A Cool OpenPGP Library

Focus on safety and correctness
Operates in constant space
Implemented in a memory-safe language
First-Class Library

Powerful tooling

command-line interface
git-style subcommands
encryption, decryption, signature creation and verification at your fingertips

$ echo hi | sq encrypt --recipient neal
-----BEGIN PGP MESSAGE-----
wcBMA8K4GQVsZSWYAQgAllrQ+9490eoFdB/jLrVvGl+IVtGJWPFDg9uhcl0D8k05
AWz8ZU2sd6GzoCH1nRpwASJWHxloNbPgvxhNRRVReg3GgfFwMkcoNJ2Xb4zocvx+
niH7ZlP9Py6kseuqtjhQZEyvtIfWc58TK9DRdPp5suzS3Y9Zbew9vC2N2u+8YsKL
BbbminTZqLYbt/00ZT/ZuDbtHhoDUxlnCK2Y2R6NZvuvwS1ujI0EOfdOagZO0z5k
hs8U9Xgk1/BWpQtKn3ygMDO0401nBBbwNgialcu/8yFS+wXoifRaj60Cbxhjv2/G
aTcl9loYpN93BL0a7EbKmcwDl14HwosKdkMj4Px25dI0AZjLxI7TBX18e+hBu5vr
q83G7aEwllpiDU3z+rFXBjsWDOwP2UBf05D/Bl05eSYx4x7UnQ==
=qAvC
-----END PGP MESSAGE-----

Powerful packet inspection

First-class interface to the parser
Hexadecimal dumps
Useful for forensics and development
Try online

$ sq packet dump --hex message.pgp
New CTB, 13 bytes: One-Pass Signature Packet
    Version: 3
    Type: Binary
    Pk algo: EdDSA Edwards-curve Digital Signature Algorithm
    Hash algo: SHA512
    Issuer: 83F8 2E4F E9A5 E098
    Last: true

00000000  c4 0d                                              frame
00000002        03                                           version
00000003           00                                        sigtype
00000004              0a                                     hash_algo
00000005                 16                                  pk_algo
00000006                    83 f8  2e 4f e9 a5 e0 98         issuer
0000000e                                             01      last

Written in Rust

Modern code base
Spatial and temporal memory safety: no leaks, no use-after-free, no out-of-bounds access, no race conditions
C API
Preliminary Python bindings

Secure your deployments

verification of detached signatures
robust and easy-to-use tool
signature thresholds
signature creation time guards
designed for APT, RPM, cargo, etc.

$ sqv --trace --keyring tails-signing.key                   \
      tails-amd64-3.11.iso.sig tails-amd64-3.11.iso
Will check signature allegedly issued by A8B0 F4E4 5B1B 50E2.
Found key A8B0 F4E4 5B1B 50E2.
Checking signature allegedly issued by A8B0 F4E4 5B1B 50E2.
Signature by A8B0 F4E4 5B1B 50E2 is good.
A490 D0F4 D311 A415 3E2B  B7CA DBB8 02B2 58AC D84F
1 of 1 signatures are valid (threshold is: 1).
$ echo "Just check the exit status: $?"
Just check the exit status: 0

Full of features

Easy to use
Does not dictate how OpenPGP is used
Keys are automatically kept up-to-date
Key rotations approximating forward secrecy

OpenPGP

OpenPGP is a proven standard for storing encrypted data, and for managing encryption keys. OpenPGP was standardized in 1997, and is widely supported.

To learn more about how OpenPGP works, take a look under the hood.

Encrypted Mails

OpenPGP is the most widely used method to encrypt mails. It is supported by most mail programs either natively, or using a plugin.

Data at rest

OpenPGP can be used to protect data at rest, say backups or passwords. With OpenPGP you can be confident that you can still read your data after decades.