A new OpenPGP Library

  • Focus on safety and correctness
  • Uses a memory-safe language
  • First-Class Library

Secure and Robust

Sequoia focuses on security and robustness in our choice of tools, our development methodology, and feature set.

Read more.

Easy to Use

A library is only as good as its integration in downstream projects. As such, we made ease of use one of our main goals.

Read more.

Holistic Approach

Improving the security of OpenPGP users requires more than a new implementation. Therefore, we are taking a holistic approach and are improving the ecosystem.

Read more.

Testimonials

  • Sequoia PGP is more than just a reimplementation of an existing tool. The team behind it is rethinking tooling for the broader PGP ecosystem. Their innovative ideas are making PGP easier to use. I can’t wait to see Sequoia PGP be more broadly adopted.

    Phil Zimmermann

    Creator of PGP

  • During the last 3 years the PGP ecosystem got un-stuck, largely thanks to the Sequoia project. They put in the gargantuan effort of re-implementing PGP, but also started re-imagining other tools in the ecosystem, with the same common-sense, practical security approach. This is already making a difference for my team, and those whose security we’re responsible for.

    Michał "rysiek" Woźniak

    Head of Infrastructure and Information Security, OCCRP

  • Sequoia has fundamentally improved my work on the pEp Engine. I love how fast all the tests run on Sequoia. It’s OBSCENE. With the old PGP implementation it would take nearly 2 minutes to run. With Sequoia, running the whole test suite takes less than 2 seconds. I am… not free from symptoms of ADHD. Running all of the tests on Sequoia means that they’re over before I have time to get distracted. That’s a serious improvement.

    Krista Bennett

    Senior Developer, the pEp Engine

News

A Look at Two Recent CVEs in Thunderbird's OpenPGP Support

By Neal on May 22, 2021

In a blog post that I published two weeks ago, I wrote that RNP is dangerous, because it is too easy to misuse. I also explained how we avoid those problems in Sequoia. In this blog post, I will lay out how not one, but two CVEs have since come up in Thunderbird that seem to underline that danger.

Continue reading

Hello, OpenPGP CA!

By Neal on May 12, 2021

We are pleased to share that version 0.10.1 of OpenPGP CA has been released! This is also the first version which is available on crates.io.

OpenPGP CA is a tool for administrators to create and manage a decentralized, in-house certification authority. OpenPGP CA makes it possible and easy for an organization to delegate authentication decisions to someone they can rely on, like their system administrator. And, external groups and individuals can use these CAs to authenticate certificates for just that organization using OpenPGP’s scoped trust signatures. OpenPGP CA also helps with key discovery and key updates by managing a Web Key Directory (WKD).

Continue reading

Presentations

Sequoia: A Cool OpenPGP Library

Delta X Freiburg ★ 2018-07-21

Neal introduces the Sequoia project, its technical and social goals, and its current state.

Slides Video

Moving forward: Forward Secrecy in OpenPGP

Delta X Freiburg ★ 2018-07-21

Justus discusses two approaches how to bring Forward Secrecy to OpenPGP.

Slides Video

Sequoia: A New OpenPGP Implementation in Rust

RustFest Rome 2018 ★ 2018-11-24

Neal briefly introduces the Sequoia project, and talks about challenges that we’ve faced using the Rust programming language.

Slides Video

A common OpenPGP Interoperability Test Suite

IETF 110 ★ 2021-03-11

Justus briefly introduces the OpenPGP Interoperability Test Suite, and presents notable results.

Slides Video

Do you want to see more?

There are a number of projects under the Sequoia umbrella.

Projects