Blog - Blog

With recent work on Sequoia sq I have focused on improving the user experience (UX) of the commandline interface (CLI) and adding new features for increased feature parity with gpg. These changes are available starting with version 0.31.0.

The effort has been accompanied by a few code refactorings which touch on the subject of making the CLI more composable and safe to use in the future.

This article provides an overview of the new features and improvements.

RPM Sequoia: A Sequoia-based backend for the RPM Package Manager

By Neal

April 27, 2023

Fedora 38 is out, and unsurprisingly it comes with a lot of shiny, new things. One especially interesting novelty for readers of this blog is that this is the first release of Fedora in which the RPM Package Manager uses Sequoia to verify packages. This blog post is the story of how that came to be.

Branching Out: `sq` Grows a Certificate Store, and More Convenient Trust Management

By Neal

April 8, 2023

I’ve just released a new version of sq, our general-purpose command-line tool for Sequoia PGP, and it’s packed full of exciting, user-visible changes. In line with our goal of providing great end-to-end authentication, this release of sq moves from working exclusively in a stateless manner to including a full PKI, and a local certificate store. It also adds a new high-level trust management interface, sq link. sq link builds on the web of trust, but uses concepts from address book management, which hopefully makes it easier for end users to understand.

Pretty graphics for the Web of Trust

By David

March 29, 2023

I have recently added the ability to generate Graphviz DOT output to the Sequoia Web of Trust project. This new functionality has been released in version 0.7.0. With it, users can visually inspect an OpenPGP Web of Trust.

This can provide some fascinating insights into one’s own keyring, and the relationship between OpenPGP keys involved with software projects.

Happy SHA1 Rejection Day

By Justus

February 1, 2023

Today is the day Sequoia’s StandardPolicy starts rejecting SHA1-based signatures by default. This change will affect existing programs based on Sequoia, as the SHA1 deprecation has been committed to and baked into the code three years ago. Therefore, all programs using sequoia-openpgp version 0.15 and up will now reject SHA1-based signatures by default.

The Sequoia GnuPG Chameleon 0.1 is Released

By Justus

December 19, 2022

We are pleased to announce the first release of the Chameleon, Sequoia’s reimplementation of the GnuPG interface. This is a technology preview, but we encourage developers who integrate GnuPG into their software to see whether it works with the Chameleon.

sq user testing results

By Lars

August 28, 2022

I did some user testing of sq with five volunteers. This blog post is a report of what I learned. Good news: everyone did get all the tasks done successfully and within the one hour I had allocated, with plenty of time left over. Of course, there were a few things that could be improved.

Plan for user testing of sq

By Lars

August 4, 2022

I will do some informal user testing of sq. In short, I will watch volunteers use sq to achieve specific tasks that I give them. The goal of this is to find out pain points when using sq: what is easy and straightforward; what is difficult to understand; what is difficult to do. The testing will cover the sq command line tool and its built-in help, but not any other manuals or materials.

JSON support for sq keyring list, sq wkd url

By Lars

July 21, 2022

The Sequoia command line tool sq has gained support for the sq keyring list and sq wkd url commands.

sq 0.27.0 is Released

By Lars

July 21, 2022

We are pleased to announce a new release of sq, our command line tool for OpenPGP operations. This release brings some more functionality, as well as some bug fixes. A summary of the user-visible changes from the past four months since the previous release: sq can now add and remove key User IDs. sq can now generate a subkey for authentication. sq now handles malformed certificates in a sq keyring list more gracefully.