Hacker News new | past | comments | ask | show | jobs | submit login
Keyringless GnuPG (nullprogram.com)
100 points by eaguyhn on Aug 25, 2019 | hide | past | favorite | 8 comments



Looks like this does signing but not encryption. Assuming I'm not missing anything: Is anyone planning on adding the encryption side of things?


To me, this is another example of functional vs object oriented styles of programming.

signify is essentially a pure function. It carries no state and the output is purely a function of its inputs (and a bunch of internal constants).

GnuPG (and indeed music players) are stateful. To some, it may be irritating to build up that state to do something simple. OTOH, that state is useful if it's a cache hit and it's annoying to repeatedly pass the same parameters (i.e., you want to repeatedly do a bunch of ops against the same identity you've imported).

It's usually easier to write a functional core and wrap it in something stateful (by currying the arguments) rather than the trying to do the reverse as the author is doing here.


It can still be useful if it’s a means to an end, a goad.

One bit of advice I give is that if the code doesn’t work the way you want then one option is to pretend. If you can emulate a better interface using the existing code, then you can start making the lie true later on.

But it does require that this section of the code be something that will receive ongoing attention for some time. You will have to amortize those changes over a lot of stories. Otherwise it’s a bad candidate for the technique and you will get the Lavaflow antipattern along with unnecessary indirection.


This passphrase2pgp thing is really neat!

Also sequoia PGP supports the kind of one-off signature verification the author does with simplegpg:

sq verify --public-key-file keyname.asc message.txt

I'd be curious to hear what the author thinks of that project


Somewhat off-topic: Are there any efforts to add signify/minisign support to git?



Great advertisement on why you should just use signify instead


> GnuPG is like a media player

sign me up




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: