What does NetPGP do?

NetPGP signs and verifies a digital signature on data (a file, or data in memory), and encrypts and decrypts data. It uses standard OpenPGP format keyrings (such as those produced by GnuPG), and also can use SSH keys (done in a transparent manner). NetPGP comes in a library format, which can easily be embedded, and there are two programs; netpgp works on data, and signs, verifies, encrypts and decrypts; netpgpkeys manages the keys being used. Ease of command-line use was a design requirement, as was inter-operation with OpenPGP keys.

What standards does NetPGP support?

NetPGP supports OpenPGP, as specified in the IETF RFC 4880 standard. There is also support for reading SSH keys, as defined in RFC 4716, and for the Camellia ciphers defined in RFC 5581.

What state is it in?

NetPGP currently supports encryption, decryption, signing and verification by RSA and DSA/Elgamal keys (in SSH or PGP format). There is an HKP server and client bundled with NetPGP, which can distribute SSH or PGP keys. SSH, PGP keys can be used to sign and verify, or to encrypt and decrypt PGP messages. The NetPGP library can be easily embedded in products (due to its architecture and licensing). Lanuage bindings for Perl, Python, TCL and Lua are provided in the distribution for libnetpgp.

What platforms does it run on?

NetPGP is known to run on NetBSD, FreeBSD, Mac OS X, and Linux (Debian and RHEL6 Beta). If it runs on another platform not in this list, please let us know.

Is the project maintained?

NetPGP is actively maintained and developed. We appreciate any feedback or enhancement requests.

Are signed binaries supported?

Signed binary verification is usually the domain of the kernel, any checking done outside the krnel can be worked around. Work is going on in this area, and we expect to be able to announce something in the near future. If you are interested in this, please get in touch with us.

What about SSH and PGP key compatibility?

There is a complete worked example in the presentation from EuroBSDcon 2010. In short, SSH keys are supported as first-class citizens by NetPGP, and can be exported using HKP, and used to sign, verify, encrypt and decrypt data. OpenPGP key formats have some benefits over SSH keys - they can have duration and expiry information attached, as well as corroborating signatures, and attributes describing key usage.

Where can I get it?

The latest sources (with GNU autoconf framework) are provided here. The latest version is 20101107.

What other software do I need to use NetPGP?

An openssl installation is needed, usually provided by the operating system - the configuration system checks for version 0.9.8 or newer. zlib is also needed; again, usually provided by the operating system. If bzlib is found, it will be used.

What is in the roadmap for NetPGP?

Support for multiple encryption receipents will be released in the near future. The roadmap is full of other useful features - please mail us if you are interested!