GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → roburio → ocaml-openpgp

roburio / ocaml-openpgp

Licence: AGPL-3.0 license
WiP: RFC 4880 (OpenPGP) library and utilities in OCaml

Programming Languages

ocaml
1615 projects

Labels

openpgprfc-4880

Projects that are alternatives of or similar to ocaml-openpgp

pgpainless
Simple to use OpenPGP API based on Bouncy Castle
Stars: ✭ 73 (+204.17%)
Mutual labels:  openpgp, rfc-4880
Bouncy Gpg
Make using Bouncy Castle with OpenPGP fun again!
Stars: ✭ 164 (+583.33%)
Mutual labels:  openpgp
Objectivepgp
OpenPGP library for iOS and macOS
Stars: ✭ 557 (+2220.83%)
Mutual labels:  openpgp
Open Keychain
OpenKeychain is an OpenPGP implementation for Android.
Stars: ✭ 1,631 (+6695.83%)
Mutual labels:  openpgp
Hawkpost
Generate links that users can use to submit messages encrypted with your public key.
Stars: ✭ 843 (+3412.5%)
Mutual labels:  openpgp
Webext Signed Pages
A browser extension to verify the authenticity (PGP signature) of web pages
Stars: ✭ 126 (+425%)
Mutual labels:  openpgp
End To End
End-To-End is a crypto library to encrypt, decrypt, digital sign, and verify signed messages (implementing OpenPGP)
Stars: ✭ 4,047 (+16762.5%)
Mutual labels:  openpgp
mitome.in
Explore OpenPGP and other cryptography as an alternative for seals (mitome-in)
Stars: ✭ 30 (+25%)
Mutual labels:  openpgp
Autocrypt
Convenient End-to-End Encryption for E-Mail
Stars: ✭ 161 (+570.83%)
Mutual labels:  openpgp
Encrypt.to
Send encrypted PGP messages with one click
Stars: ✭ 116 (+383.33%)
Mutual labels:  openpgp
Openpgp Api
OpenPGP API library
Stars: ✭ 113 (+370.83%)
Mutual labels:  openpgp
Bc Csharp
Bouncy Castle C# Distribution (Mirror)
Stars: ✭ 847 (+3429.17%)
Mutual labels:  openpgp
Android Password Store
Android application compatible with ZX2C4's Pass command line application
Stars: ✭ 1,912 (+7866.67%)
Mutual labels:  openpgp
Globaleaks
GlobaLeaks is free, open source software enabling anyone to easily set up and maintain a secure whistleblowing platform.
Stars: ✭ 832 (+3366.67%)
Mutual labels:  openpgp
Yubikey Touch Detector
A tool to detect when your YubiKey is waiting for a touch (to send notification or display a visual indicator on the screen)
Stars: ✭ 167 (+595.83%)
Mutual labels:  openpgp
Kbpgp
OpenPGP (RFC4880) Implementation in IcedCoffeeScript
Stars: ✭ 497 (+1970.83%)
Mutual labels:  openpgp
Bc Java
Bouncy Castle Java Distribution (Mirror)
Stars: ✭ 1,379 (+5645.83%)
Mutual labels:  openpgp
Rnp
RNP: high performance C++ OpenPGP library, fully compliant to RFC 4880
Stars: ✭ 122 (+408.33%)
Mutual labels:  openpgp
openpgpkey-control
OpenPGP keys published on your website (WKD)
Stars: ✭ 36 (+50%)
Mutual labels:  openpgp
Neopg
The multiversal cryptoengine!
Stars: ✭ 213 (+787.5%)
Mutual labels:  openpgp
View All Similar Projects ➔

OpenPGP library (RFC 4880) Build Status

This library implements rudimentary support for OpenPGP as used with signatures, and has basic support for decryption of messages.

Right now it's a work in progress and should not be used for anything critical to security in a real-world situation.

  • Encryption is being worked on; currently GnuPG won't read our messages (but we can read their messages!).

  • Supporting El-Gamal and elliptic curve keys are out of scope due to lack of support for these in nocrypto.

