Forum: help-en
Monitor Forum | 
Start New Thread
| RE: GPG4win and OpenSSL [ Reply ] By: Javier Mariani on 2014-04-24 13:38 | [forum:3186] |
|
Thanks all Regards, Javier |
|
| RE: GPG4win and OpenSSL [ Reply ] By: Bernhard Reiter on 2014-04-24 07:17 | [forum:3185] |
|
Hi, Sean is correct in that OpenPGP or CMS(S/MIME) is about files or emails, but not for stream connections. Note that some helper applications of the crypto backend may be able to do ssl connections, e.g. for accessing keyservers. But Gpg4win uses gnutls for these helper functions, see the source packages list and search for tls or ssl: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpg4win.git;a=blob_plain;f=packages/packages.current;hb=HEAD So no use of OpenSSL's SSL functions as far as I know. (Note that OpenSSL's license is incompatible with GnuPG's and Gpg4win's license, so it ought not to be used anyway.) Best Regards, Bernhard |
|
| RE: GPG4win and OpenSSL [ Reply ] By: S C on 2014-04-23 20:26 | [forum:3183] |
|
GPG4Win utilizes "end to end" encryption. That is, files are encrypted *before* they leave the sender's device using the recipient's *public* key. Only the person who has the matching *private* key can decrypt the message. The private key does not need to be shared with anyone and indeed should be kept absolutely safe in a secure location on the recipient's end. GPG4Win does not rely on SSL. See here for more info: http://www.rfc-editor.org/rfc/rfc4880.txt Regards, Sean C. |
|
| GPG4win and OpenSSL [ Reply ] By: Javier Mariani on 2014-04-23 20:17 | [forum:3182] |
|
Hello We are interested to know if GPG4win uses SSL and if it's affected by heartbleed vulnerability (for any versions) Thank you |
|
