[jdev] Re: GNUPG as DLL

Michal vorner Vaner michal.vaner at kdemail.net
Mon Apr 24 13:47:21 CDT 2006


On Mon, Apr 24, 2006 at 10:09:53PM +0400, George Hazan wrote:
>   Hello, Michal!
>   Mon, 24 Apr 2006 17:17:47 +0200 you wrote:
> 
> >>>>Even on a PIV/2800 with 1GB RAM it takes about 200-300 msec to launch
> >>>>the gnupg.exe and process its result.
> MvV>>> Than the system (windows) should be rewritten, not the program.
> >>If the antivirus usage is a corporate policy, you can't change anything.
> >>And that AV checks every starting program, agree?
> MvV> Then the problem still is not in the exe, right?
> 
> Surely it is. From almost all points of view calling EXE only causes a lot 
> of absolutely useless activity: you should initialize all keyrings, verify 
> users, signatures etc. every time you run a program, instead of the single 
> context creation, which can work then for hours.

Well, if I know, it verifies only the needed ones, not all, and when it
uses the key.

And, anyway, I think the time to load is not caused by the EXE, but by
the antivirus you speak about. And the encryption itself is much more
time consuming than the loading, at last without the antivirus you speak
about.

> MvV> You guess, it obeys one of the unix rules - one task = one program.
> 
> Fortunately not all program authors follow this rule even under unix :) 
> That's why we have zlib, libssl, libpng, etc.

But they do not do anything, they are tool. This one does. And could you
imagine, what would happen, if you started up this library, loaded the
keys and let it running. Then you just marked a key as untrusted. What
would happen? It would make some kind of data corrupt, or in the best
case, would take the key still as trusted.

> MvV> I do not thing the authors will want to disobey this rule because of
> MvV> your, not too well acting, system.
> 
> Neither me nor my users don't use unices. I have to find the solution for 
> that concrete situation, and I just asked for some help... If there would 
> be another free library which can help me to encrypt messages, I'll be glad 
> to use it, but right now I've found only GNUPG.
> 
> MvV> By the way, there is something like PGP, which I think provides a lib.
> 
> Yes, but PGP Desktop (which includes a very useful DLL) is the commercial 
> software. It would be quite strange to force users to pay money to be able 
> to use a freeware, right?

Well, I already have seen this somewhere, I do not remember what client
id did.


You can have one preloaded instance of gpg running, after use, in the
background, preload another (it would be fast enought), or encrypt on
background, while user is typping and send after the, quite small delay,
but letting him write the new one.

By the way, I somehow managed to get into some internal shell of it,
maybe it supports encrypting messages and not turning it off, but I do
not know for sure and I do not remember the switch.


Anyway, GPG was designed to run under UNIX systems, where launching a
binary is really fast (it has to be, since many good application use
external programs for different actions, which menas configurability and
not duplexing of code) and then it was ported to windows. Windows is not
the main target platform for this, as I guess. (It is used from
commandline, for example, which is quite a problem there)

-- 

NAT should extinkt like dinosaurs did.

Michal "vorner" Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/jdev/attachments/20060424/f74bcc3c/attachment-0002.pgp>


More information about the JDev mailing list