Expand description

Functionality for dealing with mostly unparsed certificates.

Parsing a certificate is not cheap. When reading a keyring, most certificates are discarded or never used as they are not relevant. This module provides the RawCertParser and RawCert data structures that can help reduce the amount of unnecessary computation.

RawCertParser splits a keyring into RawCerts by looking primarily at the packet framing and the packet headers. This is much faster than parsing the packets’ contents, as the CertParser does.

RawCert exposes just enough functionality to allow the user to quickly check if a certificate is not relevant. Note: to check if a certificate is really relevant, the check usually needs to be repeated after canonicalizing it (by using, e.g., Cert::from) and validating it (by using Cert::with_policy).


Search for a specific certificate in a keyring:

use sequoia_openpgp as openpgp;

use openpgp::cert::prelude::*;
use openpgp::cert::raw::RawCertParser;
use openpgp::parse::Parse;
for cert in RawCertParser::from_bytes(&bytes)? {
    /// Ignore corrupt and invalid certificates.
    let cert = if let Ok(cert) = cert {
    } else {

    if cert.fingerprint() == fpr {
        // Found it!  Try to convert it to a Cert.
        if let cert = Cert::try_from(cert) {
            return cert;

// Not found.
return Err(anyhow::anyhow!("Not found!").into());


A key iterator for RawCerts.

A mostly unparsed Cert.

An iterator over a sequence of unparsed certificates, i.e., an OpenPGP keyring.

A mostly unparsed Packet.