I could be persuaded to add these if someone can point me to maintained libraries implementing these.

Contributing

Contributions are greatly appreciated!

To prevent duplication/collision of work, please consider leaving a note in the issues section before implementing large changes.

The library and API is still a volatile as it is still being developed.

Suggestions for things to improve:

  • Writing more tests, for example for primitives in types.ml.
    • Tests for vulnerabilities that have affected other OpenPGP implementations.
    • Tests pertaining to diverse/"exotic" keys
  • Adding useful debug output, or extending existing pretty-printers with more information.
  • Suggestions / signatures for a better API, or scenarios that the library should support.
  • CLI commands or arguments (this is one of my first times using cmdliner - I'm sure things can be improved)
  • Performance improvements

Building

The library currently depends on the unreleased Usane library for unsigned arithmetic, and on my unreleased wrappers around Cstruct, called cs.

opam pin add -n usane 'https://github.com/hannesm/usane.git'
opam pin add -n cs 'https://github.com/cfcs/ocaml-cs.git'
opam pin add -n gmap 'https://github.com/hannesm/gmap.git'
opam pin add -n nocrypto -k git 'https://github.com/mirleft/ocaml-nocrypto.git#79d5db2488e338d161d7e170cd681a8120ce07d1'
opam pin add -n mrmime -k git https://github.com/oklm-wsh/MrMime.git
opam install alcotest bos cmdliner cs cstruct fmt fpath gmap hex logs \
             nocrypto ptime qcheck rresult usane topkg mrmime
ocaml pkg/pkg.ml build

Roadmap

  • Consider support for inline signatures
  • GPG-agent protocol the GPG-agent protocol is inherently unsafe for signing operations. Other projects (git, qubes, enigmail) seem to implement GnuPG integration by shelling out to the gpg cli. Some limited compatibility with that seems more useful to implement.
  • Git signing / verification, see section below
  • MirageOS version of Qubes split-gpg

Cmdline usage

The library ships with a sample application in app/opgp.ml.

Usage details is available with opgp --help.

Examples of how to use the application are also given there.

It can currently:

  • opgp genkey: Generate a (DSA | RSA) private key with subkeys for signing+encryption
  • opgp sign: Produce a detached signature on a file
  • opgp convert: Derive a public key from a private key
  • opgp verify: Verify a detached signature
  • opgp list-packets: List packets contained in armored or binary PGP streams
  • opgp decrypt: Decrypt messages to RSA keys
    • Decompress ZIP(RFC1951) and ZLIB messages - BZip2 is still missing
  • opgp encrypt: Encrypt messages to RSA keys
  • opgp mail-decrypt: Carve out PGP/MIME messages and decrypt them. Currently does not check signatures.

Git / OpenPGP integration

git integrates cryptographic signature creation and verification by calling out to gpg. Peter Todd has a nice article about that in the documentation for his OpenTimeStamps project (which is a separate project that combines gpg-signatures with date proofs using append-only logs like BitCoin).

A minimally GnuPG-compatible program opgp-git is provided with the ocaml-openpgp distribution to replace the use of gpg in this scenario.

  • NB: At the moment only verification is supported, and only against a single public key contained in ~/opgp-git.asc - as thus this is not super useful, but is there as an example, and to remind me to fix the API to support some sort of PKI / key database.

To activate it, you will have to change the gpg.program variable to point to opgp-git instead of gpg:

$ git config --global gpg.program "$(opam config var openpgp:bin)/opgp-git"
  • NOTE that opgp-git does not implement the full GnuPG command-line interface, it merely implements the handling of the functionality expected by git, namely ["opgp-git", "--verify", "$file", "-"] and ["opgp-git", "-bsau", "$key"]. See the gpg.program entry in man git-config for more details.

Once configured, you can "manually" sign commits at commit-time with git commit --gpg-sign=KEYID, or you can configure git to do this automatically (see the commit.gpgSign entry in man git-config for more details).

Resources

The spec is included in this repository in the rfc/ subdirectory.

RFC 4880 - OpenPGP Message Format TODO - IANA registry updates

Alternative implementations

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].