Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Encrypt/decrypt large files with PGP SDK securely

Created: 09 Feb 2013 • Updated: 28 Feb 2013 | 5 comments
This issue has been solved. See solution.

I'm trying to create test program using PGP SDK which can be embedded into our application (that processes the plain files further).

 - One way is to first decrypt file into a temporary file and then pass the temporary file to our application. I don't like this approach as the decrypted file stays for sometime so not a secure option.

 - Another way is to use PGP command line which writes decrypted text to stdout and have our application read the stdout. I'd like to achieve this using PGP SDK. Is it possible? I could not find appropriate Filespec classes in PGP SDK that can be used to achieve this. I think current PGPNewFileSpecFromFullPath() does not allow stdout or stdin as parameters or does it?

- Yet another way is to provide an event to allow PGP SDK calling program to read in chunks. Current kPGPEvent_OutputEvent only allows caller to provide a static buffer of fixed size. If the size of the buffer is not enough then the PGPDecode() fails. Is there anyway to allow caller to read the data in chunks? This is similar to using input or outputstreams of Java.

How does PGPEncode() encrypts large files? Does it create one encrypted message section for the entire file or it is divided into a packets of a certain sizeAppreciate any help on this. I don't see a separate community for PGP SDK so posting it here.

Discussion Filed Under:

Comments 5 CommentsJump to latest comment

dfinkelstein's picture

(Moving to the Developers forum)

--------

David Finkelstein

Symantec R&D

dfinkelstein's picture

Yes, PGPNewFileSpecFromFullPath() does take /dev/stdin or /dev/stdout.

Note that on some platforms (Windows, HP-UX, and AIX) we recommend you "buffer" stdin and out, by reading or writing the contents into a memory buffer first.  For Linux, Solaris, and Mac OS X, you should be able to read and write stdin and stdout directly.

Regards,

--------

David Finkelstein

Symantec R&D

pgpsdk's picture

Thank you for a quick reply.

I think there is no equivalent to /dev/stdout on Windows? Does PGPNewFileSpecFromFullPath() accept a named pipe?

dfinkelstein's picture

Named pipes can work, but I have seen some issues where, after the first chunk of data is read, the pipe looks like it is "empty" (and so reading finishes).  I think there is stdout on Windows, but I don't do much development on that platform so I cannot say what the right way is to use it.

--------

David Finkelstein

Symantec R&D

SOLUTION