Crate pgp

Source

Expand description

§🔐 pgp-lib

High-level, asynchronous API for rPGP, a pure Rust implementation of OpenPGP.

§Features

Exports basic PGP operations: encrypt, decrypt, sign, verify
Exposes PGP helpers: generate a key pair, read secret/public keys from path, read signature from bytes etc
Proposes HTTP public key discovery via WKD and HKP
Supports tokio and async-std async runtimes
Supports rustls and native-tls crypto libs

The library comes with 6 cargo features, including 2 default ones:

tokio: enables the tokio async runtime
async-std: enables the async-std async runtime
rustls: enables the rustls crypto
native-tls: enables the native-tls crypto
key-discovery: enables public key discovery mechanisms
vendored: compiles and statically link to a copy of non-Rust vendors like OpenSSL

§Example

use pgp::{decrypt, encrypt, gen_key_pair, read_sig_from_bytes, sign, verify};

#[tokio::main]
async fn main() {
    let (alice_skey, alice_pkey) = gen_key_pair("alice@localhost", "").await.unwrap();
    let (bob_skey, bob_pkey) = gen_key_pair("bob@localhost", "").await.unwrap();

    let msg = b"message".to_vec();
	
	// encrypt message with multiple recipients
	
    let encrypted_msg = encrypt(vec![alice_pkey.clone(), bob_pkey], msg.clone())
        .await
        .unwrap();
	
	// decrypt message
	
    assert_eq!(msg, decrypt(alice_skey.clone(), "", encrypted_msg.clone()).await.unwrap());
    assert_eq!(msg, decrypt(bob_skey, "", encrypted_msg.clone()).await.unwrap());

    // sign message
	
    let raw_sig = sign(alice_skey, "", msg.clone()).await.unwrap();
    let sig = read_sig_from_bytes(raw_sig).await.unwrap();
	
	// verify message
	
    assert!(verify(alice_pkey, sig, msg).await.is_ok());
}

See the full API documentation on docs.rs.

§Sponsoring

Special thanks to the NLnet foundation and the European Commission that helped the project to receive financial support from various programs:

NGI Assure in 2022
NGI Zero Entrust in 2023
NGI Zero Core in 2024 (still ongoing)

If you appreciate the project, feel free to donate using one of the following providers:

Re-exports§

pub use pgp_native as native;

Modules§

decrypt: Decrypt
encrypt: Encrypt
httpkey-discovery: HTTP key discovery
sign: Sign
utils: Utils
verify: Verify

Enums§

Error: The global Error enum of the library.

Functions§

decrypt: Decrypts bytes using the given secret key and its passphrase.
encrypt: Encrypts given bytes using the given list of public keys.
gen_key_pair: Generates a new pair of secret and public keys for the given email address and passphrase.
read_pkey_from_path: Reads a signed public key from the given path.
read_sig_from_bytes: Reads a standalone signature from the given raw bytes.
read_skey_from_file: Reads a signed secret key from the given path.
read_skey_from_string: Reads a signed secret key from the given raw string.
sign: Signs given bytes using the given private key and its passphrase.
verify: Verifies given standalone signature using the given public key.

Type Aliases§

Result: The global Result alias of the library.

Crate pgpCopy item path