Rpgp: Pure Rust implementation of OpenPGP

Project highlights & adoption

  • rpgp is a pure-Rust OpenPGP implementation; some commenters report using it successfully for git commit signing with smartcards.
  • Its recent HN visibility may be linked to strong conformance in the Sequoia test suite.
  • The maintainer is active in the thread and open to feedback and questions.

Smartcards and integration

  • rpgp doesn’t have built-in smartcard support but can integrate with external tooling.
  • A proof-of-concept shows it working with OpenPGP smartcards (YubiKey, Nitrokey) for signing and decryption.
  • Integration relies on the Rust pcsc crate, which uses system PC/SC libraries (Windows/macOS system libs, pcsclite on Linux).

Cryptographic design & security concerns

  • SHA‑1 use in OpenPGP is debated. One view sees little urgent need to change the standard; another is adding Git-style SHA‑1 collision detection to rpgp for extra protection.
  • A suspected RSA vulnerability (Desmedt–Odlyzko) was raised, then retracted after closer reading; the code in question affects signature padding but not in the initially claimed way.
  • rpgp currently depends on an RSA implementation flagged for timing side channels.
    • One side argues serious primitives like RSA/AES should be implemented in assembly for robust constant-time behavior.
    • Others counter that Rust is not “too high-level” for crypto and note that even OpenSSL had similar issues; also, CPU differences limit what assembly can guarantee.

GnuPG, libraries, and ecosystem pain

  • Several comments criticize GnuPG’s historical “CLI-first” design and the difficulty of using it as a library (process management, poor performance at scale, awkward key handling).
  • gpgme partly mitigates this by wrapping the gpg binary, but still inherits performance and edge-case issues.
  • Some see GPG as effectively legacy and fundamentally hard to fix without breaking compatibility.

Sequoia vs. rpgp & licensing

  • Sequoia aims to be a full GnuPG replacement with a larger, more complex stack and has institutional funding.
  • rpgp is described as smaller, more flexible, and more “Rust-native” (simple cargo add pgp experience), but with sparser docs that often require reading source.
  • Licensing is a concern: some prefer MPL-style licensing over LGPL for easier integration; Sequoia’s alignment with GPL-family licenses is seen as a barrier.

OpenPGP / LibrePGP schism & cipher modes

  • GnuPG has started preferring LibrePGP-specific OCB-based AEAD, causing interoperability issues with other implementations.
  • Some distributions patch GnuPG defaults to avoid this.
  • rpgp is adding support to read these formats for compatibility but intends to emit the most broadly compatible formats by default.
  • One view holds there’s no urgent cryptographic need for new block modes, so the divergence mostly harms interoperability.

PGP vs modern messaging (Signal/WhatsApp, email substrate)

  • Multiple comments contrast GPG/PGP’s poor UX and “toolbox-itis” with Signal/WhatsApp’s seamless E2EE and automatic key management.
  • Email is described as a bad substrate for modern E2EE: archival expectations, metadata exposure, and retrofitting constraints all complicate things.
  • Some argue that central key directories and mandatory encryption in messaging apps sidestep PGP’s hardest problems (decentralized identity, opt-in encryption).
  • Others are skeptical of Signal/WhatsApp due to centralization, proprietary clients, possible platform backdoors, and SIM-based account takeover; they argue PGP remains more trustworthy under some threat models.
  • There is debate over protection against state actors:
    • One side stresses that OS or device compromise breaks any app, and mainstream desktops may be easier targets than phones.
    • Another emphasizes that mobile platforms, phone numbers, and opaque components (like baseband) weaken security, especially for high-end threats.

General ecosystem reflections

  • Some lament that a decent OpenPGP library ecosystem arrived only after GPG’s dominance and design choices had already “poisoned the well.”
  • There is interest in higher-level, misuse-resistant APIs atop both rpgp and Sequoia, to avoid low-level types and complexity.
  • Overall sentiment: rpgp is welcomed as a modern, pure-Rust alternative, but concerns remain about crypto hardening, interoperability, and the broader viability of OpenPGP for new applications.