>> GnuPG has steadfastly refused to create an OpenPGP library programmers >> can use directly, > > I was under the impression that gpgme is just such a library.
It is not. Under the hood, GPGME works by launching an entirely new process and directing it via interprocess communication. Hopefully this puts the rest of my paragraph in perspective: "... on the grounds that security is improved by adding process separation between the application process and the GnuPG process. There's a lot to be said for this argument. There's a lot to be said for the counterargument: that the additional complexity involved in communicating across a process boundary turns it into a false savings." Regardless of whether you interface with GnuPG directly (as Enigmail does) or through a library (as GPGME-using applications do), you're still running GnuPG in a separate process and communicating across a process boundary. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users