Lib.rs

Cryptography
#rpgp #command-line-tool #rpg-pie #signature #pgp #set-operations #signature-verification #openpgp-card #rpgpie-sop

app rsop

SOP CLI tool based on rPGP and rpgpie

by Heiko Schaefer

33 releases (9 breaking)

0.10.0 Feb 2, 2026
0.9.2 Dec 6, 2025
0.9.1 Nov 18, 2025
0.7.2 Jul 8, 2025
0.2.1 Mar 28, 2024

#125 in Cryptography

CC0 license

99KB
2K SLoC

rsop

rsop is a "Stateless OpenPGP" CLI tool. It exposes a simple, standardized CLI interface to perform a set of common OpenPGP operations.

rsop is based on a stack of rpgp and rpgpie 🦀️🔐🥧 (and the rpgpie-sop adapter library).

The sibling project rsop-oct natively supports operations using OpenPGP card devices.

Stateless OpenPGP Command Line Interface

The stateless OpenPGP command line interface (SOP) is an implementation-agnostic standard for handling OpenPGP messages and key material.

Stateless OpenPGP tools - such as rsop - are well suited for use in scripting use cases.

For more background and details about SOP, see https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/.

Example rsop run

rsop can be built and installed from the Rust source code with cargo:

$ cargo install rsop
[..]

Alternatively, you can check for rsop in your system's packages. It is available for Arch Linux.

Once installed, you can use the rsop binary, for example to generate a new key and issue a signature with it:

$ rsop generate-key "<alice@example.org>" > alice.pgp
$ echo "hello world" | rsop inline-sign alice.pgp
-----BEGIN PGP MESSAGE-----

xA0DAAoWRkwnBKe7uWYByxJiAGXLjm9oZWxsbyB3b3JsZArCdQQAFgoAHRYhBGdn
Wt8kdsJqcSYzsUZMJwSnu7lmBQJly45vAAoJEEZMJwSnu7lmrxYBAIlPPn7R2ScC
Qo9s06ebeI/zilJ9vNB7hi4t3Yw6oxbIAP0ddnO5tP2SJRDx+5eWd0slp3G6+AEz
FhrH5HCHKSvQAg==
=bnER
-----END PGP MESSAGE-----

Running from checked out sources

Alternatively, you can run rsop directly from this repository:

$ cargo run -- generate-key "<alice@example.org>"
[..]

rsopv, the signature verification subset

As a smaller alternative to rsop, it is possible to build the rsopv binary. rsopv implements the sopv Subset, which only supports OpenPGP signature verification.

Building the rsopv binary

The rsopv binary can be built like this:

$ cargo build --release --no-default-features --features="cliv" --bin rsopv

OpenPGP interoperability test suite

rsop is included in the OpenPGP interoperability test suite, which tests the features of implementations, adherence to expectations, as well as interoperation between a large set of implementations.

Rust SOP interface

The rsop CLI tool is built using the excellent https://crates.io/crates/sop framework. The rsop binary is trivially derived from rpgpie-sop.

Overview of building blocks

flowchart TD
    RSOP["rsop <br/> (SOP CLI tool)"] --> RPIESOP
    RPIESOP["rpgpie-sop <br/> (SOP interface wrapper for rpgpie)"] --> RPIE
    RPIE["rpgpie <br/> (Experimental high level OpenPGP API)"] --> RPGP
    RPGP["rPGP <br/> (OpenPGP implementation)"]

License

The (trivial) code of rsop is CC0 licensed.

Note, however, that when building a binary package from it, the binary's license is (of course) dictated by the licenses of its dependencies.

Warning, early-stage project!

rsop and rpgpie are currently in an experimental, early development stage and are NOT yet intended for production use.

Dependencies

~23–40MB
~567K SLoC