[cryptography] OpenPGP in Python: Security evaluations?

Paul Wouters paul at cypherpunks.ca
Thu Apr 23 08:30:26 EDT 2015

On Thu, 23 Apr 2015, stef wrote:

> On Thu, Apr 23, 2015 at 08:25:14AM +0200, Fabio Pietrosanti (naif) - lists wrote:
>> Everyone, including GlobaLeaks, is using python-gnupg wrapper but that's
>> an HORRIBLE software design choice (having a wrapper that fire an
>> executable) and we want to fix that.
> from what aspect do you consider this broken?
> considering the fine research of Eran Tromer i'd say that what you are up to
> seems to break things more than they were before you started "fixing" things.

Having used python-gnupg as the engine for openpgpkey-milter, I can
say that I'm not a big fan of python-gnupg (not to be confused with
python-gnupg from the freebsd ports selection which is a completely
different thing under the same name)

It's character encoding defaults are terrible, breaking every practical
key ring that has a non-ascii character in it. It is lacking many
gpg options (I had to add three, which at least did get merged into
upstream but it took 6+ months)


More information about the cryptography mailing list