h-gpgme: High Level Binding for GnuPG Made Easy (gpgme)

[ cryptography, library, mit ] [ Propose Tags ] [ Report a vulnerability ]

High Level Binding for GnuPG Made Easy (gpgme): A Haskell API for the gpgme C library.


[Skip to Readme]

Modules

[Last Documentation]

  • Crypto
    • Crypto.Gpgme
      • Key
        • Crypto.Gpgme.Key.Gen

Downloads

Maintainer's Corner

Package maintainers

For package maintainers and hackage trustees

Candidates

Versions [RSS] 0.1.0.0, 0.2.0.0, 0.3.0.0, 0.4.0.0, 0.5.0.0, 0.5.1.0, 0.6.0.0, 0.6.1.0, 0.6.2.0, 0.6.3.0, 0.6.3.1
Change log CHANGELOG.md
Dependencies base (>=4.14 && <5), bindings-gpgme (>=0.1.8 && <0.3), bytestring (>=0.10 && <0.13), data-default (>=0.5 && <0.9), email-validate (>=2.0 && <2.4), time (>=1.4 && <2), transformers (>=0.4.1 && <0.7), unix (>=2.5 && <2.9) [details]
Tested with ghc ==8.10.7, ghc ==9.2.8, ghc ==9.4.8, ghc ==9.6.6, ghc ==9.8.4, ghc ==9.10.3, ghc ==9.12.4
License MIT
Copyright (c) 2014-2026 Reto
Author Reto
Maintainer rethab@protonmail.com
Uploaded by rethab at 2026-07-11T18:51:12Z
Category Cryptography
Home page https://github.com/rethab/h-gpgme
Bug tracker https://github.com/rethab/h-gpgme/issues
Source repo head: git clone https://github.com/rethab/h-gpgme
Distributions
Reverse Dependencies 2 direct, 0 indirect [details]
Downloads 5099 total (36 in the last 30 days)
Rating (no votes yet) [estimated by Bayesian average]
Your Rating
  • λ
  • λ
  • λ
Status Docs not available [build log]
All reported builds failed as of 2026-07-11 [all 2 reports]

Readme for h-gpgme-0.6.3.1

[back to package description]

Hackage CI MIT License

h-gpgme: High Level Haskell Bindings for GnuPG Made Easy

h-gpgme wraps gpgme, the library GnuPG offers to programs that want OpenPGP without shelling out to gpg. The API stays close to the C one, but the memory management, error handling and resource cleanup a C API leaves to the caller become ordinary Haskell values and bracket-style functions.

The crypto itself comes from the GnuPG installation already on the machine: the same keyrings, the same gpg-agent, the same trust database.

Features

  • Encryption and decryption — to one or more recipients (encrypt, decrypt), symmetrically when you name no recipient at all, and on file descriptors (encryptFd, decryptFd) for data you would rather not hold in memory.
  • Signing and verification — normal, detached and cleartext signatures (sign with SignMode), verification of attached and detached signatures (verify, verifyDetached), and the combined encryptSign / decryptVerify.
  • Key lookup — by fingerprint (getKey), across a keyring (listKeys), or by user id (searchKeys), down to the user ids, subkeys, algorithms and validity of what comes back.
  • Key import, export and removalimportKeyFromFile, importKeyFromBytes; exportKey, exportSecretKey and exportKeys with ExportMode, armored if the context has setArmor; removeKey.
  • Key generationCrypto.Gpgme.Key.Gen builds the parameter list gpgme expects (key type, length, usage, expiry, passphrase) out of types rather than hand-written strings.
  • Callbacks — answer a passphrase request from your own code instead of a pinentry prompt (setPassphraseCallback), and follow slow operations with setProgressCallback.

Every operation runs in a Ctx, a gpgme context bound to a GnuPG home directory. Use withCtx and it is freed for you.

Requirements

The gpgme C library with its headers, and a GnuPG installation:

apt install libgpgme-dev      # Debian, Ubuntu
brew install gpgme            # macOS

Both the gpgme 1.x and 2.x series work. gpgme 2.x additionally needs bindings-gpgme >= 0.2, since gpgme 2.0 dropped the trust item API that older bindings referenced.

Getting started

{-# LANGUAGE OverloadedStrings #-}

import Crypto.Gpgme

main :: IO ()
main = do
    let alicePubFpr = "EAACEB8A"

    -- encrypt for alice, out of bob's keyring
    Just enc <- withCtx "test/bob" "C" OpenPGP $ \bCtx -> do
        Just aPubKey <- getKey bCtx alicePubFpr NoSecret
        either (const Nothing) Just <$> encrypt bCtx [aPubKey] NoFlag "hello"

    -- decrypt as alice, answering the passphrase request in-process rather than
    -- at a pinentry prompt (needs allow-loopback-pinentry in gpg-agent.conf)
    dec <- withCtx "test/alice" "C" OpenPGP $ \aCtx -> do
        setPassphraseCallback aCtx (Just (\_ _ _ -> return (Just "alice123")))
        decrypt aCtx enc

    print dec

withCtx takes the home directory, the locale and the protocol. For one-shot use there are shorthands that build their own context, like encrypt' "test/bob" alicePubFpr "hello".

The test suite doubles as the fullest set of examples: it exercises every operation above against the keyrings in test/.

Documentation

The API docs live on Hackage. For what each underlying call really does, the gpgme manual is the authority — h-gpgme's names follow it closely.

Contributing

Issues and pull requests are welcome. cabal test runs the suite; tests marked NoCi are skipped in CI with --test-options='--pattern=!/NoCi/'. test/README.md describes the test keyrings, and RELEASE.md how a release is cut.

Changelog · License (MIT)