Hi Markus,
On 1/24/2019 5:45 AM, Markus Vetsch wrote:
Hello,
we have integrated GnuPG via command line interface into our Windows client &
server C#.NET application.
We are aware that the recommended way to interact with GnuPG is the library
GnuPG ME.
That's why we would like to switch for better stability and robustness our
C#.NET code base to the usage of GnuPG ME API, as we are facing several
disturbing issues in a production environment caused by the command line
interface calls and the fact that we don't have full control of the called
processes.
Our crypto system requires support for both OpenPGP and CMS (S/MIME).
The GnuPG version in use on our side is 2.1.1.18.
Our research in this topic has detected that there already exists an OpenSource
C#.NET project wrapping the native C calls from libgpgme-xx.dll.
However, the development state of this project indicates that the native calls
(method signatures and corresponding data structres) target version 1.1.6 of
the libgpgme-xx.dll.
https://github.com/wget/gpgme-sharp
I came across this project (altho not this particular fork) in my search
a few years ago myself and it seemed to be a dead project. Looks like
this past year they changed the license from LGPL to MIT.
The main problem I had was that this library was tied to a 32-bit
version of libgpgme.dll which didn't fit my needs seeing as how I was
working on an open source S/MIME & PGP/MIME library:
https://github.com/jstedfast/MimeKit
I ended up having to use the BouncyCastle crypto library instead (that
may be what you guys are already using?).
At the time, GnuPG 2.0.x was what all the distros were shipping and was
what most Mac and Windows users were also using, so I was able to
implement code to load the user's gpg.conf and keyrings. Unfortunately,
the file format changed with GnuPG 2.1.x and I have not yet been able to
figure out how to load the user's keyrings anymore.
That said, MimeKit can read exported keyrings from gpg 2.1.x. I'm not
sure if that is at all helpful to you or not...
For us as non C experts, it looks like an awful lot of work to extend this
library for our purpose to match a newer target version of GnuPG ME.
Our prerequisite is, that our software is developed for commercial use and thus
our time/budget resources are strictly limited.
Therefore, we have now the following questions:
1. Are you aware of any other commercial / OpenSource projects in .NET that
could support us?
As I mentioned above, MimeKit is probably your only Open Source
alternative (but, as I noted above, my library does not use GnuPG directly).
As far as commercial goes, you could look at Rebex
(https://www.rebex.net/secure-mail.net/features/s-mime.aspx) and
IP*Works (https://www.nsoftware.com/ipworks/smime/), although they have
their own crypto libraries and do not make any use of GnuPG as far as
I'm aware.
2. Which version of libgpgme-xx.dll is compatible to version 2.1.1.18 of GnuPG
tool suite? Is this version 1.9.0 or version 1.7.0 according to the release
news on page https://www.gnupg.org/news.html?
I'm pretty sure that 1.7 is compat (my
https://github.com/jstedfast/gmime c-library depends only on gpgme 1.7
and works with gnupg 2.1.x).
3. What are the preqrequisites (paths) to build C++ sources of GnuPG ME in
Visual Studio for Windows 32 bit platforms? How do we manage to build the
sources otherwise on command line?
This is something I can't answer because I've never built GPGME on Windows.
Hope my answer has been at least somewhat helpful, altho I'm sure it's
not quite the answer you were hoping for :(
Jeff
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
