Skip to content
RNP: high performance C++ OpenPGP library, fully compliant to RFC 4880
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
ci
cmake Fix broken versioning when added as a git submodule. Mar 19, 2019
doc
docs
git-hooks
include FFI: set default key/subkey usage in rnp_generate_key_ex() Mar 3, 2019
src Fix double-free with invalid armored headers. Mar 18, 2019
.cirrus.yml ci: Only run Cirrus CI for certain branches and PRs. Feb 10, 2019
.clang-format
.gitignore Update gitignore [ci skip] Sep 10, 2018
.travis.yml
Brewfile ci: Add macos. Feb 19, 2019
CMakeLists.txt
LICENSE-OCB.md Provide OCB license. Aug 30, 2017
LICENSE.md
_config.yml
docker.sh
travis.sh

README.adoc

RNP

Introduction

"rnp" is a set of OpenPGP (RFC4880) tools that works on Linux, \*BSD and macOS as a replacement of GnuPG. It is maintained by Ribose after being forked from NetPGP, itself originally written for NetBSD.

"librnp" is the library used by rnp for all OpenPGP functions, useful for developers to build against. Thanks to Alistair, it is a "real" library, not a wrapper like GPGME of GnuPG.

NetPGP was originally written (and still maintained) by Alistair Crooks of NetBSD.

Status

Travis CI Build Status Coverity Scan Build Status Code coverage

Supported Platforms

Currently supported platforms:

  • Fedora 25

  • RHEL/CentOS 7

Upcoming supported platforms:

  • Ubuntu 14.04 LTS, 16.04 LTS, 17.04

  • Debian 8, 9

  • OpenSUSE Leap 42.2, 42.3

  • SLES 12

Usage

Generating an RSA Private Key

By default rnpkeys --generate-key will generate 2048-bit RSA key.

export keydir=/tmp
rnpkeys --generate-key --homedir=${keydir}

rnpkeys: generated keys in directory ${keydir}/6ed2d908150b82e7

In case you’re curious, 6ed2d…​ is the key fingerprint.

In order to use fully featured key pair generation --expert flag should be used. With this flag added to rnpkeys --generate-key user has a possibility to generate keypair for any supported algorithm and/or key size.

Example:

> export keydir=/tmp
> rnpkeys --generate-key --expert --homedir=${keydir}

Please select what kind of key you want:
    (1)  RSA (Encrypt or Sign)
    (19) ECDSA
    (22) EDDSA
> 19

Please select which elliptic curve you want:
    (1) NIST P-256
    (2) NIST P-384
    (3) NIST P-521
> 2

Generating a new key...
signature  384/ECDSA d45592277b75ada1 2017-06-21
Key fingerprint: 4244 2969 07ca 42f7 b6d8 1636 d455 9227 7b75 ada1
uid              ECDSA 384-bit key <flowher@localhost>
rnp: generated keys in directory /tmp/.rnp
Enter password for d45592277b75ada1:
Repeat password for d45592277b75ada1:
>

Listing Keys

export keyringdir=${keydir}/MYFINGERPRINT
rnpkeys --list-keys --homedir=${keyringdir}

1 key found
...

Signing a File

Signing in binary format

rnp --sign --homedir=${keyringdir} ${filename}

Creates ${filename}.gpg which is an OpenPGP message that includes the message together with the signature as a 'signed message'.

This type of file can be verified by:

  • rnp --verify --homedir=${keyringdir} ${filename}.gpg

Signing in binary detatched format

rnp --sign --detach --homedir=${keyringdir} ${filename}

Creates ${filename}.sig which is an OpenPGP message in binary format, that only contains the signature.

This type of file can be verified by:

  • rnp --verify --homedir=${keyringdir} ${filename}.sig

Signing in Armored (ASCII-Armored) format

rnp --sign --armor --homedir=${keyringdir} ${filename}

Creates ${filename}.asc which is an OpenPGP message in ASCII-armored format, including the message together with the signature as a 'signed message'.

This type of file can be verified by:

  • rnp --verify --homedir=${keyringdir} ${filename}.asc

Other options

  • --clearsign option will append a separate PGP Signaure to the end of the message (the new output)

  • --detach option will append a separate PGP Signaure to the end of the message (the new output)

Encrypt

rnp --encrypt --homedir=${keyringdir} ${filename}

Creates ${filename}.gpg.

Decrypt

rnp --decrypt --homedir=${keyringdir} ${filename}.gpg

Creates ${filename}.

For developers

You may wish to use librnp library in your projects as well. See the src/examples/README.md for usage details and sample code.

Install

Binaries installed

  • rnp

  • rnpkeys

On macOS using Homebrew

brew tap riboseinc/rnp
brew install rnp

On RHEL and CentOS via YUM

rpm --import https://github.com/riboseinc/yum/raw/master/ribose-packages.pub
curl -L https://github.com/riboseinc/yum/raw/master/ribose.repo > /etc/yum.repos.d/ribose.repo
yum install -y rnp

On Debian

# Clone the repository by version tag (or omit it to get the latest sources)
sudo apt install git
git clone https://github.com/riboseinc/rnp.git -b v0.11.0

# Enable access to `testing` packages by editing /etc/apt/sources.list
# deb http://deb.debian.org/debian testing main
# Install required packages
sudo apt install g++-8 cmake libbz2-dev zlib1g-dev libjson-c-dev libbotan-2-dev build-essential

# Cmake recommend out-of-source builds
mkdir rnp-build
cd rnp-build

# Cmake it
cmake -DCMAKE_INSTALL_PREFIX=/usr -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=off ../rnp/
make install

Compiling from source

Clone this repo, or download a release and expand it. Then:

cmake -DCMAKE_INSTALL_PREFIX=/usr/local -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=off .
make install

Versioning

RNP follows the semantic versioning syntax.

Checking versions

The output of rnp --version contains the git hash of the version the binary was built from, which value is generated when cmake runs. Consequently, a release tarball generated with make dist will contain this hash version.

Historic

The first version of rnp started at 0.8.0 to indicate its development completeness (or lack thereof).

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.