State of the Seedling

By Justus | December 10, 2018

I’d like to inform you about the recent progress on your favorite OpenPGP implementation. It has been eight weeks since I last wrote an update, and there are exciting developments to report.

First of all, the Sequoia project made their first release at RustConf Rome during Neal’s talk (video, slides) about our experiences with Rust. The release includes only the low-level openpgp crate, which we renamed to sequoia-openpgp to avoid a namespace collision.

In the weeks prior to the release, we moved a lot of code around, and refined our API. For example, we introduced a crypto module and moved all low-level crypto primitives there.

When generating keys, we now always generate a revocation certificate in the hope that it will encourage the callee to store it for later use. Furthermore, our handling of revocations has been improved.

We released the bindings for our cryptographic library, Nettle, and made Sequoia use the released version. We fixed a corner-case with Cv25519 keys encoded using OpenPGP.

Our command-line frontend sq gained a key generation subcommand, and is now able to verify detached signatures.

Our C API got a significant number of new functions.

Finally, our detached signature verifiaction tool sqv was moved to its own crate. As it only uses the low-level sequoia-openpgp crate, we were able to release it on Furthermore, since it doesn’t operate on compressed data, we are able to disable decompression support in the sequoia-openpgp crate, reducing the trusted computing base and simplifying packaging of the dependencies. Work has begun to package it for Debian.

That’s all for today, and thanks for flying Sequoia!