A new OpenPGP Library

Focus on safety and correctness
Uses a memory-safe language
First-Class Library

Secure and Robust

Sequoia focuses on security and robustness in our choice of tools, our development methodology, and feature set.

Read more.

Easy to Use

A library is only as good as its integration in downstream projects. As such, we made ease of use one of our main goals.

Read more.

Holistic Approach

Improving the security of OpenPGP users requires more than a new implementation. Therefore, we are taking a holistic approach and are improving the ecosystem.

Read more.

Testimonials

Sequoia PGP is more than just a reimplementation of an existing tool. The team behind it is rethinking tooling for the broader PGP ecosystem. Their innovative ideas are making PGP easier to use. I can’t wait to see Sequoia PGP be more broadly adopted.

Phil Zimmermann

Creator of PGP
During the last 3 years the PGP ecosystem got un-stuck, largely thanks to the Sequoia project. They put in the gargantuan effort of re-implementing PGP, but also started re-imagining other tools in the ecosystem, with the same common-sense, practical security approach. This is already making a difference for my team, and those whose security we’re responsible for.

Michał "rysiek" Woźniak

Head of Infrastructure and Information Security, OCCRP
Sequoia has fundamentally improved my work on the pEp Engine. I love how fast all the tests run on Sequoia. It’s OBSCENE. With the old PGP implementation it would take nearly 2 minutes to run. With Sequoia, running the whole test suite takes less than 2 seconds. I am… not free from symptoms of ADHD. Running all of the tests on Sequoia means that they’re over before I have time to get distracted. That’s a serious improvement.

Krista Bennett

Senior Developer, the pEp Engine

News

Happy SHA1 Rejection Day

By Justus on February 1, 2023

Today is the day Sequoia’s StandardPolicy starts rejecting SHA1-based signatures by default. This change will affect existing programs based on Sequoia, as the SHA1 deprecation has been committed to and baked into the code three years ago. Therefore, all programs using sequoia-openpgp version 0.15 and up will now reject SHA1-based signatures by default.

The Sequoia GnuPG Chameleon 0.1 is Released

By Justus on December 19, 2022

We are pleased to announce the first release of the Chameleon, Sequoia’s reimplementation of the GnuPG interface. This is a technology preview, but we encourage developers who integrate GnuPG into their software to see whether it works with the Chameleon.

Presentations

Interop Testing v6

IETF 116 ★ 2023-03-29

Justus presents the OpenPGP Interoperability Test Suite with an eye towards testing the upcoming revision of the OpenPGP standard.

Slides Video

Sequoia-PGP, v5 OpenPGP, Authentication, and Debian

Debconf Kosovo 22 ★ 2022-07-18

Justus introduces the Sequoia-PGP project and highlights changes in the upcoming OpenPGP v5. Further, he talks about authentication, and how we can help Debian and the broader FOSS ecosystem secure their communications and software supply chains.

Slides Video

The Future of Sequoia PGP

NLnet Webinar ★ 2021-11-23

Neal introduces the Sequoia project, its past, present, and future. Wiktor talks about TPM support, Lars about making sq better, Justus about our gpg replacement, and Heiko about OpenPGP CA.

Slides Video