rPGP

@rpgp
203 Followers
1 Following
13 Posts
OpenPGP implemented in pure Rust, permissively licensed
githubhttps://github.com/rpgp
Show threadrPGPFeb 16

Porting an application to rPGP 0.19 is slightly noisy. However, there are no conceptually tricky changes.

For an example diff of an an application ported from rPGP 0.18 to 0.19, see https://gitlab.archlinux.org/archlinux/signstar/-/merge_requests/384/diffs

chore(deps): Update Rust crate pgp to 0.19 (!384) · Merge requests · Arch Linux / signstar · GitLab

This MR contains the following updates: Package Type Update Change

GitLab
Show threadrPGPFeb 16

Other changes include:

- The key material-related traits have been reworked.
- The representation of timestamps has been simplified.

For a summary of the release, see https://github.com/rpgp/rpgp/releases/tag/v0.19.0

rPGPFeb 16

#rPGP 0.19.0 (from early Feb 2026) contains a number of substantial changes. Users of earlier versions should consider upgrading.

It includes three non-trivial bug fixes:

- "Parser crash on crafted RSA secret key packets" https://github.com/rpgp/rpgp/security/advisories/GHSA-7587-4wv6-m68m
- "Crash in message handling for deeply nested messages" https://github.com/rpgp/rpgp/security/advisories/GHSA-8h58-w33p-wq3g
- "Integrity protection of encrypted data was not always checked" https://github.com/rpgp/rpgp/security/advisories/GHSA-c7ph-f7jm-xv4w

Parser crash on crafted RSA secret key packets through CVE-2026-21895

### Summary It was possible to trigger an unhandled edge case in the Rust Crypto rsa crate through rPGP packet parsing functionality, and crash the process that runs rPGP. This problem has been pa...

GitHub
rPGPFeb 16

Announcing this here with some delay: #rPGP 0.18.0 (from Nov 2025) contained only minor changes, representing mostly cleanup work (however, some of the resulting API changes were formally semver breaking).

See https://github.com/rpgp/rpgp/releases/tag/v0.18.0 for a summary of the release.

rPGPSep 26

New release: #rPGP version 0.17.0 🧰🔐✨

https://github.com/rpgp/rpgp/releases/tag/v0.17.0

#OpenPGP implemented in pure #Rust, permissively licensed

One highlight of this release is improved performance for encryption and decryption (saving time and/or battery when handling larger messages).

The release also features many small improvements to the rPGP API, and various bugfixes (see link above for details). Finally, it adds support for decryption of a #GnuPG-proprietary message format.

Release v0.17.0 · rpgp/rpgp

⛰️ Features (deps) Update bitfields to 1.0 (#588) - (617f6e0) Helpers for improved string handling - (80977ca) Adds signature::Signer compatibility wrappers - (854387a) [breaking] Improve Signat...

GitHub
Show threadrPGPMay 29, 2025
@derekmorr See https://github.com/rpgp/rpgp/blob/main/docs/FAQ.md#how-is-rpgp-different-from-sequoia
rpgp/docs/FAQ.md at main · rpgp/rpgp

OpenPGP implemented in pure Rust, permissively licensed - rpgp/rpgp

GitHub
rPGPMay 29, 2025
Delta ChatMay 29, 2025

our friends over at @rpgp just published a monster milestone, humbly tagged 0.16 😍 with

- streaming decryption and encryption

- post-quantum-cryptography

- API streamlining.

#rPGP is a full Rust implementation of #openpgp which counts among the fastest and most compliant implementations today, and includes security audits. Note: #deltachat uses a restricted subset of OpenPGP, and follows best practices (eg using the same ed25519 keys implementation as #signal) https://github.com/rpgp/rpgp/

GitHub - rpgp/rpgp: OpenPGP implemented in pure Rust, permissively licensed

OpenPGP implemented in pure Rust, permissively licensed - rpgp/rpgp

GitHub
rPGPMay 29, 2025

New release: #rPGP version 0.16.0 🧰🔐✨

https://github.com/rpgp/rpgp/releases/tag/v0.16.0

#OpenPGP implemented in pure #Rust, permissively licensed

This release features streaming message support: Now rPGP can process arbitrarily large messages, with modest memory requirements.

It adds experimental support for the upcoming OpenPGP #PQC IETF standard https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc

This release also brings various improvements for key generation, support for X448/Ed448, and many minor fixes.

Release v0.16.0 - Stream the world & PQC · rpgp/rpgp

⛰️ Features Update to draft-ietf-openpgp-pqc-10 (#565) - (01a9643) 🚜 Refactor Cleanup the interface of crypto::*::SecretKey - (45e1ea8)

GitHub
rPGPFeb 7, 2025
Delta ChatFeb 7, 2025

Six times so far ... is how often important parts of #deltachat were independently #security audited and analyzed. Thanks to IncludeSecurity, Cure53, Applied Crypto Team at ETH Zuerich and Radical Open Security.

Last audit is from December 2024 covering @rpgp , the minimal #OpenPGP Rust library that is gaining traction with others projects as well.
Shout-out to dignifiedquire and @hko for their excellent maintenance! For more info on Delta Chat related security audits: https://delta.chat/en/help#security-audits

Delta Chat: FAQ

What is Delta Chat? Delta Chat is a reliable, decentralized and secure instant messaging app, available for mobile and desktop platforms. Instant creation of private chat profiles with secure and i...

Show threadrPGPFeb 7, 2025

See https://github.com/rpgp/rpgp/security/advisories/GHSA-9rmp-2568-59rv and https://github.com/rpgp/rpgp/security/advisories/GHSA-4grw-m28r-q285 for more details.

And see https://chaos.social/@delta/113963707915543266 for a broader context about audits in Delta Chat.

Thanks to @nlnet for funding the audit, and @ros for the excellent audit work!