@derekmorr See https://github.com/rpgp/rpgp/blob/main/docs/FAQ.md#how-is-rpgp-different-from-sequoia
OpenPGP implemented in pure Rust, permissively licensed
our friends over at @rpgp just published a monster milestone, humbly tagged 0.16 😍 with
- streaming decryption and encryption
- post-quantum-cryptography
- API streamlining.
#rPGP is a full Rust implementation of #openpgp which counts among the fastest and most compliant implementations today, and includes security audits. Note: #deltachat uses a restricted subset of OpenPGP, and follows best practices (eg using the same ed25519 keys implementation as #signal) https://github.com/rpgp/rpgp/
New release: #rPGP version 0.16.0 🧰🔐✨
https://github.com/rpgp/rpgp/releases/tag/v0.16.0
#OpenPGP implemented in pure #Rust, permissively licensed
This release features streaming message support: Now rPGP can process arbitrarily large messages, with modest memory requirements.
It adds experimental support for the upcoming OpenPGP #PQC IETF standard https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-pqc
This release also brings various improvements for key generation, support for X448/Ed448, and many minor fixes.
Six times so far ... is how often important parts of #deltachat were independently #security audited and analyzed. Thanks to IncludeSecurity, Cure53, Applied Crypto Team at ETH Zuerich and Radical Open Security.
Last audit is from December 2024 covering @rpgp , the minimal #OpenPGP Rust library that is gaining traction with others projects as well.
Shout-out to dignifiedquire and @hko for their excellent maintenance! For more info on Delta Chat related security audits: https://delta.chat/en/help#security-audits
See https://github.com/rpgp/rpgp/security/advisories/GHSA-9rmp-2568-59rv and https://github.com/rpgp/rpgp/security/advisories/GHSA-4grw-m28r-q285 for more details.
And see https://chaos.social/@delta/113963707915543266 for a broader context about audits in Delta Chat.
Thanks to @nlnet for funding the audit, and @ros for the excellent audit work!
rPGP has recently received an audit by @ros
The audit uncovered a number of issues, in particular: Multiple cases in which malformed input data can lead to Rust "panic"s. Triggering these typically leads to termination of applications that use #rPGP. This can act as a vector for denial of service attacks, but does not impact confidentiality or integrity security properties.
These issues were resolved in #rPGP release 0.14.2. Updating is recommended for all users.
New release today: #rPGP version 0.14.0 ✨
(#OpenPGP implemented in pure #Rust, permissively licensed)
https://github.com/rpgp/rpgp/releases/tag/v0.14.0
This release brings rather complete support for the excellent new OpenPGP RFC 9580 (also known as "crypto refresh", or "v6")
RFC 9580 standardizes modern cryptographic mechanisms for OpenPGP: AEAD-based encryption, Argon2, and SHA2 fingerprints for the new OpenPGP v6 key format (v4 keys use SHA1).
Thanks @NGIZero for supporting this work!
rPGP is an #OpenPGP implementation in pure #Rust (https://crates.io/crates/pgp).
It serves as the end-to-end encryption engine for Delta Chat:
@delta, a secure decentralized messager for all major platforms (and then some).
rPGP implements all generations of the OpenPGP standard, up to and including the new RFC 9580.