Friday, April 20, 2007

PGP Autohra and open gpg

There are many reasons to avoid commercial software. Among them is support. I have an issue with pgp. We paid 14,000 dollars for the newest version of pgp commandline for Linux. The reason we upgraded was a keyring lock issue we were having. The Sales / Technical consultant assured us this was fixed in the newest version.

Here is a synapses of the problem. Encryption / Decryption is part of our SOA stack. It is called when the operation is necessary for a work flow. PGP is being run by a sigle user with a single keystore. when multiple work flows hit the pgp process at the same time the first process completes and the second process errors out due to a file lock.

There should not be a file lock when you are not intending to write to a file.

After multiple conversations with pgp they have advised us to program around their problem. Hmm. So we evaluated products from ohter companies who are willing to help us. Authora. They have been very willing to make changes and fix their product. Small company very agile.

Well now we would like to deploy the pgp process to every node in our data processing cluster. So we can fire it up on all nodes if necessary. It will probably only run on 1 or 2 machines at a time. Due to licence restraints we are going to go with open source. With Open source we do not need to worry about cluster licensing, and if we have issues we can code around them and return the code. I Think we have past the precipice of closed software. Open source just makes cents.


So, the PGP corporation called me back after reading this. Although we are probably looking towaards open source in the future, the rep was very helpful. It turns out we may be using the wrong product. PGP has an SDK that is more along the line of what we need. I am still not satified with the lack of Technical knowledge of their technical support staff. But, I am happy to see the company is out there and listening. ~Jerry