Expand description
A very small implementation of a modern subset of OpenPGP
minipgp6 is a very lean OpenPGP software stack đđ€.
It implements a carefully delineated subset of RFC 9580 (OpenPGP) and RFC 9980 (PQC in OpenPGP).
§Project focus
Extreme simplicity is a central goal of minipgp6.
Therefore, minipgp6 does not implement backward compatibility with many of the currently common OpenPGP formats.1 Specifically, it does not handle âv4â (or older) key material or signatures. It also does not support any pre-AEAD encryption formats.
minipgp6 does not support all algorithms that RFC 9580 specifies and allows. Instead, it focuses on the subset of algorithms that the RFC mandates, as a sound common denominator.
§Interoperability
At the same time, minipgp6 also aims to be highly interoperable with the large and growing field of modern OpenPGP implementations.
Even though minipgp6 limits itself to modern OpenPGP formats, a large set of libraries interoperate seamlessly with the RFC 9580 formats that minipgp6 supports (in particular: âv6â keys, signatures based on Ed25519, and encryption based on X25519 and AEAD).
The composite PQC formats that minipgp6 supports (ML-KEM-768+X25519 and ML-DSA-65+Ed25519) will also be supported by all modern libraries. However, many OpenPGP libraries donât enable PQC support by default yet (while they wait for final ratification of the RFC).
§Core minipgp6 crates
minipgp is highly modular. It consists of the following set of core crates:
§minipgp6
This is the top-level entry point that is aimed at most users of minipgp.
It offers convenient high level abstractions.
NOTE: This crate is still very incomplete.
§minipgp6_frame
This crate deals with the packet framing of the OpenPGP wire format, including reading sequences of packets.
§minipgp6_packet
This crate deals with the OpenPGP wire format: Parsing and serializing OpenPGP data.
It contains no cryptographic functionality.
§minipgp6_sign
This crate deals with digital signatures.
It can produce and verify signatures, including in the context of inline-signed messages.
Note that OpenPGP uses the same signature mechanism for two logically distinct purposes:
- Signatures over data (either âdetachedâ or as âinline-signed messagesâ)
- Signatures that occur as parts of composite OpenPGP key objects (to link components together, for life-cycle operations, for third-party certifications, etc.)
§minipgp6_encrypt
This crate deals with encryption and decryption of data.
Encryption/decryption in OpenPGP is typically a hybrid operation with two steps:
- Encrypting or decrypting a symmetric âsession keyâ (usually using asymmetric key material)
- Symetrically encrypting or decrypting the actual (potentially large) message payload. minipgp6 only supports the modern AEAD-based v2 SEIPD symmetric data packet encryption format.
This crate deals with both of the above steps, and also offers an abstraction that combines both operations to process encrypted messages.
§minipgp6_lock
This crate deals with password-locking and -unlocking of secret key material.
The private key material in OpenPGP âsecret key packetsâ can optionally be protected with a password.
This crate provides functionality to password-lock secret key packets. Conversely, in order to use a locked secret key packet for cryptographic operations, private key material must be temporarily unlocked (i.e. decrypted).
§minipgp6_validity
This crate implements OpenPGP âvalidityâ semantics.
Its purpose is to determine which components of a composite OpenPGP key can be used in a specific context.
Validity semantics encompasses the âexpirationâ and ârevocationâ mechanisms, as well as other signals such as âKey Flagsâ (which keyholders use to signal the intended application of component keys).
§Additional minipgp6 crates
§minipgp6_armor
The core minipgp6 crates consider binary encoded OpenPGP the default, and do not deal with OpenPGP âASCII armorâ.
However, this separate crate offers functionality to produce and consume armored OpenPGP data. It can be conveniently combined with the core minipgp libraries.
§minipgp6_sop
A Stateless OpenPGP (SOP) CLI tool based on minipgp6.
Modules§
- keygen
- Generate OpenPGP Transferable Secret Keys
- lifecycle
- Lifecycle operations on OpenPGP transferable keys
- locking
- Helpers for password-locked secret key packets
Enums§
- Error
- Error type for minipgp6-composed
Constants§
- VERSION
- minipgp6 version, via Cargo.toml