A new OpenPGP Library

Focus on safety and correctness
Uses a memory-safe language
First-Class Library

Secure and Robust

Sequoia focuses on security and robustness in our choice of tools, our development methodology, and feature set.

Read more.

Easy to Use

A library is only as good as its integration in downstream projects. As such, we made ease of use one of our main goals.

Read more.

Holistic Approach

Improving the security of OpenPGP users requires more than a new implementation. Therefore, we are taking a holistic approach and are improving the ecosystem.

Read more.

Testimonials

Sequoia PGP is more than just a reimplementation of an existing tool. The team behind it is rethinking tooling for the broader PGP ecosystem. Their innovative ideas are making PGP easier to use. I can’t wait to see Sequoia PGP be more broadly adopted.

Phil Zimmermann

Creator of PGP
During the last 3 years the PGP ecosystem got un-stuck, largely thanks to the Sequoia project. They put in the gargantuan effort of re-implementing PGP, but also started re-imagining other tools in the ecosystem, with the same common-sense, practical security approach. This is already making a difference for my team, and those whose security we’re responsible for.

Michał "rysiek" Woźniak

Head of Infrastructure and Information Security, OCCRP
Sequoia has fundamentally improved my work on the pEp Engine. I love how fast all the tests run on Sequoia. It’s OBSCENE. With the old PGP implementation it would take nearly 2 minutes to run. With Sequoia, running the whole test suite takes less than 2 seconds. I am… not free from symptoms of ADHD. Running all of the tests on Sequoia means that they’re over before I have time to get distracted. That’s a serious improvement.

Krista Bennett

Senior Developer, the pEp Engine

News

OpenPGP card support in Sequoia

By Heiko on December 20, 2021

Over the last months we’ve worked on adding support for OpenPGP card hardware tokens to Sequoia. OpenPGP cards (like the free Gnuk implementation, or e.g. Nitrokey and YubiKey devices) are great when you want to use an OpenPGP key, but don’t want the private key material stored on your computer. Advanced OpenPGP users have come to expect their software to support them.

Earlier this month, we connected a set of physical cards to our continuous integration (CI) machine and configured a job to run a test suite on these cards. This setup ensures that every change to our code is tested on a set of physical OpenPGP cards. The ability to test against multiple cards is essential, as cards implement different versions of the specification, and, on top of that, many have various quirks.

Octopus 1.2 is Released

By Neal on December 13, 2021

I’m pleased to announce a new release of the Octopus, an alternative OpenPGP backend for Thunderbird. This release brings several compatibility improvements with newer versions of Thunderbird, a few bug fixes, and some documentation improvements. And, it changes the Octopus' license from the GPL to the LGPL to be consistent with our recent relicensing of the Sequoia libraries.

Presentations

The Future of Sequoia PGP (2021)

NLnet Webinar ★ 2021-11-23

Neal introduces the Sequoia project, its past, present, and future. Wiktor talks about TPM support, Lars about making sq better, Justus about our gpg replacement, and Heiko about OpenPGP CA.

Slides Video