[Ml-yokadi] New feature : encryption
Sébastien Renard
Sebastien.Renard at digitalfox.org
Sat Aug 15 13:00:30 CEST 2009
Le vendredi 14 août 2009 23:42:38, Aurélien Gâteau a écrit :
> Sébastien Renard wrote:
> > Hello,
> >
> > On the "crypt" branch you'll find a new feature for yokadi : encryption.
> > You can encrypt task title (I plan to add encryption on task description
> > soon).
> >
> > Encryption is done in a symmetric way with GnuPG.
>
> Overall it looks great, but I am a bit worried about using GnuPG as a
> subprocess: it does not sound very portable. Wouldn't it be better to
> use a module like python-crypto [1] or PyMe [2] instead?
I looked at those modules but found them quite huge and bloat for such a
simple things.
Pycrypto does not have any release from his new maintainer and discourage user
to use it in production. His speech about non contribution from US citizen is
also hassle.
Pyme seems much more interesting. It is quite huge (gpgme libs and 2000 lines
of code)... whereas cryptutils.py is just 60 lines of code. Those libs manage
all kind crypto and key management that we don't really need.
But I have to admit that I am also worried about portability (all unices
should be ok but windows...) and security concerns. For the last point, I took
caution not to write clear data even to temp file. The only exception is the
tui.edit function but it would be the same issu whatever the crypto backend
you choose.
I will look closer to pyme as gpgme is packaged by all pajor distribution. But
pyme is not.. and you need C compiler & swig to compile it.
As the cryptoutils is very thin and simple from an API point of view, we could
also have a pyme support for people who have it and internal GnuPG fallback
for others.
--
Sébastien
More information about the Ml-yokadi
mailing list