AW: Calling GnuPG ME library from managed .NET

Markus Vetsch m.vetsch at infotech.li
Thu Jan 24 14:58:32 CET 2019 

Hi Jeff,

> Hope my answer has been at least somewhat helpful, altho I'm sure it's not quite the answer you were hoping for :(

I really appreciate your immediate feedback.
I was prepared to an answer like that and it confirms my perception of the challenge to integrate GnuPG, as my reapeated research in this area didn't look too promising.
I'm not too much disappointed, though. ;-) In this respect your answer was already quite helpful.

> I ended up having to use the BouncyCastle crypto library instead (that may be what you guys are already using?).

We already use the BouncyCastle API in other projects, but are for a certain reason a bit cautious to just replace GnuPG in this specific project due to certain prerequisites beyond our area of influence.
I'm pretty sure that BouncyCastle supports all the stuff we'd actually require (sign, encrypt, verify, decrypt files) based on asymmetric algorithms.

The reason, why we're so keen on GnuPG is that a European Union project for multi-national secure file exchange prescribes GnuPG as de facto solution to use by all involved parties.
The only setup that is officially being supported by the central project organization is GnuPG, but the technical support is quite poor though ... Since we are not crypto specialists and neither is the central organisation things get complicated. 
We came across to build up a software system to get rid of all the manual processing via shell scripts and so on.

The crypto systems OpenPGP and S/MIME are both in use.
The keystores in use are the GnuPG proprietary ones, whereas the keys / certificates in use could of course be migrated to a format such that they're stored in the OS certificate store.

Basically our command line interface implementation works more or less, but there are some drawbacks which lead to continuous support that imho is not necessary to this extent.
The calls of gpg-agent, gpg, gpgsm ... on command line are a huge black box we can not fully control.

> That said, MimeKit can read exported keyrings from gpg 2.1.x. I'm not sure if that is at all helpful to you or not...

Unfortunately, this is only part of the functionality we need.
We keep on researching. Thx anyway for your support.

Markus

More information about the Gnupg-users mailing list