Re: [PATCH] Add GPG compatible symmetric encryption command

[Ted Zlatanov]

On Fri, 07 Feb 2014 17:36:32 +0900 Daiki Ueno <address@hidden> wrote: 

DU> AFAICS, only real use-case is a symmetric encryption facility without
DU> invoking a subprocess, as Lars said.  This patch tries to add a command
DU> for it.

I mentioned many others, and so have other users.  I'm sorry if you find
it hard to believe our other use cases.

DU> This is not intended for inclusion (at the moment, at least), but wanted
DU> to show the fact: one would need fair amount of work to implement a
DU> simple and reasonably secure encryption function, even if raw encryption
DU> primitives are available.  So, decrypt function is currently missing on
DU> purpose (now that encryption is available, it is not hard to implement -
DU> just do reverse), and not too secure as it uses `random'.
...
DU> This is what I suggested to him before, he agreed, but has never been
DU> realized.  To be honest, I doubt that this feature is generally useful
DU> (maybe only Ted and his auth-source.el users are complaining?) and still
DU> prefer EPG because of security, but I'm tired with the repeated
DU> nonsensical discussions with them.

I'm thankful for your attention to users' needs and willingness to try
finding a solution.  I wrote similar integration code in my original
libnettle patch and am sure it could use similar thoroughness.  I have
no reason to oppose using EPG functions to wrap the crypto primitives.

But I don't see how it affects my request to include the crypto
primitives from GnuTLS/libnettle/libhogweed, since you've already argued
the integration work is hard and needs expert attention.  Does your
patch make my request less pertinent?

Sorry if I'm misunderstanding.

Ted