Key Storage Abstraction?
listo factor
listofactor at mail.ru
Mon Oct 16 08:09:59 CEST 2017
On 10/15/2017 08:35 PM, Jamie H. via Gnupg-users wrote:
> ...I'd like to actually access GPG*as* a library, but all the tools
I see seem to invoke GPG as a program and then operate on its standard
output...
What you need is GPG as a pure crypto-engine; completely divorced from
all key management and user interface functionality, so that both of
these tasks can be performed by applications that are tailored to meet
specific user population operational requirements.
This ("GPG crypto-engine" ?) would be a software package of significant
general utility.
In addition to the requirements you outlined, I would add one more: it
should abandon all attempts to protect the secrets (private key or
plaintext) from other users and processes running on the computer on
which it is running, and it should sacrifice the execution efficiency
whenever it significantly impacts the code. This would reduce the
complexity of the code, so that it could be more easily audited and made
platform independent. Ideally, it would be a BSD or similarly licensed,
so that it could be included in source form into applications such as yours.
More information about the Gnupg-users
mailing list