AW: AW: AW: AW: Efail or OpenPGP is safer than S/MIME
Werner Koch
wk at gnupg.org
Thu May 17 21:01:23 CEST 2018
On Thu, 17 May 2018 13:11, Roman.Fiedler at ait.ac.at said:
> How could that work together with the memory based "wipe" approach, you envisioned in your message https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060379.html , last paragraph?
Tha is a different layer. Basically a part of a MUA. That feature
would be a safenet in case the actual MUA part does not check return
codes from GPGME. GPGME has several types of data objects
- Memory based
- File based
- File descriptor based
- Callback based
For the first two we can clear the memory or delete the file in case of
an error and before we return to the caller. It is actually a bit
complicate to implement because gpgme allows for synchornous and
asynchronous operation and for the latter we have not yet a way to
associate the data object with context.
> Would that imply, that using e.g. "--output /proc/self/3" would
> implicitly change the security behavior of gpg, e.g. by switching from
> "output before validation" model to "validation before output" model
No, gpg has no idea about this. It only aware whether it is working on
a named file or on a file descriptor (which also includes a pipe)
Shalom-Salam,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180517/12870a8a/attachment-0001.sig>
More information about the Gnupg-users
mailing list