Hi Wyllys--
On Mon 2019-12-02 17:27:09 -0500, Wyllys Ingersoll wrote:
Does anyone have a good estimate of how many command-line oriented OpenPGP
applications are actually in use beyond GnuPG?
In practice today, GnuPG is certainly the standard. But rnp (from
Ribose) and sq (from Sequoia) are two other CLI OpenPGP mechanisms; and
hopenpgp-tools 0.22 implements a piece of sop already (as "hop"). And
i've been working on a command-line interface in python based on PGPy as
well. Maybe there are others? I don't know whether anyone has built a
CLI tool atop (for example) OpenPGP.js.
But if you look at the design of sop, it's also intended to hint at an
underlying API that doesn't need to be strictly CLI-driven. As
https://tools.ietf.org/id/draft-dkg-openpgp-stateless-cli-01.html says:
While this document identifies a command-line interface, the rough
outlines of this interface should also be amenable to relatively
straightforward library implementations in different languages.
If an OpenPGP toolkit can orient itself toward making a simple CLI
interface like sop, it will hopefully also be able to provide an
idiomatic library interface that aligns pretty closely with the same
simplifications.
But even if this proposal doesn't end up being explicitly functional in
applications, it still represents a useful frame for an interoperability
test suite, which is useful in terms of ensuring that we can upgrade the
ecosystem.
So, i think your question is a good one, but i hope that people can see
this effort as a useful stepping stone toward a healthier OpenPGP
ecosystem more generally.
--dkg
PS as far as GnuPG goes, note that more than half of the gpg
command-line interface surface complexity is devoted to key
management, none of which is exposed in sop. I hope people don't see
sop as a replacement for all of that stuff!
signature.asc
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp