Future OpenPGP Support in Thunderbird

Robert J. Hansen rjh at sixdemonbag.org
Mon Oct 21 21:11:50 CEST 2019

>> GnuPG has steadfastly refused to create an OpenPGP library programmers
>> can use directly,
> I was under the impression that gpgme is just such a library.

It is not.  Under the hood, GPGME works by launching an entirely new
process and directing it via interprocess communication.

Hopefully this puts the rest of my paragraph in perspective:

"... on the grounds that security is improved by adding
process separation between the application process and the GnuPG
process.  There's a lot to be said for this argument.  There's a lot to
be said for the counterargument: that the additional complexity involved
in communicating across a process boundary turns it into a false savings."

Regardless of whether you interface with GnuPG directly (as Enigmail
does) or through a library (as GPGME-using applications do), you're
still running GnuPG in a separate process and communicating across a
process boundary.

More information about the Gnupg-users mailing list