
Keyringless GnuPG - eaguyhn
https://nullprogram.com/blog/2019/08/09/
======
cperciva
Looks like this does signing but not encryption. Assuming I'm not missing
anything: Is anyone planning on adding the encryption side of things?

------
ndotl
To me, this is another example of functional vs object oriented styles of
programming.

signify is essentially a pure function. It carries no state and the output is
purely a function of its inputs (and a bunch of internal constants).

GnuPG (and indeed music players) are stateful. To some, it may be irritating
to build up that state to do something simple. OTOH, that state is useful if
it's a cache hit and it's annoying to repeatedly pass the same parameters
(i.e., you want to repeatedly do a bunch of ops against the same identity
you've imported).

It's usually easier to write a functional core and wrap it in something
stateful (by currying the arguments) rather than the trying to do the reverse
as the author is doing here.

~~~
hinkley
It can still be useful if it’s a means to an end, a goad.

One bit of advice I give is that if the code doesn’t work the way you want
then one option is to pretend. If you can emulate a better interface using the
existing code, then you can start making the lie true later on.

But it does require that this section of the code be something that will
receive ongoing attention for some time. You will have to amortize those
changes over a lot of stories. Otherwise it’s a bad candidate for the
technique and you will get the Lavaflow antipattern along with unnecessary
indirection.

------
southerntofu
This passphrase2pgp thing is really neat!

Also sequoia PGP supports the kind of one-off signature verification the
author does with simplegpg:

sq verify --public-key-file keyname.asc message.txt

I'd be curious to hear what the author thinks of that project

------
xmmrm
Somewhat off-topic: Are there any efforts to add signify/minisign support to
git?

------
teddyh
See also the "gpgv" and "symcryptrun" tools included in GnuPG:

[https://gnupg.org/documentation/manuals/gnupg/gpgv.html#gpgv](https://gnupg.org/documentation/manuals/gnupg/gpgv.html#gpgv)

[https://gnupg.org/documentation/manuals/gnupg/symcryptrun.ht...](https://gnupg.org/documentation/manuals/gnupg/symcryptrun.html#symcryptrun)

------
evancox100
Great advertisement on why you should just use signify instead

------
awinter-py
> GnuPG is like a media player

sign me up

