Mailing List Archive

Re: Oracle behavior in Gnupg? //
On Mon, 30 Jul 2012 16:59, said:

> it? If so, then I'd suggest that a "quiet" execution be performed that
> way only the exit code can be used that it's failure.

You should not rely on the exit code but parse all the information
returned by GPG. GPGME makes this easy.

Given that GPG is just a tool and not a complete automated cryptographic
system, the developer needs to care about certain attacks by himself.
There are several points to watch out for, not only oracle attacks, but
for example also replay attacks.



Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.

Gnupg-users mailing list