gpg-webservice

The project demonstrates a strong focus on security, particularly in the core Flask backend with features like Argon2id password hashing, AES-256-GCM encryption for private keys, PBKDF2-HMAC-SHA256 for key derivation, and process isolation for GPG operations. For the MCP server specifically, it enables CORS with `origin: '*'` and `NODE_TLS_REJECT_UNAUTHORIZED=0` for internal Docker communication during development. While these are documented as development defaults and production hardening (e.g., via Caddy reverse proxy) is detailed, they are significant security risks if directly deployed to a public-facing production environment without modification. The server itself is a proxy and does not directly handle private keys, mitigating some risks. Extensive security documentation and testing procedures are provided, indicating a strong security-conscious development approach.