Peter Lebbing <pe...@digitalbrains.com> wrote: >On 22/11/16 17:20, Carola Grunwald wrote: >> They don't have any system account at all. These are users of a >> messaging system, only allowed to access its POP3, SMTP and NNTP >> service. > >Perhaps 1.4 is the best release for you... you'll miss out on Elliptic >Curve, but other than that, it's still a supported release.
Sure, I like v1.4's small footprint and its reliability. But as the --faked-system-time option, important in my application for privacy reasons, wasn't backported to v1.4, I had to migrate to v2.1. I'm still not very confident in EC cryptography's strength nor am I interested in dealing with just another background service, which freezes every now and then and actively has to be stopped with my application to keep it portable. > >> They don't have direct access to any key. Nevertheless by using someone >> else's cached passphrase with 2.1 and its all-embracing keyring they may >> succeed in decoding data not meant for them. > >Perhaps you should implement access control in your frontend, instead of >asking the agent to perform access control, for which it was not >intended, AFAIK. There's server access control through a username/password combination, access to the corresponding PGP key is given by a usually unique base64 encoded 256-bit random number dedicated to the account. But if for decryption a cloud of unpredictable valid passphrases is used ... > It sounds like you just want the ability to work with >OpenPGP material, rather than the user-centric model the agent seems to >correspond to. When GnuPG gives you a square peg, you'll have to build >your own adapter before it fits in a round hole ;). Well, I didn't know that GnuPG follows a single-user strategy. Now I do. > >By the way, I'm not recommending anything (this in response to your "do >you seriously recommend..."). I know nothing about your application or >what you demand of it. I'm merely trying to give you directions to look >in, while you search for the correct architecture of your application. I'm truly sorry, no harm intended. Kind regards Caro _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
