Hi! I'm Heiko 👋. I've been hacking on OpenPGP-related projects 🔐 since early 2019 (mostly in Rust 🦀).

Find me online

OpenPGP certificates

My current v4 OpenPGP certificate: 23da7c0eaa711f0170013595b518d342eb2d4805.

My experimental v6 PQC OpenPGP certificate: 4313b99377e3ac13c1092046db086defe11b8079fbb0db8147824be0606b8fc6.

Projects

minipgp6 🔐🤏

minipgp6 is a very lean implementation of modern OpenPGP. It combines the essential formats from RFC 9580 and draft-ietf-openpgp-pqc.

Also see https://floss.social/@minipgp6.

📚 OpenPGP for application developers

I co-authored the book “OpenPGP for application developers”1 (and coordinated four months of work on this project by a group of experts, a technical writer and a visual designer).

OpenPGP.foo

OpenPGP.foo is a personal writing project about various OpenPGP-related topics.

The content covers a few distinct threads:

  • A beginner's tutorial into the world of OpenPGP, revolving heavily around the vendor-agnostic "Stateless OpenPGP" (SOP) standard, instead of a vendor-specific software (such as GnuPG).
  • An introduction to a set of OpenPGP-related tools that I use (many of which I am a co-author of).
  • One-off blog articles about OpenPGP-related topics from my personal perspective.

My main hope for OpenPGP.foo is to empower interested readers to get their bearings in the world of OpenPGP and hopefully join us in using it, hacking on it, and joining us in co-evolving the ecosystem and standard.

rPGP

rPGP is a pure Rust, low-level OpenPGP library. I am a contributor to rPGP, and use it in various projects.

rpgpie

rpgpie is an experiment at implementing higher level OpenPGP semantics on top of rPGP. It is used in a number of my projects, but not quite ready for broader adoption yet.

rsop

rsop is a Stateless OpenPGP (SOP) CLI tool.

It is based on rPGP/rpgpie, and (like all SOP tools) can be used to perform common OpenPGP operations.

The initial impetus for writing rsop was to explore rPGP's interoperability with other OpenPGP implementations with the OpenPGP interoperability test suite (rsop is listed under the name rpgpie in the test suite).

rsop-oct

rsop-oct is a sibling project to rsop.

It offers native support for private key operations backed by OpenPGP card hardware security devices.

As far as I know, rsop-oct is currently the only SOP tool that can sign or decrypt based on OpenPGP card-backed keys.

OpenPGP card

One of my ongoing interests is modern Rust-based support for OpenPGP card devices2:

graph LR
    OC["openpgp-card <br/> (OpenPGP card client library)"]
    RPGP["rPGP <br/> (Pure Rust OpenPGP library)"]

    RPGPIE["rpgpie <br/> (High level OpenPGP API for rPGP)"]
    OCR["openpgp-card-rpgp"]
    OCS["openpgp-card-state <br/> (User PIN management)"]

    RPGPIE-->RPGP
    OCR-->RPGP
    OCR-->OC

    OCT["oct <br/> (Inspect, configure and use OpenPGP cards)"]
    RSOCT["rsop-oct <br/> (Stateless OpenPGP with card support)"]
    OCTGIT["oct-git <br/> (Git signing with OpenPGP cards)"]
    OCSA["openpgp-card-ssh-agent <br/> (Standalone SSH agent for OpenPGP cards)"]

    OCT-->RPGPIE
    OCT-->OC

    RSOCT-->RPGPIE
    RSOCT-->OCR
    RSOCT-->OCS

    OCTGIT-->RPGPIE
    OCTGIT-->OCR
    OCTGIT-->OCS

    OCSA-->OCS
    OCSA-->OC

OpenPGP CA

I am the author of OpenPGP CA3, a tool for managing OpenPGP keys within organizations.


  1. Work on “OpenPGP for application developers” was funded by the Sovereign Tech Fund ↩︎

  2. Some of my OpenPGP card-related work was financially supported by NLnet and p≡p foundation ↩︎

  3. Work on OpenPGP CA was financially supported by NLnet ↩︎