diff --git a/.gitmodules b/.gitmodules
index 7692f4556..9a68ca0cb 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -36,3 +36,6 @@
 [submodule "retroshare-webui"]
 	path = retroshare-webui
 	url = https://github.com/RetroShare/RSNewWebUI.git
+[submodule "supportlibs/librnp"]
+	path = supportlibs/librnp
+	url = https://github.com/rnpgp/rnp.git
diff --git a/RetroShare.pro b/RetroShare.pro
index 944e8204e..4972fe2ab 100644
--- a/RetroShare.pro
+++ b/RetroShare.pro
@@ -25,9 +25,6 @@ CONFIG += c++14
 
 TEMPLATE = subdirs
 
-SUBDIRS += openpgpsdk
-openpgpsdk.file = openpgpsdk/src/openpgpsdk.pro
-
 rs_jsonapi:isEmpty(JSONAPI_GENERATOR_EXE) {
     SUBDIRS += jsonapi-generator
     jsonapi-generator.file = jsonapi-generator/src/jsonapi-generator.pro
@@ -36,7 +33,7 @@ rs_jsonapi:isEmpty(JSONAPI_GENERATOR_EXE) {
 
 SUBDIRS += libbitdht
 libbitdht.file = libbitdht/src/libbitdht.pro
-libretroshare.depends += openpgpsdk libbitdht
+libretroshare.depends += libbitdht
 
 SUBDIRS += libretroshare
 libretroshare.file = libretroshare/src/libretroshare.pro
diff --git a/build_scripts/Windows-msys2/build/build.bat b/build_scripts/Windows-msys2/build/build.bat
index 4fdaff09f..bf68f3e20 100644
--- a/build_scripts/Windows-msys2/build/build.bat
+++ b/build_scripts/Windows-msys2/build/build.bat
@@ -18,6 +18,8 @@ if errorlevel 1 goto error_env
 if not "%ParamNoupdate%"=="1" (
 	:: Install needed things
 	%EnvMSYS2Cmd% "pacman --noconfirm --needed -S make git mingw-w64-%RsMSYS2Architecture%-toolchain mingw-w64-%RsMSYS2Architecture%-qt5 mingw-w64-%RsMSYS2Architecture%-miniupnpc mingw-w64-%RsMSYS2Architecture%-sqlcipher mingw-w64-%RsMSYS2Architecture%-cmake mingw-w64-%RsMSYS2Architecture%-rapidjson"
+	:: rnp
+	%EnvMSYS2Cmd% "pacman --noconfirm --needed -S mingw-w64-%RsMSYS2Architecture%-json-c mingw-w64-%RsMSYS2Architecture%-libbotan"
 
 	:: Webui
 	if "%ParamWebui%"=="1" %EnvMSYS2Cmd% "pacman --noconfirm --needed -S mingw-w64-%RsMSYS2Architecture%-doxygen"
diff --git a/build_scripts/Windows-msys2/build/pack.bat b/build_scripts/Windows-msys2/build/pack.bat
index 313da7479..a898832f7 100644
--- a/build_scripts/Windows-msys2/build/pack.bat
+++ b/build_scripts/Windows-msys2/build/pack.bat
@@ -105,6 +105,7 @@ copy "%RsBuildPath%\retroshare-nogui\src\%RsBuildConfig%\retroshare*-nogui.exe"
 copy "%RsBuildPath%\retroshare-service\src\%RsBuildConfig%\retroshare*-service.exe" "%RsDeployPath%" %Quite%
 copy "%RsBuildPath%\supportlibs\cmark\build\src\libcmark.dll" "%RsDeployPath%" %Quite%
 if exist "%RsBuildPath%\libretroshare\src\lib\retroshare.dll" copy "%RsBuildPath%\libretroshare\src\lib\retroshare.dll" "%RsDeployPath%" %Quite%
+if exist "%RsBuildPath%\supportlibs\librnp\Build\src\lib\librnp.dll" copy "%RsBuildPath%\supportlibs\librnp\Build\src\lib\librnp.dll" "%RsDeployPath%" %Quite%
 if exist "%RsBuildPath%\retroshare-friendserver\src\%RsBuildConfig%\retroshare-friendserver.exe" (
 	copy "%RsBuildPath%\retroshare-friendserver\src\%RsBuildConfig%\retroshare-friendserver.exe" "%RsDeployPath%" %Quite%
 )
diff --git a/build_scripts/Windows/build-libs/Makefile b/build_scripts/Windows/build-libs/Makefile
index 0075770cd..33fd0218b 100644
--- a/build_scripts/Windows/build-libs/Makefile
+++ b/build_scripts/Windows/build-libs/Makefile
@@ -13,12 +13,18 @@ LIBMICROHTTPD_VERSION=0.9.75
 FFMPEG_VERSION=4.4
 RAPIDJSON_VERSION=1.1.0
 XAPIAN_VERSION=1.4.19
+#RNP_VERSION=0.17.1
+
+# libaries for rnp
+JSON_C_VERSION=0.18
+BOTAN_VERSION=2.19.5
 
