A new OpenPGP Library

Focus on safety and correctness
Uses a memory-safe language
First-Class Library

Secure and Robust

Sequoia focuses on security and robustness in our choice of tools, our development methodology, and feature set.

Read more.

Easy to Use

A library is only as good as its integration in downstream projects. As such, we made ease of use one of our main goals.

Read more.

Holistic Approach

Improving the security of OpenPGP users requires more than a new implementation. Therefore, we are taking a holistic approach and are improving the ecosystem.

Read more.

Testimonials

Sequoia PGP is more than just a reimplementation of an existing tool. The team behind it is rethinking tooling for the broader PGP ecosystem. Their innovative ideas are making PGP easier to use. I can’t wait to see Sequoia PGP be more broadly adopted.

Phil Zimmermann

Creator of PGP
During the last 3 years the PGP ecosystem got un-stuck, largely thanks to the Sequoia project. They put in the gargantuan effort of re-implementing PGP, but also started re-imagining other tools in the ecosystem, with the same common-sense, practical security approach. This is already making a difference for my team, and those whose security we’re responsible for.

Michał "rysiek" Woźniak

Head of Infrastructure and Information Security, OCCRP
Sequoia has fundamentally improved my work on the pEp Engine. I love how fast all the tests run on Sequoia. It’s OBSCENE. With the old PGP implementation it would take nearly 2 minutes to run. With Sequoia, running the whole test suite takes less than 2 seconds. I am… not free from symptoms of ADHD. Running all of the tests on Sequoia means that they’re over before I have time to get distracted. That’s a serious improvement.

Krista Bennett

Senior Developer, the pEp Engine

News

Yes, We Want Cryptographic Protection for Email

By Neal on June 29, 2021

The EFAIL attacks demonstrate that securing email is hard. Incautious improvements to usability can lead to critical security vulnerabilities. In the case of EFAIL, an attacker could exploit mail clients that show corrupted messages to exfiltrate a message’s plain text.

Although the EFAIL researchers are measured in their response, others, like Thomas Ptacek in his widely cited articles The PGP Problem from 2019, and Stop Using Encrypted Email from 2020, are calling for people to abandon OpenPGP, and give up on secure email. Instead, they argue, people should use secure messengers like Signal.

Hey Signal! Great Encryption Needs Great Authentication

By Neal on June 28, 2021

In 2017, Moxie Marlinspike and Trevor Perrin were awarded the The Levchin Prize for Real-World Cryptography for developing the Signal protocol. It’s a well-earned honor and I have no doubt that Signal is the best practical in-class encryption scheme for messaging that the cryptographic community knows about.

But, securing communication requires more than encryption. The sender also needs to make sure the public keys that they intend to use are the right keys for the intended recipients. This check is called authentication. If the sender uses the wrong public key then either the recipient won’t be able to read the message, or worse, an active attacker could intercept the message, and reencrypt it on the fly so that the connection appears to be secure when in fact someone is eavesdropping.