This repository provides rPGP integrated with some post-quantum schemes from the NIST PQC competition. The implementations of post-quantum signature and public-key encryption schemes are provided by various crates.
The modification were authored by Sebastian Ramacher from AIT Austrian Institute of Technology and are licensed under the same license as rPGP.
This work was funded by the Austrian security research programme of the Federal Ministry of Finance (BMF) as part of the project QKD4Gov.
The original README follows.
OpenPGP implemented in pure Rust, permissively licensed
rPGP is the only full Rust implementation of OpenPGP, following RFC4880 and RFC2440. It offers a minimal low-level API and does not prescribe trust schemes or key management policies. It fully supports all functionality required by the Autocrypt 1.1 e-mail encryption specification.
rPGP is regularly published as the pgp Crate and its RSA implementation
lives under the collective RustCrypto umbrella.
For ECC crypto support we are using Curve25519-dalek.
Please note that the API is not well documented yet. You may check out the tests which exercise the API. Please open issues here if if you are attempting to use rPGP and need help.
rPGP and its RSA dependency got a first independent security review mid 2019. No critical flaws were found. We have fixed and are fixing some high, medium and low risk ones. We will soon publish the full review report. Further independent security reviews are upcoming.
rPGP is used in production by Delta Chat, the e-mail based messenger app suite, successfully running on Windows, Linux, macOS, Android and iOS in 32bit (only Windows and Android) and 64 bit builds (for the other platforms).
More details on platform and OpenPGP implementation status:
- OpenPGP Status document which describes what of OpenPGP is supported
- Platform status document which describes current platform support.
When enabeling the wasm feature, rpgp can be compiled to run using WASM in Node.js and the supported Browsers. Experimental bindings for this can be found in rpgp/rpgp-js.
To run the stress tests,
> git submodule update --init --recursive
> cargo test --release -- --ignoredTo enable debugging, add
use pretty_env_logger;
let _ = pretty_env_logger::try_init();And then run tests with RUST_LOG=pgp=info.
Some key differences:
-
rPGP has a more libre license than Sequoia, which allows a broader usage
-
rPGP is a library with a well-defined, relatively small feature-set where Sequoia also tries to be a replacement for the GPG command line tool
-
All crypto used in rPGP is implemented in pure Rust, whereas sequoia uses Nettle, which is implemented in C.
All crates in this repository support Rust 1.57 or higher. In future minimally supported version of Rust can be changed, but it will be done with a minor version bump.
MIT or Apache 2.0
Unless you explicitly state otherwise, any contribution submitted for inclusion in rPGP by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.