** EasyPG avoides potential security flaws of Emacs.
-*** `call-process-region' writes data in region to a temporary file.
+*** `call-process-region' writes data in region to temporary files.
-PGG and gpg.el use `call-process-region' to communicate with a gpg
-subprocess. Your passphrases may leak to the filesystem.
+`call-process-region' writes data in region to temporary files. PGG
+and gpg.el use `call-process-region' to communicate with a gpg
+subprocess. Your passphrases leak to the filesystem!
*** There is no way to clear strings safely.
If Emacs crashed and dumps core, passphrase strings in memory are also
-dumped with the core file. `read-passwd' function clears passphrase
-strings by `(fillarray string 0)'. However, it is not perfect. Emacs
-does compaction of small strings in gc_sweep phase. If GC happens
-before `fillarray', passphrase strings may be copied elsewhere in
-memory. So, it is recommended that if you are done with passphrase
-you should clear it manually. However, PGG and gpg.el enables
-passphrase caching by default.
+dumped within the core file. `read-passwd' function clears passphrase
+strings by `(fillarray string 0)'. However, Emacs performs compaction
+in gc_sweep phase. If GC happens before `fillarray', passphrase
+strings may be moved elsewhere in memory. It is recommended that as
+soon as you are done with passphrase you should clear it manually.
+However, PGG and gpg.el can keep passphrase strings in cache for a
+while and this behavior is their default!
** Most GnuPG features are accessible from Emacs
-As the name indicates, EasyPG is inspired by GPGME (GnuPG Made Easy),
-and the library interface is close to GPGME.
+Other competitors provide only specific features of GnuPG. As the
+name indicates, EasyPG is inspired by GPGME (GnuPG Made Easy), and the
+library interface is close to GPGME. With EasyPG you can handle
+binary messages, sign/encrypt combined messages, etc.
projects / elisp / epg.git / commitdiff