Subject: bpg request for comments
To: None <>
From: Manuel Freire <>
List: tech-security
Date: 07/18/2005 01:59:40

I'm developing the application bpg, a BSD-licensed privacy guard, within
the Google's Summer of Code. As I told you in a previous message, I'd
like to discuss in this list our opinions about the best way to afford
the different stages of the project.

Firstly, a quick explanation about its design before throwing the first
questions. The functionallity of the program is stored in three modules:
the main one with the OpenPGP functions (encrypt, sign, ...), another
for key management and the third one for algorithms. The first one is
currently being implemented, and the third (algorithms) will be a very
thin layer connecting bpg with OpenSSL. The code (at least modules one
and three) will be stored in libraries, disassembling the functionallity
from the user interfaces, and allowing its use in other programs.

I'm thinking about the best option for the key management, and that's
one of the things I want to ask you today: do you see any problem in
using ssh for key management? As far as I know it's perfectly feasible,
and it would also centralize the public keys management of the system.

The second question of the day is about the user interface. There will
be two different ones, the first for encrypt, sign, etcetera and the
second for key management (which can be the ssh one if finally used).
What do you think is the best way to design the comman-line interface
for the first one?. My view: 'bpg' command, working as a filter
(stdin/stdout or files for input and output), with the following syntax:

$ bpg {encrypt | sign | decrypt | verify | <whatever...>} [options]

Thanks a lot in advance for your time and attention!

Manuel Freire

P.S.: Pointing out errata in my English will be thanked from now on :-).