[cryptography] OpenPGP in Python: Security evaluations?
meskio at sindominio.net
Tue Apr 21 12:16:36 EDT 2015
Quoting Fabio Pietrosanti (naif) - lists (2015-04-21 12:34:39)
> for any developer willing to use OpenPGP with a python developed
> application currently the main choice is to go with python-gnupg, that's
> a wrapper on top of GnuPG binary (https://pythonhosted.org/python-gnupg/).
There is a fork of this project that tries to fix some security concerns of it:
I think mailpile also has their own gnupg wrapper in python, but AFAIK is not a
library that can be reused.
> That's architecturally a very bad choice, plenty of constraint (for
> example you need to enable "/bin/sh" execution under apparmor sandboxing
> profile of a python application under Linux).
> Currently there are only two pure-python OpenPGP implementation:
> * PGPy: https://github.com/SecurityInnovation/PGPy
> * OpenPGP-Python: https://github.com/singpolyma/OpenPGP-Python
If you are searching just for a OpenPGP parser there is also this one:
> Both stacks rely on Python Cryptography for Cryptographic primitives
> implementations https://pypi.python.org/pypi/cryptography .
> We're considering switching away from GnuPG for the server-side PGP
> processing and would like to ask an opinion to the list about those
> Are there anyone engaging in metrics to evaluate the security of an
> OpenPGP implementation and/or already evaluated PGPy/OpenPGP-Python ?
I'll be interested too to know if there is any of that, I didn't have a look in
depth to anything besides Isis's python-gnupg.
Ruben Pollan | http://meskio.net/
My contact info: http://meskio.net/crypto.txt
Nos vamos a Croatan.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
More information about the cryptography