On Freitag, 23. Oktober 2020 21:48:49 CEST Hammett, Rich via Gnupg-users wrote: > Is there a guide anywhere for what versions of GnuPG are supported by what > versions of GPGME?
Check the documentation of gpgme. The README of the current version reads "For support of the OpenPGP and the CMS protocols, you should use the latest version of GnuPG (>= 2.1.18) , available at: https://gnupg.org/ftp/gcrypt/gnupg/."; Note that GnuPG 2.1.x is no longer supported (even if it might still work with gpgme). In general, old functionality in gpgme that worked with an old version of GnuPG should still work with the latest version of gpgme, but there are no guarantees. New functionality of gpgme usually is only developed to work with the current GnuPG release (because often the new gpgme API needs new internal API in GnuPG and its helpers). So, if possible, use the most recent GnuPG 2.2 release with the most recent release of gpgme. > I only need encryption and decryption as part of an automated software > framework, and I’m trying to migrate from an existing toolset that uses > GnuPG v1.4 and python-gnupg. Note that gpgme now includes the Python bindings. > We need to be able to pgp encrypt and decrypt > without human interaction. I’m working through the various ways to move up > to more current software, and latest GPGME with latest GnuPG is probably > the best, if I can figure out the python bindings and if GnuPG works with > pinentry for automated decryption. I suggest to check out the tests of the Python bindings, in particular, t-decrypt.py and t-callbacks.py (for passphrase callbacks). A common recommendation on this list is to use a passphrase-less secret key for automated decryption because this isn't really less secure than storing the passphrase in cleartext in some script file next to the secret key. Another approach is to inject the passphrase into gpg-agent's passphrase cache with an unlimited (or near unlimited) expiration time. The latter approach requires human interaction (or scripted interaction from another system) for entering the passphrase into the cache after every restart of gpg-agent (e.g. after a system reboot) and is obviously much more error-prone than a passphrase-less key. > Any tips, any good documents out there? Are there archives of this list > somewhere, or is that private for the same reason the subscribers’ list > is? The archive of this list is available via the link at the bottom of this message (which is added automatically by the mailing list). Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
