in reply to Crypt::OpenPGP suitable for production?

rah,

While I've never specifically used OpenPGP or Crypt::OpenPGP, I have used GnuPG and GPG. Sine both OpenPGP and GnuPG are implementations of RFC 2440 they should work in a very similar/compatible fashion. As for being compatible at the other end, check out section 5.1 of the GnuPG FAQ

I do use GnuPG in a production environment but unlike you, I do not need to use it with the outside world. The outside world connects to our site via https, I then store their data using GnuPG - one keyring for the webserver and another for a report generator. The webserver uses the report generators public key. The report generators keyring is stored on removable media. If there's any compromise of the webserver and database server, the data is still relatively safe.

-derby

update: I knew there was something I forgot about. You can tell your management relying on third party commercial support is not all it's cracked up to be. Looks like NAI is going to let PGP wither and die on the vine and even PhilZ is suggesting a move to open source it ala OpenPGP.

  • Comment on Re: Crypt::OpenPGP suitable for production?

Replies are listed 'Best First'.
Re: Re: Crypt::OpenPGP suitable for production?
by rah (Monk) on Mar 15, 2002 at 03:16 UTC
    Thanks Derby. I had heard NAI was trying to enforce the license they hold on PGP. I don't think it's possible, because it was "out there" for so long and had originally been distributed with (I think) the GPL license. I will look into GnuPG.
[reply]

In Section Seekers of Perl Wisdom