"rnp" is a set of OpenPGP (RFC4880) tools that works on Linux, *BSD and macOS as a replacement of GnuPG. It is maintained by Ribose after being forked from NetPGP, itself originally written for NetBSD.
"librnp" is the library used by rnp for all OpenPGP functions, useful for developers to build against. Thanks to Allistair, it is a "real" library, not a wrapper like GPGME of GnuPG.
NetPGP was originally written (and still maintained) by Allistair Crooks of NetBSD.
Currently supported platforms:
- Fedora 25
- RHEL/CentOS 7
Upcoming supported platforms:
- Ubuntu 14.04 LTS, 16.04 LTS, 17.04
- Debian 8, 9
- OpenSUSE Leap 42.2, 42.3
- SLES 12
By default rnpkeys --generate-key will generate 2048-bit RSA key.
export keydir=/tmp
rnpkeys --generate-key --homedir=${keydir}=>
rnpkeys: generated keys in directory ${keydir}/6ed2d908150b82e7In case you're curious, 6ed2d... is the key fingerprint.
In order to use fully featured key pair generation --expert flag should be used. With this flag added to rnpkeys --generate-key user has a possibility to generate keypair for any supported algorithm and/or key size.
Example:
> export keydir=/tmp
> rnpkeys --generate-key --expert --homedir=${keydir}
Please select what kind of key you want:
(1) RSA (Encrypt or Sign)
(19) ECDSA
(22) EDDSA
> 19
Please select which elliptic curve you want:
(1) NIST P-256
(2) NIST P-384
(3) NIST P-521
> 2
Generating a new key...
signature 384/ECDSA d45592277b75ada1 2017-06-21
Key fingerprint: 4244 2969 07ca 42f7 b6d8 1636 d455 9227 7b75 ada1
uid ECDSA 384-bit key <flowher@localhost>
rnp: generated keys in directory /tmp/.rnp
Enter password for d45592277b75ada1:
Repeat password for d45592277b75ada1:
>export keyringdir=${keydir}/MYFINGERPRINT
rnpkeys --list-keys --homedir=${keyringdir}
=>
1 key found
...
rnp --sign --homedir=${keyringdir} ${filename}=>
Created ${filename}.gpg which is an OpenPGP message that includes the
message together with the signature as a 'signed message'.
This type of file can be verified by:
rnp --verify --homedir=${keyringdir} ${filename}.gpg
rnp --sign --detach --homedir=${keyringdir} ${filename}=>
Created ${filename}.sig which is an OpenPGP message in binary
format, that only contains the signature.
This type of file can be verified by:
rnp --verify --homedir=${keyringdir} ${filename}.sig
rnp --sign --armor --homedir=${keyringdir} ${filename}=>
Created ${filename}.asc which is an OpenPGP message in ASCII-armored
format, including the message together with the signature as a 'signed
message'.
This type of file can be verified by:
rnp --verify --homedir=${keyringdir} ${filename}.asc
-
--clearsignoption will append a separate PGP Signaure to the end of the message (the new output) -
--detachoption will append a separate PGP Signaure to the end of the message (the new output)
rnp --encrypt --homedir=${keyringdir} ${filename}=>
Creates: ${filename}.gpg
rnp --decrypt --homedir=${keyringdir} ${filename}.gpg=>
Creates: ${filename}
rnprnpkeys
brew tap riboseinc/rnp
brew install rnprpm --import https://github.com/riboseinc/yum/raw/master/ribose-packages.pub
curl -L https://github.com/riboseinc/yum/raw/master/ribose.repo > /etc/yum.repos.d/ribose.repo
yum install -y rnp(WIP)
Clone this repo or download a release and expand it.
General:
./build.sh
make installRHEL/CentOS:
./build-install.shThese steps require docker installed. It's not strictly necessary,
but just provides a consistent baseline for this guide to work.
Clone source:
# cd ~/src
git clone https://github.com/riboseinc/rnpStart container (assuming you git cloned to ~/src/rnp. Change
accordingly):
docker run -v ~/src/rnp:/usr/local/rnp -it centos:7 bashIn CentOS container:
cd /usr/local/rnp
./package.shSet up build environment.
In the container:
/usr/local/rnp/packaging/redhat/extra/prepare_build.sh
Botan 2.1 or higher is required.
Installed via packaging/redhat/extra/build_rpm.sh.
Development branches may depend on unreleased Botan versions (i.e. when adding support for new crypto algorithms), and should use following instructions to install Botan instead.
Update packaging/redhat/extra/build_rpm.sh to run install_botan_dev
instead of install_botan_stable to use Botan's development version.
CMocka 1.1 is required to build and run tests.
Installed via packaging/redhat/extra/build_rpm.sh.
In the container:
cd /usr/local/rnp
ACFLAGS=--with-botan=/usr/local ./build.sh
make installIn the container:
export LD_LIBRARY_PATH=/usr/lib:/usr/local/lib
rnp_testsIn the container:
cd /usr/local/rnp
./remove_artifacts.shOtherwise use git clean.
If you're going to sign the RPM,
(In the container:)
# Import your packager private key.
gpg --import your-packager.key
# Edit your identities.
PACKAGER="${PACKAGER:-Your Packager <your@packager.com>}"
GPG_NAME="${GPG_NAME:-${PACKAGER}}"
cat <<MACROS >~/.rpmmacros
%_signature gpg
%_gpg_path $HOME/.gnupg
%_gpg_name ${GPG_NAME}
%_gpgbin /usr/bin/gpg
%packager ${PACKAGER}
%_topdir $HOME/rpmbuild
MACROSBut if you're just going to test the RPM build process without GPG-signing, (In the container:)
export SIGN=Run the rpmbuild script. (In the container:)
cd /usr/local/rnp
./remove_artifacts.sh
packaging/redhat/extra/build_rpm.sh
The you can copy out the RPMs from the container:
cp ~/rpmbuild/SRPMS/rnp*.rpm ~/rpmbuild/RPMS/x86_64/*.rpm /usr/local/rnprnp follows the semantic versioning syntax.
The autoconf package version (set in AC_INIT() in configure.ac) uses
'x.y.z~' as package version value during development and at release the
~ suffix is removed.
The '--version' output of the rnp commands contains the git hash of
the version the binary was built from, which value is generated when
autoreconf ran, consequently a release tarball generated with make dist will contain this hash version.
After a release version is tagged/branched, the kicking off of the new
development cycle starts with a commit which adds the new upcoming
version suffixed with ~ to the AC_INIT() call.
The first version of rnp started at 0.8.0 to indicate its development
completeness (or lack thereof).