Subject: Re: NetBSD and the Google "Summer of Code" Summary
To: Jan Schaumann <>
From: Matthias Buelow <>
List: netbsd-users
Date: 10/17/2005 18:42:36
Jan Schaumann wrote:

> 	BPG, the BSD Privacy Guard, is a BSD-licensed program that
> 	performs authentication and encryption using the OpenPGP standard
> 	(RFC 2440).  The BPG project's goals were to produce:
> 	* A set of libraries for signing and encrypting data, allowing the
> 	  integration of OpenPGP features in other applications.

What is the rationale behind this? I assume you are aware of entry #4.16
in the GnuPG FAQ, "Can't we have a gpg library?"?

While I don't know the whole argumentation against a PGP library, one
(imho) strong argument is that a library would load the decrypted secret
key into any random application's memory that uses pgp functionality
(like a mail reader), while with a separate pgp/gpg binary, it will
reside only in the address space of the pgp/gpg program, which has been
designed (and carefully checked/hardened) for this situation.