AW: AW: AW: AW: Efail or OpenPGP is safer than S/MIME

Werner Koch wk at
Thu May 17 21:01:23 CEST 2018

On Thu, 17 May 2018 13:11, Roman.Fiedler at said:

> How could that work together with the memory based "wipe" approach, you envisioned in your message , last paragraph?

Tha is a different layer.  Basically a part of a MUA.  That feature
would be a safenet in case the actual MUA part does not check return
codes from GPGME.  GPGME has several types of data objects

  - Memory based
  - File based
  - File descriptor based
  - Callback based

For the first two we can clear the memory or delete the file in case of
an error and before we return to the caller.  It is actually a bit
complicate to implement because gpgme allows for synchornous and
asynchronous operation and for the latter we have not yet a way to
associate the data object with context.

> Would that imply, that using e.g. "--output /proc/self/3" would
> implicitly change the security behavior of gpg, e.g. by switching from
> "output before validation" model to "validation before output" model

No, gpg has no idea about this.  It only aware whether it is working on
a named file or on a file descriptor (which also includes a pipe)



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list