symbol Asset 1

RNP 0.10.0 released

Author’s picture Ronald Tse Author’s picture Nickolay Olshevsky on 20 Aug 2018

What is RNP?

Meet RNP, an RFC 4880-compliant OpenPGP library written in C++. As a modern implementation of the OpenPGP standard, RNP provides a robust foundation for secure communications and data protection.

Origins and development

RNP was born at Ribose and is continuously maintained under its initiative. While it originally stemmed from NetPGP, RNP has evolved significantly through a year of active development, resulting in a complete transformation of the codebase.

Key improvements

The development team has:

  • Thoroughly rewritten legacy code for modern systems

  • Resolved compatibility issues with GnuPG and other OpenPGP implementations

  • Enhanced performance across all operations

  • Added support for cutting-edge cryptographic features

  • Maintained strict RFC 4880 compliance

Licensing benefits

RNP stands out with its BSD 3-clause license, offering unique advantages for both academic and commercial projects:

  • Intentionally non-copyleft to enable broad integration options

  • Compatible with GPL, MPL, MIT, and most other open-source licenses

  • Suitable for commercial binary distributions

  • Flexible embedding options in academic research and proprietary software

  • No reciprocal licensing requirements unlike copyleft licenses

Whether you’re developing research software, an open-source tool, or a commercial application, RNP provides a reliable, well-maintained OpenPGP implementation that you can freely integrate into your software without licensing constraints.

Getting started with RNP

RNP is both a library for direct integration into applications and a set of command-line tools. You can use it in several ways:

As a library

If you are developing a Ruby application, there are official bindings (see ruby-rnp RubyDocs).

Since RNP is written in C++, you can also integrate it directly into:

  • C/C++ applications

  • Objective-C code

  • Python applications using ctypes

As command-line tools

The CLI tools rnp and rnpkeys can be installed via:

  • Homebrew on macOS

  • YUM on RPM-based Linux distributions

  • Debian packages (coming soon)

These tools provide similar functionality to GnuPG’s command-line interface (see supported flags and use cases in the README).

Why RNP?

True library architecture

RNP is designed as a proper library from the ground up, unlike GnuPG/GPGME which historically developed as a monolithic application (see GnuPG is not a library (2013)).

This architectural choice means you can easily integrate RNP into your applications without wrestling with process management or complex IPC mechanisms. The library provides clean APIs that allow direct integration at the code level.

Extensive language support

While RNP’s core is written in C++, it offers seamless integration across multiple programming languages. Official Ruby bindings are available and actively maintained. Python and Go bindings are under development, making RNP accessible to a wider range of developers. Thanks to its C++ foundation, you can also integrate RNP into any environment that supports native code calling conventions.

Optimized memory management

Built with modern C++, RNP implements efficient memory management that maintains a constant memory footprint even when processing large amounts of data. This makes it particularly suitable for environments with memory constraints or when handling large encrypted files. The implementation follows best practices for secure memory handling of cryptographic material.

Comprehensive cipher support

RNP stands out with its extensive cryptographic algorithm support, including unique implementation of the SM algorithm family - making it one of the few OpenPGP implementations suitable for deployment in mainland China. The SM series (including SM2, SM3, and SM4) meets Chinese national standards for cryptographic algorithms, opening opportunities for applications that need to comply with Chinese regulatory requirements.

Active development and innovation

The project maintains an active development cycle, focusing on implementing cutting-edge cryptographic features while ensuring backwards compatibility. Regular updates bring performance improvements, security enhancements, and support for new standards as they emerge. The development team actively engages with the community and responds to security considerations in the evolving cryptographic landscape.

Algorithm support in RNP

RNP provides comprehensive support for various cryptographic algorithms, ensuring compatibility with different security requirements and standards.

Symmetric encryption

RNP implements a wide range of symmetric encryption algorithms, offering different security levels and performance characteristics:

  • IDEA - A block cipher that was once used in early versions of PGP

  • Triple DES - A triple-application of the DES cipher, providing additional security over single DES

  • CAST5 - A block cipher offering good performance and security for legacy systems

  • Blowfish - A fast block cipher suitable for environments with limited resources

  • AES variants (128, 192, 256-bit) - The current industry standard for symmetric encryption

  • Twofish - A highly secure alternative to AES, offering excellent performance

  • Camellia variants (128, 192, 256-bit) - A cipher widely used in Japan and compatible with many international standards

  • SM4 - The Chinese national standard block cipher, essential for applications requiring Chinese regulatory compliance

Symmetric encryption modes

RNP supports multiple encryption modes that provide different security properties:

  • CFB (Cipher Feedback) - A traditional mode that converts block ciphers into stream ciphers

  • AEAD-EAX - An authenticated encryption mode providing both confidentiality and authenticity

  • AEAD-OCB - A high-performance authenticated encryption mode offering parallel processing capabilities

Hash functions

RNP implements various cryptographic hash functions for different use cases:

  • MD5 - While cryptographically broken, maintained for legacy compatibility

  • SHA1 - Maintained for backwards compatibility with older systems

  • RIPEMD160 - A hash function developed in Europe as an open alternative

  • SHA-2 family (SHA-224, SHA-256, SHA-384, SHA-512) - The current industry standard hash functions providing different security levels

  • SM3 - The Chinese national standard hash function, required for Chinese market compliance

Asymmetric cryptography

RNP supports a comprehensive set of public-key algorithms:

  • RSA - The widely-used public-key cryptosystem for encryption and digital signatures

  • ElGamal - An asymmetric algorithm particularly useful for encryption operations

  • DSA - The Digital Signature Algorithm, including support for key sizes beyond 1024 bits (DSA2)

  • ECDSA/ECDH - Elliptic curve cryptography offering strong security with shorter key lengths

  • EdDSA - Modern elliptic curve signatures providing high security and performance

  • SM2 - The Chinese national standard for public-key cryptography, essential for Chinese market compliance

Summary

RNP stands out as a unique solution in the OpenPGP ecosystem by combining:

  • True library architecture enabling direct integration without IPC overhead

  • High-performance implementation in modern C++

  • BSD 3-clause license allowing both open-source and commercial use

  • Comprehensive algorithm support including Chinese SM standards

  • Active development with regular updates and security improvements

Whether you’re building an open-source tool or a commercial application, RNP offers a reliable, high-performance OpenPGP implementation that seamlessly integrates into your software stack.