 DOWNLOAD_PATH?=download
 BUILD_PATH=build
 LIBS_PATH?=libs
 
-all: dirs zlib bzip2 miniupnpc openssl speex speexdsp libxml2 libxslt curl sqlcipher libmicrohttpd ffmpeg rapidjson xapian copylibs
+all: dirs zlib bzip2 miniupnpc openssl speex speexdsp libxml2 libxslt curl sqlcipher libmicrohttpd ffmpeg rapidjson xapian jsonc botan copylibs
+#rnp
 
 download: \
 	$(DOWNLOAD_PATH)/zlib-$(ZLIB_VERSION).tar.gz \
@@ -363,6 +369,56 @@ $(BUILD_PATH)/xapian-core-$(XAPIAN_VERSION): $(DOWNLOAD_PATH)/xapian-core-$(XAPI
 	rm -r -f xapian-core-$(XAPIAN_VERSION)
 	mv $(BUILD_PATH)/xapian-core-$(XAPIAN_VERSION).tmp $(BUILD_PATH)/xapian-core-$(XAPIAN_VERSION)
 
+jsonc: $(BUILD_PATH)/json-c-$(JSON_C_VERSION)
+
+$(BUILD_PATH)/json-c-$(JSON_C_VERSION):
+	# prepare
+	rm -r -f $(BUILD_PATH)/rnp-*
+	[ -d "json-c-$(JSON_C_VERSION)" ] || git clone https://github.com/json-c/json-c.git --depth=1 --branch json-c-$(JSON_C_VERSION) "json-c-$(JSON_C_VERSION)"
+	# build json-c
+	mkdir -p json-c-$(JSON_C_VERSION)/build
+	cd json-c-$(JSON_C_VERSION)/build && cmake .. -G"MSYS Makefiles" -Wno-dev -DCMAKE_BUILD_TYPE="release" -DBUILD_SHARED_LIBS=off -DBUILD_STATIC_LIBS=on -DBUILD_TESTING=off -DCMAKE_CXX_FLAGS="-D__MINGW_USE_VC2005_COMPAT" -DCMAKE_INSTALL_PREFIX="`pwd`/install" -DCMAKE_INSTALL_PREFIX="`pwd`/../../$(BUILD_PATH)/json-c-$(JSON_C_VERSION).tmp"
+	cd json-c-$(JSON_C_VERSION)/build && make install
+	# cleanup
+	rm -r -f json-c-$(JSON_C_VERSION)
+	mv $(BUILD_PATH)/json-c-$(JSON_C_VERSION).tmp $(BUILD_PATH)/json-c-$(JSON_C_VERSION)
+
+botan: $(BUILD_PATH)/botan-$(BOTAN_VERSION)
+
+$(BUILD_PATH)/botan-$(BOTAN_VERSION):
+	# prepare
+	pacman --needed --noconfirm -S python3
+	rm -r -f $(BUILD_PATH)/rnp-*
+	[ -d "botan-$(BOTAN_VERSION)" ] || git clone https://github.com/randombit/botan.git --depth=1 --branch $(BOTAN_VERSION) "botan-$(BOTAN_VERSION)"
+	# build botan
+	if [ $(MSYSTEM) = "MINGW32" ] ; then cd botan-$(BOTAN_VERSION) && ./configure.py --os=mingw --cpu=x86_32 --disable-shared-library --enable-static-library --extra-cxxflags="-D__MINGW_USE_VC2005_COMPAT" --prefix="`pwd`/../$(BUILD_PATH)/botan-$(BOTAN_VERSION).tmp" ; fi
+	if [ $(MSYSTEM) = "MINGW64" ] ; then cd botan-$(BOTAN_VERSION) && ./configure.py --os=mingw --cpu=x86_64 --disable-shared-library --enable-static-library --prefix="`pwd`/../$(BUILD_PATH)/botan-$(BOTAN_VERSION).tmp" ; fi
+	cd botan-$(BOTAN_VERSION) && make install
+	# cleanup
+	rm -r -f botan-$(BOTAN_VERSION)
+	mv $(BUILD_PATH)/botan-$(BOTAN_VERSION).tmp $(BUILD_PATH)/botan-$(BOTAN_VERSION)
+
+rnp: $(BUILD_PATH)/rnp-$(RNP_VERSION)
+
+$(BUILD_PATH)/rnp-$(RNP_VERSION):
+	# prepare
+	[ -d "rnp-$(RNP_VERSION)" ] || git clone https://github.com/rnpgp/rnp.git --depth=1 --branch v$(RNP_VERSION) --recurse-submodules --shallow-submodules "rnp-$(RNP_VERSION)"
