Calling GnuPG ME library from managed .NET

Jeffrey Stedfast fejj at gnome.org
Thu Jan 24 14:27:02 CET 2019 

Hi Markus,

On 1/24/2019 5:45 AM, Markus Vetsch wrote:
> Hello,
>
> we have integrated GnuPG via command line interface into our Windows client & server C#.NET application.
> We are aware that the recommended way to interact with GnuPG is the library GnuPG ME.
> That's why we would like to switch for better stability and robustness our C#.NET code base to the usage of GnuPG ME API, as we are facing several disturbing issues in a production environment caused by the command line interface calls and the fact that we don't have full control of the called processes.
>
> Our crypto system requires support for both OpenPGP and CMS (S/MIME).
> The GnuPG version in use on our side is 2.1.1.18.
>
> Our research in this topic has detected that there already exists an OpenSource C#.NET project wrapping the native C calls from libgpgme-xx.dll.
> However, the development state of this project indicates that the native calls (method signatures and corresponding data structres) target version 1.1.6 of the libgpgme-xx.dll.
>
> https://github.com/wget/gpgme-sharp

I came across this project (altho not this particular fork) in my search 
a few years ago myself and it seemed to be a dead project. Looks like 
this past year they changed the license from LGPL to MIT.

The main problem I had was that this library was tied to a 32-bit 
version of libgpgme.dll which didn't fit my needs seeing as how I was 
working on an open source S/MIME & PGP/MIME library: 
https://github.com/jstedfast/MimeKit

I ended up having to use the BouncyCastle crypto library instead (that 
may be what you guys are already using?).

At the time, GnuPG 2.0.x was what all the distros were shipping and was 
what most Mac and Windows users were also using, so I was able to 
implement code to load the user's gpg.conf and keyrings. Unfortunately, 
the file format changed with GnuPG 2.1.x and I have not yet been able to 
figure out how to load the user's keyrings anymore.

That said, MimeKit can read exported keyrings from gpg 2.1.x. I'm not 
sure if that is at all helpful to you or not...

>
> For us as non C experts, it looks like an awful lot of work to extend this library for our purpose to match a newer target version of GnuPG ME.
> Our prerequisite is, that our software is developed for commercial use and thus our time/budget resources are strictly limited.
>
> Therefore, we have now the following questions:
>
> 1. Are you aware of any other commercial / OpenSource projects in .NET that could support us?

As I mentioned above, MimeKit is probably your only Open Source 
alternative (but, as I noted above, my library does not use GnuPG directly).

As far as commercial goes, you could look at Rebex 
(https://www.rebex.net/secure-mail.net/features/s-mime.aspx) and 
IP*Works (https://www.nsoftware.com/ipworks/smime/), although they have 
their own crypto libraries and do not make any use of GnuPG as far as 
I'm aware.

> 2. Which version of libgpgme-xx.dll is compatible to version 2.1.1.18 of GnuPG tool suite? Is this version 1.9.0 or version 1.7.0 according to the release news on page https://www.gnupg.org/news.html?

I'm pretty sure that 1.7 is compat (my 
https://github.com/jstedfast/gmime c-library depends only on gpgme 1.7 
and works with gnupg 2.1.x).

> 3. What are the preqrequisites (paths) to build C++ sources of GnuPG ME in Visual Studio for Windows 32 bit platforms? How do we manage to build the sources otherwise on command line?

This is something I can't answer because I've never built GPGME on Windows.


Hope my answer has been at least somewhat helpful, altho I'm sure it's 
not quite the answer you were hoping for :(

Jeff

More information about the Gnupg-users mailing list