vPGP

OpenPGP implemented in pure Rust, permissively licensed

vPGP is a pure Rust implementation of OpenPGP.

vPGP implements OpenPGP as specified in RFC9580, including the commonly used v4 formats, as well as the latest v6 key formats and AEAD encryption mechanisms. All formats specified in the historical RFCs RFC4880 and RFC6637, such as v3 keys and signatures, are supported as well.

See IMPL_STATUS.md for more details on the implemented PGP features.

vPGP offers a flexible low-level API and gives users the ability to build higher level PGP tooling in the most compatible way possible. Additionally, it fully supports all functionality required by the Autocrypt 1.1 e-mail encryption specification.

Usage

> cargo add pgp

Load a public key and verify an inline-signed message

use std::fs;
use vpgp::{SignedPublicKey, Message, Deserializable};

let pub_key_file = "key.asc";
let msg_file = "msg.asc";

let key_string = fs::read_to_string(pub_key_file).unwrap();
let (public_key, _headers_public) = SignedPublicKey::from_string(&key_string).unwrap();

let msg_string = fs::read_to_string(msg_file).unwrap();
let (msg, _headers_msg) = Message::from_string(&msg_string).unwrap();

// Verify this message
// NOTE: This assumes that the primary serves as the signing key, which is not always the case!
msg.verify(&public_key).unwrap();

let msg_content = msg.get_content().unwrap(); // actual message content
let msg_string = String::from_utf8(msg_content.unwrap()).expect("expect UTF8");
println!("Signed message: {:?}", msg_string);

Generate and verify a detached signature with an OpenPGP keypair

use std::fs;
use vpgp::{Deserializable, SignedPublicKey, SignedSecretKey};
use vpgp::types::{PublicKeyTrait, SecretKeyTrait};
use vpgp::crypto::hash::HashAlgorithm;

let priv_key_file = "key.sec.asc";
let pub_key_file = "key.asc";

let data = b"Hello world!";

// Create a new signature using the private key
let secret_key_string = fs::read_to_string(priv_key_file).expect("Failed to load secret key");
let signed_secret_key = SignedSecretKey::from_string(&secret_key_string).unwrap().0;

let new_signature = signed_secret_key.create_signature(|| "".to_string(), HashAlgorithm::default(), &data[..]).unwrap();

// Verify the signature using the public key
let key_string = fs::read_to_string(pub_key_file).expect("Failed to load public key");
let public_key = SignedPublicKey::from_string(&key_string).unwrap().0;

public_key.verify_signature(HashAlgorithm::default(), &data[..], &new_signature).unwrap();

Current Status

Last updated September 2024

• Implementation Status: IMPL_STATUS.md
• Security Status: STATUS_SECURITY.md
• Supported Platforms: PLATFORMS.md

Users & Libraries built using vPGP

• Delta Chat: Cross-platform messaging app that works over e-mail
• rpm: A pure rust library for parsing and creating RPM files
• vpgpie: An experimental high level OpenPGP API
• rsop: A SOP CLI tool based on vPGP and vpgpie
• debian-packaging: a library crate for dealing with Debian packages

Don't see your project here? Please send a PR :)

FAQs

Checkout FAQ.md.

Minimum Supported Rust Version (MSRV)

All crates in this repository support Rust 1.75 or higher. In future minimally supported version of Rust can be changed, but it will be done with a minor version bump.

Funding

RFC 9580 support for vPGP has been funded in part through NGI0 Core, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme.

License

This project is licensed under either of

• Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in this project by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.