+	# build
+	mkdir -p rnp-$(RNP_VERSION)/build
+	cd rnp-$(RNP_VERSION)/build && cmake .. -G"MSYS Makefiles" -Wno-dev -DCMAKE_INSTALL_PREFIX="`pwd`/install" -DBUILD_SHARED_LIBS=yes -DBUILD_TESTING=off -DCMAKE_CXX_FLAGS="-D__MINGW_USE_VC2005_COMPAT -D__STDC_FORMAT_MACROS" -DBZIP2_INCLUDE_DIR="`pwd`/../../$(BUILD_PATH)/bzip2-$(BZIP2_VERSION)/include" -DBZIP2_LIBRARY_RELEASE="`pwd`/../../$(BUILD_PATH)/bzip2-$(BZIP2_VERSION)/lib/libbz2.a" -DBZIP2_LIBRARIES="`pwd`/../../$(BUILD_PATH)/bzip2-$(BZIP2_VERSION)/lib/libbz2.a" -DZLIB_INCLUDE_DIR="`pwd`/../../$(BUILD_PATH)/zlib-$(ZLIB_VERSION)/include" -DZLIB_LIBRARY="`pwd`/../../$(BUILD_PATH)/zlib-$(ZLIB_VERSION)/lib/libz.a" -DJSON-C_INCLUDE_DIR="`pwd`/../../$(BUILD_PATH)/json-c-$(JSON_C_VERSION)/include/json-c" -DJSON-C_LIBRARY="`pwd`/../../$(BUILD_PATH)/json-c-$(JSON_C_VERSION)/lib/libjson-c.a" -DBOTAN_INCLUDE_DIR="`pwd`/../../$(BUILD_PATH)/botan-$(BOTAN_VERSION)/include/botan-`echo $(BOTAN_VERSION) | cut -c1-1`" -DBOTAN_LIBRARY="`pwd`/../../$(BUILD_PATH)/botan-$(BOTAN_VERSION)/lib/libbotan-`echo $(BOTAN_VERSION) | cut -c1-1`.a"
+	cmake --build rnp-$(RNP_VERSION)/build
+	# copy files
+	mkdir -p $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/include/rnp
+	cp -r rnp-$(RNP_VERSION)/include/rnp/* $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/include/rnp/
+	cp -r rnp-$(RNP_VERSION)/build/src/lib/rnp/* $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/include/rnp/
+	mkdir -p $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/lib
+	cp -r rnp-$(RNP_VERSION)/build/src/lib/librnp.dll.a $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/lib/
+	mkdir -p $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/bin
+	cp -r rnp-$(RNP_VERSION)/build/src/lib/librnp.dll $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp/bin/
+	# cleanup
+	rm -r -f rnp-$(RNP_VERSION)
+	mv $(BUILD_PATH)/rnp-$(RNP_VERSION).tmp $(BUILD_PATH)/rnp-$(RNP_VERSION)
+
 copylibs:
 	rm -r -f $(LIBS_PATH) ; \
 	mkdir -p $(LIBS_PATH) ; \
diff --git a/build_scripts/Windows/build/pack.bat b/build_scripts/Windows/build/pack.bat
index 1c844efa0..ff347babf 100644
--- a/build_scripts/Windows/build/pack.bat
+++ b/build_scripts/Windows/build/pack.bat
@@ -96,6 +96,7 @@ copy nul "%RsDeployPath%\portable" %Quite%
 echo copy binaries
 copy "%RsBuildPath%\retroshare-gui\src\%RsBuildConfig%\retroshare*.exe" "%RsDeployPath%" %Quite%
 if exist "%RsBuildPath%\libretroshare\src\lib\retroshare.dll" copy "%RsBuildPath%\libretroshare\src\lib\retroshare.dll" "%RsDeployPath%" %Quite%
+if exist "%RsBuildPath%\supportlibs\librnp\Build\src\lib\librnp.dll" copy "%RsBuildPath%\supportlibs\librnp\Build\src\lib\librnp.dll" "%RsDeployPath%" %Quite%
 
