Kurz nach dem 1.0 Release von sq, schrieb mir Keywan Tonekaboni eine Mail und fragte mich, ob ich Zeit für ein kurzes Interview für den c’t Open Source Spotlight hätte. Ein paar Tage später erschien das Interview mit einer schönen Einleitung von Keywan. Leider gibt es kein Archiv also habe ich den Inhalt mit Keywans Erlaubnis hier wiedergegeben.
The Sequoia PGP team is happy to announce the preview release of
version 2.0.0-alpha.0 of sequoia-openpgp. sequoia-openpgp is
our low-level crate providing OpenPGP data types and associated
machinery
This is the first version that supports the new revision of OpenPGP specified in RFC9580 released at the end of July 2024. It is the successor of RFC4880, released in 2007. It brings new cryptographic algorithms to OpenPGP, and deprecates and outright removes old ones. Notably, it specifies AEAD, Argon2, and is the basis of the ongoing PQC work in OpenPGP.
The Sequoia PGP team is happy to announce the release of version 1.0
of
sq.
sq is a command-line tool for working with OpenPGP artifacts with a
focus on usability, security, and robustness.
After seven years of
development,
this is sq’s first stable release. A notable change for existing
users of sq is that we will no longer change sq’s CLI in an
incompatible manner.
Fedora 34 was the first version of Fedora to ship Sequoia PGP back in 2021 - a lot has happened since then. In this post, I’ll cover what’s new, and provide some hints for how to get started with some of the more advanced tools.
Over the past few months, we’ve attended a number of conferences. In addition to hearing from a lot of people who had helpful feedback and fresh ideas, we’ve also held several presentations.
In this post, I summarize our talks, and link to recordings when they are available. I also report on the OpenPGP Email Summit, which is a yearly gathering of some people from the OpenPGP community. (If you are interested in the so-called LibrePGP / OpenPGP schism, read on.)
At the end, I list where you can meet us in person in the near future. (Spoiler: at Datenspuren in Dresden in September, and IETF 121 in Dublin in November.)
In a few months, we plan to release version 1.0 of sq, our primary command line interface. With version 1.0, we will commit to a long-term stable API. Ideally, that API will also be usable. Although we’ve put in a lot of time thinking about usability, we want your feedback. To this end, we’re conducting a user study.
Since September 2023, nearly all paid work on Sequoia has been financed by the Sovereign Tech Fund (STF). The technical focus of the award is on the maintenance and development of sq, our command-line front-end, and sequoia-openpgp, our core library. But the scope is not limited to development work: STF is also supporting our standardization work, and community outreach. In this blog post, I’ll highlight some our recent community work.
The Sequoia PGP project now has a bug bounty program! If you find a novel security-relevant issue in almost any of our libraries, applications, or specifications then you’ll be rewarded with up to €10,000.
With recent work on Sequoia sq I have focused on improving the user
experience (UX) of the commandline interface (CLI) and adding new features for
increased feature parity with gpg. These changes are available starting with
version 0.31.0.
The effort has been accompanied by a few code refactorings which touch on the subject of making the CLI more composable and safe to use in the future.
This article provides an overview of the new features and improvements.
Fedora 38 is out, and unsurprisingly it comes with a lot of shiny, new things. One especially interesting novelty for readers of this blog is that this is the first release of Fedora in which the RPM Package Manager uses Sequoia to verify packages. This blog post is the story of how that came to be.
Copyright (c) 2018-2023, p≡p foundation. 
This work is licensed under a Creative Commons Attribution 4.0 International License.
Follow us on Mastodon.
Template by Bootstrapious.
Ported to Hugo by DevCows.
Images by Ingo Kleiber, and Robert Anders.
