[cryptography] OpenPGP in Python: Security evaluations?

Werner Koch wk at gnupg.org
Fri Jun 12 15:14:36 EDT 2015


On Fri, 12 Jun 2015 12:39, lists at infosecurity.ch said:

> Regarding GPGME, is it really exec()uting the gpg binary or is it
> calling directly the gpg as a library?

Sure it does fork/exec.  However, gpgsm is run as a co-process and thus
there is only one fork/exec for a bunch of operations (descriptor
passing is use for the bulk of data).  That can also be implemented for
gpg but we have not yet seen a use case which really demands that - thus
changing this for gpg has a low priority.  (gpgsm uses this because it
is newer than libgpgme and thus could be designed with the co-process in
mind).


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.



More information about the cryptography mailing list