 if "%ParamService%"=="1" (
 	copy "%RsBuildPath%\retroshare-service\src\%RsBuildConfig%\retroshare*-service.exe" "%RsDeployPath%" %Quite%
diff --git a/build_scripts/Windows/installer/retroshare-Qt5.nsi b/build_scripts/Windows/installer/retroshare-Qt5.nsi
index 63c81bbcc..c7a5b9554 100644
--- a/build_scripts/Windows/installer/retroshare-Qt5.nsi
+++ b/build_scripts/Windows/installer/retroshare-Qt5.nsi
@@ -247,6 +247,7 @@ Section $(Section_Main) Section_Main
 
   ; External binaries
   File "${EXTERNAL_LIB_DIR}\bin\miniupnpc.dll"
+  File "${RELEASEDIR}\supportlibs\librnp\Build\src\lib\librnp.dll"
   !if ${ARCHITECTURE} == "x86"
     File "${EXTERNAL_LIB_DIR}\bin\libcrypto-1_1.dll"
     File "${EXTERNAL_LIB_DIR}\bin\libssl-1_1.dll"
diff --git a/retroshare-friendserver/src/friendserver.cc b/retroshare-friendserver/src/friendserver.cc
index 19c286256..3c80bba83 100644
--- a/retroshare-friendserver/src/friendserver.cc
+++ b/retroshare-friendserver/src/friendserver.cc
@@ -8,7 +8,11 @@
 
 #include "pgp/pgpkeyutil.h"
 #include "pgp/rscertificate.h"
+#ifdef USE_OPENPGPSDK
 #include "pgp/openpgpsdkhandler.h"
+#else
+#include "pgp/rnppgphandler.h"
+#endif
 
 #include "friendserver.h"
 #include "friend_server/fsitem.h"
@@ -393,7 +397,11 @@ FriendServer::FriendServer(const std::string& base_dir,const std::string& listen
     std::string pgp_private_keyring_path = RsDirUtil::makePath(base_dir,"pgp_private_keyring") ;	// not used.
     std::string pgp_trustdb_path         = RsDirUtil::makePath(base_dir,"pgp_trustdb") ;	        // not used.
 
