KGPG home page
Home page | Download | Screenshots | Install | Security | Bugs | Changelog | Documentation

Security concerns:

I am not a professional developper. I tried to make Kgpg as secure as possible, but there may be holes. This is an open source project, so if you want to check by yourself, just do it.
Nevertheless, you should know that:
kgpg never writes any unencrypted data to disk unless the user asks it.
No passphrase is ever written to disk nor to temp file.

How it works:
Kgpg mostly issues commands to gpg using a KProcIO process like: 
 KProcIO *proc=new KProcIO();
*proc<<"gpg"<<args;
 QObject::connect(proc, SIGNAL(processExited(KProcess *)),this, SLOT(slotGpgOver(KProcess *)));
 proc->start(KProcess::NotifyOnExit);
The passphrases are beeing piped using the following code: 
   FILE *pass;
   int ppass[2];
 
  pipe(ppass);
  pass = fdopen(ppass[1], "w");
  fwrite(password, sizeof(char), strlen(password), pass);
  fwrite("\n", sizeof(char), 1, pass);
  fclose(pass);
If you have a good C++ knowledge & think there is a better/safer solution, just let me know :)