Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Crypt::OpenPGP suitable for production?

by rah (Monk)
on Mar 14, 2002 at 03:06 UTC ( [id://151589]=perlquestion: print w/replies, xml ) Need Help??

rah has asked for the wisdom of the Perl Monks concerning the following question:

Anyone know if Crypt::OpenPGP is suitable for use in a production environment?

We have one client that bought the PGP Software commercial version (pretty steep for a free standard). My company seems to think a "supported" 3rd party product is the way to go, even though there is so much of our code wrapped around the commercial stuff, the vendors are almost never any help.

But I digress. This will use PGP to encrypt email that gets cranked out at a pretty good pace. We have a perl script that filters whether delievery should be by email, ftp, FAX, etc. I'm thinking it would be reasonably simple to plug OpenPGP into this at no cost.

Is it (Crypt::OpenPGP) robust enough? Are the PGP standards standard enough that we'll be compatible with what's on the other end (and beyond our control). Thoughts/comments would be appreciated.

TIA, Rich

  • Comment on Crypt::OpenPGP suitable for production?

Replies are listed 'Best First'.
Re: Crypt::OpenPGP suitable for production?
by derby (Abbot) on Mar 14, 2002 at 12:55 UTC
    rah,

    While I've never specifically used OpenPGP or Crypt::OpenPGP, I have used GnuPG and GPG. Sine both OpenPGP and GnuPG are implementations of RFC 2440 they should work in a very similar/compatible fashion. As for being compatible at the other end, check out section 5.1 of the GnuPG FAQ

    I do use GnuPG in a production environment but unlike you, I do not need to use it with the outside world. The outside world connects to our site via https, I then store their data using GnuPG - one keyring for the webserver and another for a report generator. The webserver uses the report generators public key. The report generators keyring is stored on removable media. If there's any compromise of the webserver and database server, the data is still relatively safe.

    -derby

    update: I knew there was something I forgot about. You can tell your management relying on third party commercial support is not all it's cracked up to be. Looks like NAI is going to let PGP wither and die on the vine and even PhilZ is suggesting a move to open source it ala OpenPGP.

      Thanks Derby. I had heard NAI was trying to enforce the license they hold on PGP. I don't think it's possible, because it was "out there" for so long and had originally been distributed with (I think) the GPL license. I will look into GnuPG.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://151589]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (3)
As of 2024-12-07 20:05 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Which IDE have you been most impressed by?













    Results (50 votes). Check out past polls.