heiko · he/him
7 followers · 0 following
Overview Repositories
17
 Projects Packages Public activity Starred repositories

Hi! I'm Heiko 👋, and I've been hacking on OpenPGP-related projects 🔐 since early 2019 (mostly in Rust 🦀).

Find me online

  • floss.social (Mostly posting about OpenPGP, interspersed with occasional silliness)
  • OpenPGP.foo (Articles and blogging about assorted OpenPGP topics)
  • gitlab (I'm slowly moving away from there)
  • github (Only to collaborate with github-based projects)

OpenPGP certificates

My current v4 OpenPGP certificate: 23da7c0eaa711f0170013595b518d342eb2d4805.

My experimental v6 PQC OpenPGP certificate: 4313b99377e3ac13c1092046db086defe11b8079fbb0db8147824be0606b8fc6.

Projects

minipgp6

minipgp6 🔐🤏 is a very lean OpenPGP software stack. It will implement a modern subset of the OpenPGP standard as specified in RFC 9580.

Documentation project: "OpenPGP for application developers"

I co-authored the book 📚 “OpenPGP for application developers”1 (and coordinated the four months of work on this project by a group of experts, a technical writer and a visual designer).

OpenPGP.foo

OpenPGP.foo is a personal writing project about various OpenPGP related topics.

The content covers a few distinct threads:

  • A beginner's tutorial into the world of OpenPGP, revolving heavily around the vendor-agnostic "Stateless OpenPGP" (SOP) standard, instead of a vendor-specific software (such as GnuPG).
  • An introduction to a set of OpenPGP-related tools that I use (many of which I am a co-author of).
  • One-off blog articles about OpenPGP-related topics from my personal perspective.

My main hope for OpenPGP.foo is to empower interested readers to get their bearings in the world of OpenPGP and hopefully join us in using it, hacking on it, and joining us in co-evolving the ecosystem and standard.

rPGP

rPGP is a pure Rust, low-level OpenPGP library. I use rPGP for my OpenPGP projects, and am also a contributor to the library.

rpgpie

rpgpie is an experiment at implementing higher level OpenPGP semantics, as well as a user-friendly API, on top of rPGP. It is used in a number of my projects, but not currently ready for broader adoption.

rsop

rsop is a "Stateless OpenPGP" CLI tool. It is based on rPGP/rpgpie, and (like all SOP tools) can be used to perform common OpenPGP operations.

The initial impetus for writing rsop was exploring rPGP's interoperability with other OpenPGP implementations with the OpenPGP interoperability test suite (rsop is listed under the name rpgpie in the test suite).

rsop-oct

rsop-oct is a sibling project to rsop.

It offers native support for private key operations backed by OpenPGP card hardware security devices.

As far as I know, rsop-oct is currently the only SOP tool that can sign or decrypt based on OpenPGP card-backed keys.

OpenPGP card

One of my ongoing interests is modern Rust-based support for OpenPGP card devices2:

graph LR
    OC["openpgp-card <br/> (OpenPGP card client library)"]
    RPGP["rPGP <br/> (Pure Rust OpenPGP library)"]

    RPGPIE["rpgpie <br/> (High level OpenPGP API for rPGP)"]
    OCR["openpgp-card-rpgp"]
    OCS["openpgp-card-state <br/> (User PIN management)"]

    RPGPIE-->RPGP
    OCR-->RPGP
    OCR-->OC

    OCT["oct <br/> (Inspect, configure and use OpenPGP cards)"]
    RSOCT["rsop-oct <br/> (Stateless OpenPGP with card support)"]
    OCTGIT["oct-git <br/> (Git signing with OpenPGP cards)"]
    OCSA["openpgp-card-ssh-agent <br/> (Standalone SSH agent for OpenPGP cards)"]

    OCT-->RPGPIE
    OCT-->OC

    RSOCT-->RPGPIE
    RSOCT-->OCR
    RSOCT-->OCS

    OCTGIT-->RPGPIE
    OCTGIT-->OCR
    OCTGIT-->OCS

    OCSA-->OCS
    OCSA-->OC

OpenPGP CA

I am the author of OpenPGP CA3, a tool for managing OpenPGP keys within organizations.

  1. Work on “OpenPGP for application developers” was funded by the Sovereign Tech Fund ↩︎

  2. Some of my OpenPGP card-related work was financially supported by NLnet and p≡p foundation ↩︎

  3. Work on OpenPGP CA was financially supported by NLnet ↩︎