On Thu, Aug 08, 2019 at 04:35:47PM +0100, Daniel P. Berrangé wrote:
IIUC, the key thing that makes signify/minisign a sound design are that they target a very narrow use case, offering just a single way to do things, using current best practice algorithms. This immediately eliminates a huge pile of historical baggage and complexity that you get in PGP impls, which have been a reliable source of security problems. It makes it easier for users to do the right thing when runnig the tools as there's much lower risk of picking bad uninformed options.
You can build a one-purpose application around e.g. OpenSSL. No need for introducing yet another cryptographical library.
-- Petr