rpgp: Pure Rust Implementation of OpenPGP

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Rust PGP

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • rpgp

    OpenPGP implemented in pure Rust, permissively licensed

    • I could be missing something here, but I think this is vulnerable to DO'1985, a/a/k/a Desmedt-Odlyzko:

    https://github.com/rpgp/rpgp/blob/8e67756ebce780c91b8c2ffc7d...

    In particular, in the presence of an insufficiently wide hash, the absence of padding here means that RSA signature validation is not secure under EUF-CMA. Matt Green has a great post on why and when EUF-CMA matters[1].

    (This isn't necessarily this implementation's fault, since PGP seemingly (!) encourages the stripping of padding from signatures. But I can't find another source for whether this is actually encouraged by OpenPGP, or whether implementations just widely allow it.)

    [1]: https://blog.cryptographyengineering.com/euf-cma-and-suf-cma...

  • monkeybagel

    • Yep. We've got it working with OpenPGP Card devices (Yubikeys, Nitorkeys, etc.). The signing part was actually pretty easy and the decryption required a bit more work but the maintainer was super responsive (https://github.com/rpgp/rpgp/pull/315).

    Overall I'm pretty happy with the codebase.

    The PoC for using cards in git is in https://github.com/wiktor-k/monkeybagel (excuse the silly name ;).

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • pysequoia

    OpenPGP in Python using Sequoia PGP

    • I agree that gpg did not age well. If we compare it to a different project with similar history: curl, it's apparent that gpg chose wrong on several fronts. It should be a library first instead of a cli tool. Funny part is that even the library of gpg (gpgme) is internally calling the binary.

    I've played around with designing a higher level library to OpenPGP once (https://pypi.org/project/pysequoia/) and personally I think it yields more readable, faster and secure code.

  • RSA

    RSA implementation in pure Rust

    • Yep, I saw the upstream[1].

    However, I misread this: I thought the padding was being done on the cleartext signing side, but this is padding of the signature itself. So there's some malleability here, but it isn't susceptible to DO'1985. I'll update my top-level comment.

    [1]: https://github.com/RustCrypto/RSA/issues/272

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts