By Heiko | May 7, 2021
Today we’re happy to announce the first release of the OpenPGP CA 0.10.x series. The code for OpenPGP CA 0.10.1 is tagged on gitlab.
Starting with this release, we’re publishing to
crates.io. So from now on, you can conveniently
cargo install openpgp-ca.
Right now, we’re publishing two crates:
- The openpgp-ca CLI tool: crates.io/crates/openpgp-ca
- The underlying library that implements the functionality of OpenPGP CA (the CLI tool is a slim wrapper around this library): crates.io/crates/openpgp-ca-lib
Behind the scenes
After some refactoring of the codebase, the 0.10.x series paves the way for OpenPGP CA instances with different cryptographic backends and/or different data storage models.
One concrete plan is to implement support for OpenPGP CA instances based around OpenPGP card hardware tokens, such as Gnuk or YubiKey. With such OpenPGP CA instances, no private key material will be stored in the CA database. All operations that require CA private key material will be performed on the hardware token.
We’ve also discussed read-only instances that don’t contain CA private key material, for example as part of an air-gapped setup, and are considering implementing support for that use case.