, but all the tools I see seem to invoke GPG as a program and then operate on its standard output. Is there a recommended python library that, perhaps, uses GPG in a way that's more efficient? Maybe as a server mode or something? (I'd like it if there were capable of processing, mostly "verify", dozens of messages pr. second, ideally) 



More information about the Gnupg-users mailing list