[jdev] Re: GNUPG as DLL

Mon Apr 24 14:17:12 CDT 2006

Hi,

BouncyCastle (BC) is supposed to handle PGP.
If you don't mind interfacing to a Java library, you could let BC  
handle your encryption on the fly.

http://www.bouncycastle.org

Regards,
Cedric

Le 24 avr. 06 à 20:47, Michal vorner Vaner a écrit :

> On Mon, Apr 24, 2006 at 10:09:53PM +0400, George Hazan wrote:
>>   Hello, Michal!
>>   Mon, 24 Apr 2006 17:17:47 +0200 you wrote:
>>
>>>>>> Even on a PIV/2800 with 1GB RAM it takes about 200-300 msec to  
>>>>>> launch
>>>>>> the gnupg.exe and process its result.
>> MvV>>> Than the system (windows) should be rewritten, not the  
>> program.
>>>> If the antivirus usage is a corporate policy, you can't change  
>>>> anything.
>>>> And that AV checks every starting program, agree?
>> MvV> Then the problem still is not in the exe, right?
>>
>> Surely it is. From almost all points of view calling EXE only  
>> causes a lot
>> of absolutely useless activity: you should initialize all  
>> keyrings, verify
>> users, signatures etc. every time you run a program, instead of  
>> the single
>> context creation, which can work then for hours.
>
> Well, if I know, it verifies only the needed ones, not all, and  
> when it
> uses the key.
>
> And, anyway, I think the time to load is not caused by the EXE, but by
> the antivirus you speak about. And the encryption itself is much more
> time consuming than the loading, at last without the antivirus you  
> speak
> about.
>
>> MvV> You guess, it obeys one of the unix rules - one task = one  
>> program.
>>
>> Fortunately not all program authors follow this rule even under  
>> unix :)
>> That's why we have zlib, libssl, libpng, etc.
>
> But they do not do anything, they are tool. This one does. And  
> could you
> imagine, what would happen, if you started up this library, loaded the
> keys and let it running. Then you just marked a key as untrusted. What
> would happen? It would make some kind of data corrupt, or in the best
> case, would take the key still as trusted.
>
>> MvV> I do not thing the authors will want to disobey this rule  
>> because of
>> MvV> your, not too well acting, system.
>>
>> Neither me nor my users don't use unices. I have to find the  
>> solution for
>> that concrete situation, and I just asked for some help... If  
>> there would
>> be another free library which can help me to encrypt messages,  
>> I'll be glad
>> to use it, but right now I've found only GNUPG.
>>
>> MvV> By the way, there is something like PGP, which I think  
>> provides a lib.
>>
>> Yes, but PGP Desktop (which includes a very useful DLL) is the  
>> commercial
>> software. It would be quite strange to force users to pay money to  
>> be able
>> to use a freeware, right?
>
> Well, I already have seen this somewhere, I do not remember what  
> client
> id did.
>
>
> You can have one preloaded instance of gpg running, after use, in the
> background, preload another (it would be fast enought), or encrypt on
> background, while user is typping and send after the, quite small  
> delay,
> but letting him write the new one.
>
> By the way, I somehow managed to get into some internal shell of it,
> maybe it supports encrypting messages and not turning it off, but I do
> not know for sure and I do not remember the switch.
>
>
> Anyway, GPG was designed to run under UNIX systems, where launching a
> binary is really fast (it has to be, since many good application use
> external programs for different actions, which menas  
> configurability and
> not duplexing of code) and then it was ported to windows. Windows  
> is not
> the main target platform for this, as I guess. (It is used from
> commandline, for example, which is quite a problem there)
>
> -- 
>
> NAT should extinkt like dinosaurs did.
>
> Michal "vorner" Vaner