gpgrv is a Rust library for verifying some types of GPG signatures.
```rust use std::io::{stdin, stdout, BufReader, Cursor, Seek, SeekFrom}; fn main() { // load a keyring from some file(s) // for example, we use the linux distribution keyring let mut keyring = gpgrv::Keyring::new(); let keyringfile = Cursor::new(distrokeyring::supportedkeys()); keyring.appendkeysfrom(keyringfile).unwrap();
// read stdin, verify, and write the output to a temporary file
let mut temp = tempfile::tempfile().unwrap();
gpgrv::verify_message(BufReader::new(stdin()), &mut temp, &keyring).expect("verification");
// if we succeeded, print the temporary file to stdout
temp.seek(SeekFrom::Start(0)).unwrap();
std::io::copy(&mut temp, &mut stdout()).unwrap();
} ```
RSASHA1 and SHA2 (SHA-256, SHA-512).gpg for most messages)Read/Write).gpgme (LGPL) - bindings for native code, verbose APIrpgp (MIT/Apache2) - serious implementation of plenty of pgpsequoia-openpgp (GPLv3) - serious implementation of plenty of pgp I was using the the gpgme API, which works, but the API is painful,
and the linking/requirements are complicated.
sequoia's license is wrong.
rpgp has too many features, although it does seem to be nicely split into crates.
1.36.0 (Jul 2019) (required by generic-array) is pinned in Travis.
MSRV bumps are some kind of semver bump, to be decided for 1.0.0.
Licensed under either of
at your option.
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.