+#ifdef USE_OPENPGPSDK
     mPgpHandler = new OpenPGPSDKHandler(pgp_public_keyring_path,pgp_private_keyring_path,pgp_trustdb_path,pgp_lock_path);
+#else
+    mPgpHandler = new RNPPGPHandler(pgp_public_keyring_path,pgp_private_keyring_path,pgp_trustdb_path,pgp_lock_path);
+#endif
 
     // Random bias. Should be cryptographically safe.
 
diff --git a/retroshare.pri b/retroshare.pri
index 7858f67f6..22bf11d3f 100644
--- a/retroshare.pri
+++ b/retroshare.pri
@@ -182,6 +182,12 @@ rs_deep_files_index_taglib:CONFIG -= no_rs_deep_files_index_taglib
 CONFIG *= no_rs_use_native_dialogs
 rs_use_native_dialogs:CONFIG -= no_rs_use_native_dialogs
 
+# By default, use RNP lib for RFC4880 PGP management. If not, compilation will
+# default to openpgp-sdk, which is old and unmaintained, so probably not very secure.
+CONFIG *= rs_rnplib
+rs_no_rnplib:CONFIG -= rs_rnplib
+rs_no_rnplib:CONFIG += rs_openpgpsdk
+
 # To disable broadcast discovery append the following assignation to qmake
 # command line "CONFIG+=no_rs_broadcast_discovery"
 CONFIG *= rs_broadcast_discovery
@@ -302,6 +308,18 @@ isEmpty(RS_THREAD_LIB):RS_THREAD_LIB = pthread
 #
 ###########################################################################################################################################################
 
+###########################################################################################################################################################
+#
+#  V06_EXPERIMENTAL_CHANGE_001:
+#
+#    What: removes issuer fingerprint from signature subpackets
+#    Why:  This type of subpacket is not part of RFC4880 and not recognised by OpenPGP-SDK
+#    BackwardCompat: old RS before Sept.2024 will not be able to exchange keys
+#    Note: Since signature subpacket 33 is part of the hashed section of the signature, this also invalidates the signature.
+#           Depending on the implementation, certificates with self-signature that miss this subpacket may not be accepted.
+#
+###########################################################################################################################################################
+
 
 DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_001
 DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_002
@@ -313,6 +331,7 @@ rs_v07_changes {
     DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_002
     DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_003
     DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_004
+    DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_005
     DEFINES += V07_NON_BACKWARD_COMPATIBLE_CHANGE_UNNAMED
 }
 
@@ -849,6 +868,19 @@ isEmpty(RS_UPNP_LIB) {
     }
 }
 
+rs_openpgpsdk {
+        SUBDIRS += openpgpsdk
+        openpgpsdk.file = openpgpsdk/src/openpgpsdk.pro
+        libretroshare.depends += openpgpsdk
+        message("Using OpenPGP-SDK for PGP")
+}
+
+rs_rnplib {
+        DEFINES += USE_RNP_LIB
+        message("Using RNP lib for PGP")
+}
+
+
 equals(RS_UPNP_LIB, none):RS_UPNP_LIB=
 equals(RS_UPNP_LIB, miniupnpc):DEFINES*=RS_USE_LIBMINIUPNPC
 contains(RS_UPNP_LIB, upnp):DEFINES*=RS_USE_LIBUPNP
diff --git a/supportlibs/librnp b/supportlibs/librnp
new file mode 160000
index 000000000..3bd1b71b2
--- /dev/null
+++ b/supportlibs/librnp
@@ -0,0 +1 @@
+Subproject commit 3bd1b71b2a6138fbf21aa531349846024cbaec21