[cryptography] OpenPGP in Python: Security evaluations?
jdowney at gmail.com
Tue Apr 21 08:41:54 EDT 2015
This doesn't answer your question but GnuPG has a library interface called
GPGME, or GPG Made Easy. To quote the GnuPG site, "GPGME is the standard
library to access GnuPG functions from programming languages."
Can you use one of the Python bindings to GPGME?
On Tue, Apr 21, 2015 at 5:34 AM Fabio Pietrosanti (naif) - lists <
lists at infosecurity.ch> wrote:
> Hi all,
> for any developer willing to use OpenPGP with a python developed
> application currently the main choice is to go with python-gnupg, that's
> a wrapper on top of GnuPG binary (https://pythonhosted.org/python-gnupg/).
> That's architecturally a very bad choice, plenty of constraint (for
> example you need to enable "/bin/sh" execution under apparmor sandboxing
> profile of a python application under Linux).
> Currently there are only two pure-python OpenPGP implementation:
> * PGPy: https://github.com/SecurityInnovation/PGPy
> * OpenPGP-Python: https://github.com/singpolyma/OpenPGP-Python
> Both stacks rely on Python Cryptography for Cryptographic primitives
> implementations https://pypi.python.org/pypi/cryptography .
> We're considering switching away from GnuPG for the server-side PGP
> processing and would like to ask an opinion to the list about those
> Are there anyone engaging in metrics to evaluate the security of an
> OpenPGP implementation and/or already evaluated PGPy/OpenPGP-Python ?
> Fabio Pietrosanti (naif)
> HERMES - Center for Transparency and Digital Human Rights
> http://logioshermes.org - https://globaleaks.org - https://tor2web.org -
> cryptography mailing list
> cryptography at randombit.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography