A Cool OpenPGP Library

  • Focus on safety and correctness
  • Operates in constant space
  • Implemented in a memory-safe language
  • First-Class Library

Powerful tooling

  • command-line interface
  • git-style subcommands
  • encryption, decryption, signature creation and verification at your fingertips
$ echo hi | sq encrypt --recipient neal
-----BEGIN PGP MESSAGE-----
wcBMA8K4GQVsZSWYAQgAllrQ+9490eoFdB/jLrVvGl+IVtGJWPFDg9uhcl0D8k05
AWz8ZU2sd6GzoCH1nRpwASJWHxloNbPgvxhNRRVReg3GgfFwMkcoNJ2Xb4zocvx+
niH7ZlP9Py6kseuqtjhQZEyvtIfWc58TK9DRdPp5suzS3Y9Zbew9vC2N2u+8YsKL
BbbminTZqLYbt/00ZT/ZuDbtHhoDUxlnCK2Y2R6NZvuvwS1ujI0EOfdOagZO0z5k
hs8U9Xgk1/BWpQtKn3ygMDO0401nBBbwNgialcu/8yFS+wXoifRaj60Cbxhjv2/G
aTcl9loYpN93BL0a7EbKmcwDl14HwosKdkMj4Px25dI0AZjLxI7TBX18e+hBu5vr
q83G7aEwllpiDU3z+rFXBjsWDOwP2UBf05D/Bl05eSYx4x7UnQ==
=qAvC
-----END PGP MESSAGE-----

Powerful packet inspection

  • First-class interface to the parser
  • Hexadecimal dumps
  • Useful for forensics and development
  • Try online
$ sq packet dump --hex message.pgp
New CTB, 13 bytes: One-Pass Signature Packet
    Version: 3
    Type: Binary
    Pk algo: EdDSA Edwards-curve Digital Signature Algorithm
    Hash algo: SHA512
    Issuer: 83F8 2E4F E9A5 E098
    Last: true

00000000  c4 0d                                              frame
00000002        03                                           version
00000003           00                                        sigtype
00000004              0a                                     hash_algo
00000005                 16                                  pk_algo
00000006                    83 f8  2e 4f e9 a5 e0 98         issuer
0000000e                                             01      last

Written in Rust

  • Modern code base
  • Spatial and temporal memory safety: no leaks, no use-after-free, no out-of-bounds access, no race conditions
  • C API
  • Preliminary Python bindings

Secure your deployments

  • verification of detached signatures
  • robust and easy-to-use tool
  • signature thresholds
  • signature creation time guards
  • designed for APT, RPM, cargo, etc.
$ sqv --trace --keyring tails-signing.key                   \
      tails-amd64-3.11.iso.sig tails-amd64-3.11.iso
Will check signature allegedly issued by A8B0 F4E4 5B1B 50E2.
Found key A8B0 F4E4 5B1B 50E2.
Checking signature allegedly issued by A8B0 F4E4 5B1B 50E2.
Signature by A8B0 F4E4 5B1B 50E2 is good.
A490 D0F4 D311 A415 3E2B  B7CA DBB8 02B2 58AC D84F
1 of 1 signatures are valid (threshold is: 1).
$ echo "Just check the exit status: $?"
Just check the exit status: 0

Full of features

  • Easy to use
  • Does not dictate how OpenPGP is used
  • Keys are automatically kept up-to-date
  • Key rotations approximating forward secrecy

OpenPGP

OpenPGP is a proven standard for storing encrypted data, and for managing encryption keys. OpenPGP was standardized in 1997, and is widely supported.

To learn more about how OpenPGP works, take a look under the hood.

Encrypted Mails

OpenPGP is the most widely used method to encrypt mails. It is supported by most mail programs either natively, or using a plugin.

Data at rest

OpenPGP can be used to protect data at rest, say backups or passwords. With OpenPGP you can be confident that you can still read your data after decades.

Do you want to see more?

Take a tour of Sequoia by following our guide.

Guide

Presentations

Sequoia: A Cool OpenPGP Library

Delta X Freiburg ★ 2018-07-21

Neal introduces the Sequoia project, its technical and social goals, and its current state.

Slides Video

Moving forward: Forward Secrecy in OpenPGP

Delta X Freiburg ★ 2018-07-21

Justus discusses two approaches how to bring Forward Secrecy to OpenPGP.

Slides Video

Sequoia: A New OpenPGP Implementation in Rust

RustFest Rome 2018 ★ 2018-11-24

Neal briefly introduces the Sequoia project, and talks about challenges that we’ve faced using the Rust programming language.

Slides Video