[Ml-yokadi] New feature : encryption
Aurélien Gâteau
aurelien.gateau at free.fr
Sat Aug 15 15:17:29 CEST 2009
Sébastien Renard wrote:
> Le vendredi 14 août 2009 23:42:38, Aurélien Gâteau a écrit :
>> Sébastien Renard wrote:
>>> Hello,
>>>
>>> On the "crypt" branch you'll find a new feature for yokadi : encryption.
>>> You can encrypt task title (I plan to add encryption on task description
>>> soon).
>>>
>>> Encryption is done in a symmetric way with GnuPG.
>> Overall it looks great, but I am a bit worried about using GnuPG as a
>> subprocess: it does not sound very portable. Wouldn't it be better to
>> use a module like python-crypto [1] or PyMe [2] instead?
>
> I looked at those modules but found them quite huge and bloat for such a
> simple things.
> Pycrypto does not have any release from his new maintainer and discourage user
> to use it in production. His speech about non contribution from US citizen is
> also hassle.
>
> Pyme seems much more interesting. It is quite huge (gpgme libs and 2000 lines
> of code)... whereas cryptutils.py is just 60 lines of code. Those libs manage
> all kind crypto and key management that we don't really need.
>
> But I have to admit that I am also worried about portability (all unices
> should be ok but windows...) and security concerns. For the last point, I took
> caution not to write clear data even to temp file. The only exception is the
> tui.edit function but it would be the same issu whatever the crypto backend
> you choose.
I realized those modules are huge because they bind the whole gpg
library. We don't need that much I think: we only need a symmetric
cryptographic algorithm. This means we could use a module like NCrypt
[1] which only depends on openssl.
>
> I will look closer to pyme as gpgme is packaged by all pajor distribution. But
> pyme is not.. and you need C compiler & swig to compile it.
It is in Ubuntu at least :).
Aurélien
[1]: http://tachyon.in/ncrypt/
More information about the Ml-yokadi
mailing list