Rpgp: Pure Rust implementation of OpenPGP
Project highlights & adoption
- rpgp is a pure-Rust OpenPGP implementation; some commenters report using it successfully for git commit signing with smartcards.
- Its recent HN visibility may be linked to strong conformance in the Sequoia test suite.
- The maintainer is active in the thread and open to feedback and questions.
Smartcards and integration
- rpgp doesn’t have built-in smartcard support but can integrate with external tooling.
- A proof-of-concept shows it working with OpenPGP smartcards (YubiKey, Nitrokey) for signing and decryption.
- Integration relies on the Rust
pcsccrate, which uses system PC/SC libraries (Windows/macOS system libs, pcsclite on Linux).
Cryptographic design & security concerns
- SHA‑1 use in OpenPGP is debated. One view sees little urgent need to change the standard; another is adding Git-style SHA‑1 collision detection to rpgp for extra protection.
- A suspected RSA vulnerability (Desmedt–Odlyzko) was raised, then retracted after closer reading; the code in question affects signature padding but not in the initially claimed way.
- rpgp currently depends on an RSA implementation flagged for timing side channels.
- One side argues serious primitives like RSA/AES should be implemented in assembly for robust constant-time behavior.
- Others counter that Rust is not “too high-level” for crypto and note that even OpenSSL had similar issues; also, CPU differences limit what assembly can guarantee.
GnuPG, libraries, and ecosystem pain
- Several comments criticize GnuPG’s historical “CLI-first” design and the difficulty of using it as a library (process management, poor performance at scale, awkward key handling).
- gpgme partly mitigates this by wrapping the gpg binary, but still inherits performance and edge-case issues.
- Some see GPG as effectively legacy and fundamentally hard to fix without breaking compatibility.
Sequoia vs. rpgp & licensing
- Sequoia aims to be a full GnuPG replacement with a larger, more complex stack and has institutional funding.
- rpgp is described as smaller, more flexible, and more “Rust-native” (simple
cargo add pgpexperience), but with sparser docs that often require reading source. - Licensing is a concern: some prefer MPL-style licensing over LGPL for easier integration; Sequoia’s alignment with GPL-family licenses is seen as a barrier.
OpenPGP / LibrePGP schism & cipher modes
- GnuPG has started preferring LibrePGP-specific OCB-based AEAD, causing interoperability issues with other implementations.
- Some distributions patch GnuPG defaults to avoid this.
- rpgp is adding support to read these formats for compatibility but intends to emit the most broadly compatible formats by default.
- One view holds there’s no urgent cryptographic need for new block modes, so the divergence mostly harms interoperability.
PGP vs modern messaging (Signal/WhatsApp, email substrate)
- Multiple comments contrast GPG/PGP’s poor UX and “toolbox-itis” with Signal/WhatsApp’s seamless E2EE and automatic key management.
- Email is described as a bad substrate for modern E2EE: archival expectations, metadata exposure, and retrofitting constraints all complicate things.
- Some argue that central key directories and mandatory encryption in messaging apps sidestep PGP’s hardest problems (decentralized identity, opt-in encryption).
- Others are skeptical of Signal/WhatsApp due to centralization, proprietary clients, possible platform backdoors, and SIM-based account takeover; they argue PGP remains more trustworthy under some threat models.
- There is debate over protection against state actors:
- One side stresses that OS or device compromise breaks any app, and mainstream desktops may be easier targets than phones.
- Another emphasizes that mobile platforms, phone numbers, and opaque components (like baseband) weaken security, especially for high-end threats.
General ecosystem reflections
- Some lament that a decent OpenPGP library ecosystem arrived only after GPG’s dominance and design choices had already “poisoned the well.”
- There is interest in higher-level, misuse-resistant APIs atop both rpgp and Sequoia, to avoid low-level types and complexity.
- Overall sentiment: rpgp is welcomed as a modern, pure-Rust alternative, but concerns remain about crypto hardening, interoperability, and the broader viability of OpenPGP for new applications.