Pure rust implementation of OpenPGP
OpenPGP implemented in pure Rust, permissively licensed
rPGP is the only full Rust implementation of OpenPGP, following RFC4880 and RFC2440. It offers a minimal low-level API and does not prescribe trust schemes or key management policies. It fully supports all functionality required by the Autocrypt 1.1 e-mail encryption specification.
rPGP is regularly published as theCrate and its RSA implementation lives under the collective RustCrypto umbrella. For ECC crypto support we are using Curve25519-dalek.
Please note that the API is not well documented yet. You may check out the tests which exercise the API. Please open issues here if if you are attempting to use rPGP and need help.
rPGP and its RSA dependency got a first independent security review mid 2019. No critical flaws were found. We have fixed and are fixing some high, medium and low risk ones. We will soon publish the full review report. Further independent security reviews are upcoming.
rPGP is used in production by Delta Chat, the e-mail based messenger app suite, successfully running on Windows, Linux, macOS, Android and iOS in 32bit (only Windows and Android) and 64 bit builds (for the other platforms).
More details on platform and OpenPGP implementation status:
When enabeling the
wasmfeature, rpgp can be compiled to run using WASM in Node.js and the supported Browsers. Experimental bindings for this can be found in rpgp/rpgp-js.
To run the stress tests,
> git submodule update --init --recursive > cargo test --release -- --ignored
To enable debugging, add
use pretty_env_logger; let _ = pretty_env_logger::try_init();
And then run tests with
Some key differences:
rPGP has a more libre license than Sequoia that allows a broader usage
rPGP is a library with a well-defined, relatively small feature-set where Sequoia also tries to be a replacement for the GPG command line tool
All crypto used in rPGP is implemented in pure Rust, whereas sequoia uses Nettle, which is implemented in C.
MIT or Apache 2.0
Unless you explicitly state otherwise, any contribution submitted for inclusion in rPGP by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.