[cryptography] OpenPGP in Python: Security evaluations?

Fabio Pietrosanti (naif) - lists lists at infosecurity.ch
Tue Apr 21 06:34:39 EDT 2015

Hi all,

for any developer willing to use OpenPGP with a python developed
application currently the main choice is to go with python-gnupg, that's
a wrapper on top of GnuPG binary (https://pythonhosted.org/python-gnupg/).

That's architecturally a very bad choice, plenty of constraint (for
example you need to enable "/bin/sh" execution under apparmor sandboxing
profile of a python application under Linux).

Currently there are only two pure-python OpenPGP implementation:

* PGPy: https://github.com/SecurityInnovation/PGPy

* OpenPGP-Python: https://github.com/singpolyma/OpenPGP-Python

Both stacks rely on Python Cryptography for Cryptographic primitives
implementations https://pypi.python.org/pypi/cryptography .

We're considering switching away from GnuPG for the server-side PGP
processing and would like to ask an opinion to the list about those

Are there anyone engaging in metrics to evaluate the security of an
OpenPGP implementation and/or already evaluated PGPy/OpenPGP-Python ?

Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - https://globaleaks.org - https://tor2web.org -

More information about the cryptography mailing list