Skip to content

ijat/NefPGP

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

42 Commits
.claude
.claude
 
 
.github/workflows
.github/workflows
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

NefPGP

A lightweight, cross-platform desktop GUI for OpenPGP key management — a Kleopatra-style tool for creating and managing keys, scoped deliberately narrow. No encrypt / sign / decrypt yet.

Built with Avalonia UI on .NET 10, using MVVM + clean architecture, with a dark acrylic-glass design language.

Status: early development (v0.2.0). The crypto backend, encrypted vault, and key manager are functional, but this is pre-1.0 software — review the code before trusting it with keys you cannot regenerate.

Features

  • Key generation — Ed25519 + X25519 (default) or RSA 2048–4096, with optional per-key passphrase protection.
  • Encrypted vault — all keys live in a single portable file at ~/.nefpgp/vault.nefpgp, protected with Argon2id + AES-256-GCM. Back it up or move it as one file.
  • GPG interop — import/export GnuPG-compatible .asc armored files. Syncing an unprotected secret key to gpg surfaces an explicit warning first.
  • Key manager — browse, search, and filter your keyring (all / secret / public-only).
  • Groups — user-defined groups, persisted in the vault, for organizing keys.
  • Subkeys — view real subkeys and extend expiry (primary + subkeys together) via presets or a custom date.

Platforms

macOS, Windows, and Linux (desktop). All runtime data — keyring, logs, settings — is stored under ~/.nefpgp.

Build & run

Requires the .NET 10 SDK. From src/:

# Build
AVALONIA_TELEMETRY_OPTOUT=1 DOTNET_CLI_TELEMETRY_OPTOUT=1 dotnet build NefPgp.sln

# Run
dotnet run --project NefPgp.Desktop

# Test
AVALONIA_TELEMETRY_OPTOUT=1 DOTNET_CLI_TELEMETRY_OPTOUT=1 dotnet test NefPgp.sln

The *_TELEMETRY_OPTOUT env vars suppress Avalonia/dotnet build-time telemetry, which can otherwise stall builds behind outbound network calls.

Architecture

Four-layer clean architecture under src/:

NefPgp.Core            domain models + IOpenPgpProvider / IKeyStore (references nothing)
NefPgp.Application     KeyManagerService use cases             (references Core)
NefPgp.Infrastructure  BouncyCastle backend + encrypted vault  (references Core; only BC consumer)
NefPgp.Desktop        Avalonia MVVM UI                         (references all of the above)
NefPgp.Tests          xUnit

The OpenPGP backend sits behind a single interface (IOpenPgpProvider) so it can be swapped — e.g. for a gpg-CLI provider — without touching the UI. BouncyCastle is confined to Infrastructure and never leaks through the abstraction.

Security notes

  • Passphrases and secret-key material are never logged and never returned through metadata models.
  • The vault is the single source of truth for secret keys; the GPG keyring is treated as a separate, opt-in mirror.
  • This software has not undergone an independent security audit. Use accordingly.

License

GPL-3.0 © Ijat

About

Lightweight cross-platform desktop GUI for OpenPGP key management — a Kleopatra-style tool built with Avalonia + .NET

Topics

cryptography csharp cross-platform dotnet mvvm pgp gnupg desktop avalonia openpgp avaloniaui key-management

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.3.1 Latest
Jun 21, 2026

Packages

 
 
 

Contributors

Languages