A new OpenPGP Library

Focus on safety and correctness
Uses a memory-safe language
First-Class Library

Secure and Robust

Sequoia focuses on security and robustness in our choice of tools, our development methodology, and feature set.

Read more.

Easy to Use

A library is only as good as its integration in downstream projects. As such, we made ease of use one of our main goals.

Read more.

Holistic Approach

Improving the security of OpenPGP users requires more than a new implementation. Therefore, we are taking a holistic approach and are improving the ecosystem.

Read more.

Testimonials

Sequoia PGP is more than just a reimplementation of an existing tool. The team behind it is rethinking tooling for the broader PGP ecosystem. Their innovative ideas are making PGP easier to use. I can’t wait to see Sequoia PGP be more broadly adopted.

Phil Zimmermann

Creator of PGP
During the last 3 years the PGP ecosystem got un-stuck, largely thanks to the Sequoia project. They put in the gargantuan effort of re-implementing PGP, but also started re-imagining other tools in the ecosystem, with the same common-sense, practical security approach. This is already making a difference for my team, and those whose security we’re responsible for.

Michał "rysiek" Woźniak

Head of Infrastructure and Information Security, OCCRP
Sequoia has fundamentally improved my work on the pEp Engine. I love how fast all the tests run on Sequoia. It’s OBSCENE. With the old PGP implementation it would take nearly 2 minutes to run. With Sequoia, running the whole test suite takes less than 2 seconds. I am… not free from symptoms of ADHD. Running all of the tests on Sequoia means that they’re over before I have time to get distracted. That’s a serious improvement.

Krista Bennett

Senior Developer, the pEp Engine

News

RPM Sequoia: A Sequoia-based backend for the RPM Package Manager

By Neal on April 27, 2023

Fedora 38 is out, and unsurprisingly it comes with a lot of shiny, new things. One especially interesting novelty for readers of this blog is that this is the first release of Fedora in which the RPM Package Manager uses Sequoia to verify packages. This blog post is the story of how that came to be.

Branching Out: `sq` Grows a Certificate Store, and More Convenient Trust Management

By Neal on April 8, 2023

I’ve just released a new version of sq, our general-purpose command-line tool for Sequoia PGP, and it’s packed full of exciting, user-visible changes. In line with our goal of providing great end-to-end authentication, this release of sq moves from working exclusively in a stateless manner to including a full PKI, and a local certificate store. It also adds a new high-level trust management interface, sq link. sq link builds on the web of trust, but uses concepts from address book management, which hopefully makes it easier for end users to understand.

Presentations

Interop Testing v6

IETF 116 ★ 2023-03-29

Justus presents the OpenPGP Interoperability Test Suite with an eye towards testing the upcoming revision of the OpenPGP standard.

Slides Video

Sequoia-PGP, v5 OpenPGP, Authentication, and Debian

Debconf Kosovo 22 ★ 2022-07-18

Justus introduces the Sequoia-PGP project and highlights changes in the upcoming OpenPGP v5. Further, he talks about authentication, and how we can help Debian and the broader FOSS ecosystem secure their communications and software supply chains.

Slides Video

The Future of Sequoia PGP

NLnet Webinar ★ 2021-11-23

Neal introduces the Sequoia project, its past, present, and future. Wiktor talks about TPM support, Lars about making sq better, Justus about our gpg replacement, and Heiko about OpenPGP CA.

Slides Video