Lib.rs

Cryptographysequoia
#secret-key #key-store #openpgp #signing #signing-key #encryption

sequoia-gpg-agent

A library for interacting with GnuPG's gpg-agent

by Justus Winter. Co-owned by Neal H. Walfield.

7 unstable releases (3 breaking)

0.4.2 Jun 20, 2024
0.4.1 Jun 4, 2024
0.4.0 May 17, 2024
0.3.1 Apr 9, 2024
0.1.0 Mar 4, 2024

#2028 in Cryptography

Download history 128/week @ 2024-07-20 108/week @ 2024-07-27 60/week @ 2024-08-03 455/week @ 2024-08-10 122/week @ 2024-08-17 537/week @ 2024-08-24 395/week @ 2024-08-31 220/week @ 2024-09-07 380/week @ 2024-09-14 343/week @ 2024-09-21 367/week @ 2024-09-28 397/week @ 2024-10-05 594/week @ 2024-10-12 387/week @ 2024-10-19 406/week @ 2024-10-26 334/week @ 2024-11-02

1,775 downloads per month
Used in 6 crates (4 directly)

LGPL-2.0-or-later

205KB
4K SLoC

This crate includes functionality for interacting with GnuPG's gpg-agent.

gpg-agent is a secret key store, which is shipped as part of GnuPG. It is used to manage secret key material, and hardware devices that contain secret key material. It provides an RPC interface using the Assuan protocol.

This is how gpg, GnuPG's primary command-line interface, communicates with it.

This crate provides a Rust API for interacting with gpg-agent.

Note: this crate communicates directly with gpg-agent; it does not go via gpg.

lib.rs:

This crate includes functionality for interacting with GnuPG's gpg-agent.

gpg-agent is a secret key store, which is shipped as part of GnuPG. It is used to manage secret key material, and hardware devices that contain secret key material. It provides an RPC interface using the Assuan protocol.

This is how gpg, GnuPG's primary command-line interface, communicates with it.

This crate provides a Rust API for interacting with gpg-agent.

Note: this crate communicates directly with gpg-agent; it does not go via gpg.

Examples

Import secret key material, list the keys, and sign a message:

use std::io::{Read, Write};

use sequoia_openpgp as openpgp;
use openpgp::Cert;
use openpgp::packet::signature;
use openpgp::parse::Parse;
use openpgp::policy::StandardPolicy;
use openpgp::serialize::stream::{Message, Signer, LiteralWriter};
use openpgp::types::HashAlgorithm;
use openpgp::types::SignatureType;

use sequoia_gpg_agent as gpg_agent;
use gpg_agent::KeyPair;

const P: &StandardPolicy = &StandardPolicy::new();

#
// Load a TSK, i.e., a certificate with secret key material.
let key = // ...
#
let cert = Cert::from_bytes(key)?;
assert!(cert.is_tsk());

// Connect to a temporary GnuPG home directory.  Usually,
// you'll want to connect to the default home directory using
// Agent::connect_to_default.
let mut agent = gpg_agent::Agent::connect_to_ephemeral().await?;

// Import the secret key material into gpg-agent.
for k in cert.keys().secret() {
    agent.import(P,
                 &cert, k.parts_as_secret().expect("have secret"),
                 true, true).await?;
}

// List the keys.
let list = agent.list_keys().await?;
println!("gpg agent manages {} keys:", list.len());
for k in list.iter() {
    eprintln!("  - {}", k.keygrip());
}

// Sign a message using the signing key we just imported.
let signing_key = cert.with_policy(P, None)?
    .keys().for_signing()
    .next().expect("Have a signing-capable subkey.");

let mut keypair = agent.keypair(&signing_key)?;

let mut signed_message = Vec::new();
let message = Message::new(&mut signed_message);
let message = Signer::new(message, keypair).build()?;
let mut message = LiteralWriter::new(message).build()?;
message.write_all(b"I love you!")?;
message.finalize()?;

Dependencies

~24–37MB
~487K SLoC