Inspecting OpenPGP certificates

2 points by wiktor

chimbosonic

How does rPGP compare with Sequoia-pgp with the crypto-rust feature flag?

wiktor

rPGP is a bit lower level but at the same time more flexible and less opinionated. For example it can read ancient signatures as well as current PQC data. It’s also always slightly ahead in interoperability tests.

I’ve expanded upon general differences between projects on the orange site. The point that may interest you is certainly the correct, intricate way of importing Sequoia, depending on whether your crate is a leaf or intermediate one.
- chimbosonic
  
  I’ll give it a try then and see if I reduce the amount of code I need to get the fingerprint and verify a key on WKD-tester.
  - wiktor
    
    Ack. We’re using it in Signstar and are quite happy but frankly all these libraries have issues, some of them intrinsic (complexity that cannot be removed because it’s inherent in the underlying protocol).
    
    Good luck and see you! 👋