Sequoia v0.19.0 released

By Justus | August 21, 2020

We have just released version 0.19.0 of Sequoia. The release includes the low-level crate sequoia-openpgp, a program to verify detached signatures geared towards software distribution systems called sqv, and a commandline frontend for Sequoia implementing the Stateless OpenPGP Command Line Interface called sqop.

If you use Sequoia, please port your code to the latest version and report any problems you encounter. Thank you.

Notable changes

The big new feature is that Sequoia can now be built to use the Windows Cryptography API: Next Generation (CNG) as cryptographic backend on Windows. This makes it easier to build and distribute Sequoia for Windows, as building Nettle requires a POSIXly environment. Furthermore, using CNG reduces your trusted computing base, and will allow us to use cryptographic key stores like HSMs in the future.

To select the CNG backend, use default-features = false, and explicitly include the crypto-cng feature. Currently, the CNG backend requires at least Windows 10.

We are in the process of stabilizing the API of the low-level sequoia-openpgp crate. To that end, we’re going over our documentation, writing more documentation and examples, and slightly amending the API to make it more consistent and easier to use.