May 26, 2009 posted by Alistair Crooks
NetBSD-current has recently had a new addition - that of netpgp, a BSD-licensed library that can perform digital signature signing and verification, and also encryption and decryption of files. An email explaining netpgp was sent to the tech-security mailing list, but I thought I'd give a short summary of that email here.
netpgp exists as a library, libnetpgp, in NetBSD-current. Using libnetpgp, existing PGP (and GPG) keys can be used to sign and verify files. In addition, encryption and decryption can be performed using the same library. The library is distributed under a 2-clause BSD license. libnetpgp is based on the openpgpsdk library from Ben Laurie and Rachel Willmer, but has had some extensive changes made to it, including all of the external names changed, the default hash algorithm for RSA signing has been changed to SHA-256 (which is interoperable with gpg), and the default size of a key at key generation time is 2048 bits. netpgp handles files larger than 8192 bytes for both verification and decryption, and will attempt to use mmap(2) if it is available, falling back to read(2) if the mmap was not successful.
Right now, the netpgp(1) program does key management as well, but that will be changed in future, so that the key management features are handled in a separate key management program.
One of the goals for netpgp is that it can be used as a drop-in replacement for gpg (and libnetpgp for gpgme).
A package for netpgp is also available in pkgsrc/security/netpgp.