gpg --verify detached signature from two file descriptors?

Robert J. Hansen rjh at sixdemonbag.org
Fri Nov 12 13:28:13 CET 2010


On 11/12/2010 12:15 AM, Daniel Kahn Gillmor wrote:
> Or am i misunderstanding your suggestion?

Not really, no.

I am not trying to tell you what your problem really is or how it ought
be solved -- you're the guy who knows the ins and outs of it, after all.
 :)  That said, I will just repeat three well-worn bits of generally
applicable advice:

1.  Don't optimize code that isn't a bottleneck -- there's nothing wrong
with making GnuPG do unnecessary work so long as that part isn't the
bottleneck.

2.  Don't make assumptions about where your code bottlenecks.  Profile it.

3.  GnuPG is a very mature project that's had a lot of people hammering
on it.  Your own code is probably much newer with far fewer people
hammering on it.  "Potentially falling prey to ... bugs in gpg's code"
by making GnuPG be clever about the data pipeline may be safer than
making your code be clever about the data pipeline.



... I don't have any answers for how you might approach this, other than
what I've already mentioned.  Sorry!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5598 bytes
Desc: S/MIME Cryptographic Signature
URL: </pipermail/attachments/20101112/d66aae8e/attachment-0001.bin>


More information about the Gnupg-users mailing list