#rPGP 0.19.0 (from early Feb 2026) contains a number of substantial changes. Users of earlier versions should consider upgrading.

It includes three non-trivial bug fixes:

- "Parser crash on crafted RSA secret key packets" https://github.com/rpgp/rpgp/security/advisories/GHSA-7587-4wv6-m68m
- "Crash in message handling for deeply nested messages" https://github.com/rpgp/rpgp/security/advisories/GHSA-8h58-w33p-wq3g
- "Integrity protection of encrypted data was not always checked" https://github.com/rpgp/rpgp/security/advisories/GHSA-c7ph-f7jm-xv4w

Announcing this here with some delay: #rPGP 0.18.0 (from Nov 2025) contained only minor changes, representing mostly cleanup work (however, some of the resulting API changes were formally semver breaking).

See https://github.com/rpgp/rpgp/releases/tag/v0.18.0 for a summary of the release.

New release: #rPGP version 0.17.0 🧰🔐✨

https://github.com/rpgp/rpgp/releases/tag/v0.17.0

#OpenPGP implemented in pure #Rust, permissively licensed

One highlight of this release is improved performance for encryption and decryption (saving time and/or battery when handling larger messages).

The release also features many small improvements to the rPGP API, and various bugfixes (see link above for details). Finally, it adds support for decryption of a #GnuPG-proprietary message format.

New release: #rPGP version 0.16.0 🧰🔐✨

https://github.com/rpgp/rpgp/releases/tag/v0.16.0

#OpenPGP implemented in pure #Rust, permissively licensed

This release features streaming message support: Now rPGP can process arbitrarily large messages, with modest memory requirements.

It adds experimental support for the upcoming OpenPGP #PQC IETF standard https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc

This release also brings various improvements for key generation, support for X448/Ed448, and many minor fixes.

our friends over at @rpgp just published a monster milestone, humbly tagged 0.16 😍 with

- streaming decryption and encryption

- post-quantum-cryptography

- API streamlining.

#rPGP is a full Rust implementation of #openpgp which counts among the fastest and most compliant implementations today, and includes security audits. Note: #deltachat uses a restricted subset of OpenPGP, and follows best practices (eg using the same ed25519 keys implementation as #signal) https://github.com/rpgp/rpgp/

@lns sorry, but no. gnupgp UX sucks so hard that even I don't get it without extensive internet searching.

And I heard horrible stuff about integration into programs, like that they need to kill the #gpg daemon regularly to make it work.

Let's rather invest our efforts into making modern alternatives like #rpgp and #rsop
https://crates.io/crates/rsop/ great.

rPGP has recently received an audit by @ros

The audit uncovered a number of issues, in particular: Multiple cases in which malformed input data can lead to Rust "panic"s. Triggering these typically leads to termination of applications that use #rPGP. This can act as a vector for denial of service attacks, but does not impact confidentiality or integrity security properties.

These issues were resolved in #rPGP release 0.14.2. Updating is recommended for all users.

#OpenPGP #PGP #GnuPG

The #nethsm crate has just been released in version 0.7.0. 🎉

https://crates.io/crates/nethsm/0.7.0

In this version we added several improvements for the use with #OpenPGP (such as updating to the latest #rPGP) and added integration for validated key setups.

#Rust #RustLang #ArchLinux #Signstar #Cryptography #DigitalSignature #Nitrokey

New release today: #rPGP version 0.14.0 ✨

(#OpenPGP implemented in pure #Rust, permissively licensed)

https://github.com/rpgp/rpgp/releases/tag/v0.14.0

This release brings rather complete support for the excellent new OpenPGP RFC 9580 (also known as "crypto refresh", or "v6")

RFC 9580 standardizes modern cryptographic mechanisms for OpenPGP: AEAD-based encryption, Argon2, and SHA2 fingerprints for the new OpenPGP v6 key format (v4 keys use SHA1).

Thanks @NGIZero for supporting this work!

#RustLang #PGP #GnuPG