Any UNIX API for GPG available?

Werner Koch wk at gnupg.org
Sun Jun 28 13:30:47 CEST 2009


On Fri, 26 Jun 2009 14:46, mearns.b at gmail.com said:

> Perhaps inelegant was a little off the mark: how about inefficient?

It is not inefficient in most cases.  Public key crypto or crypting large
amounts of data takes its time and thus the overhead of fork/exec is
barely noticeable.

Checking a log of signatures or decrypting may small files might race a
performance issue but nobody has yet run into such a problem.  At least
not that hard that he started to improve the IPC used by GPGME and GPG.

Note that GPGSM is already running as a coprocess to the GPGME process
in some cases.  That remove the fork/exec overhead.  We plan to improve
that even further and implement the same in GPG.  It is quite some work
because GPG has not been written for such a mode of operation and we
need to pass context data down to all functions and make sure that
memory allocations are manage appropriately.

> back into data structs and stuff. There's this whole long step in the
> middle that is essentially like climbing a set of stairs, then walking
> back down.

That's not part of the GPGME API and thus irrelevant to the GPGME user.
GPGME provides a stable API to crypto functions.  This is the most
important feature for solid software engineering.

> The other thing that bothers me is that as a programmer, I know a well
> written program shouldn't be too difficult to abstract into a library.

Writing a library with a useful API is a *very hard* thing to do.

If you don't believe that, please go out and read about API and design
and proper implementation of DSOs.  IIRC the latest CACM issue had and
article on this or referred to such article.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.




More information about the Gnupg-users mailing list