gpg Feature request: merge gpg.exe and gpgsm.exe into one tool

Peter Lebbing peter at digitalbrains.com
Sat Apr 19 15:15:24 CEST 2014


On 19/04/14 13:34, Thomas Schittli wrote:
> please merge the functions of gpg.exe and pgpsm.exe into one application.

Don't most applications that support/use GnuPG use OpenPGP signatures? If you
would want to have signatures made by X.509 certs, the application needs to
understand CMS (S/MIME is one form of CMS) unless it is agnostic about it. Being
agnostic about it might be implementable in many scenarios, obtaining the signed
text from GPGME. I just read[1] that a GPGME backend for CMS is already
developed, so if an application uses GPGME (or some as yet unreleased version of
GPGME) in the appropriate way, it might already benefit from both OpenPGP and
CMS/X.509.

But it boils down to: I don't think you can just change stuff on the GnuPG end
and expect the programs that use GnuPG to be able to handle the different format
produced.

Maybe a different feature request would be: use the X.509 certificates and trust
model in an OpenPGP context. That way, programs using GnuPG only ever see
OpenPGP messages. But that feature request (or one very similar) has recently
been done, and I can't remember seeing any acknowledgement of that. I myself
commented that I'd rather see CMS use a better trust model than porting the
X.509 trust model to OpenPGP: it's the wrong away around in my opinion.

HTH,

Peter.

[1] http://www.gnupg.org/related_software/gpgme/

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list