Sequoia 1.3 is released

By Justus & Neal | June 8, 2021

We’re happy to announce the release of version 1.3 of our low-level OpenPGP library. For those of you following along at home, you’re probably asking what happened to 1.2. This past Sunday was PGP’s 30th birthday. To celebrate three decades of PGP, we’ve decided to skip 1.2 and directly release 1.3.

Sequoia PGP is the most advanced OpenPGP implementation available today.
Phil Zimmermann,
Creator of PGP

30 years is a long time for a program. And indeed, today, the original PGP implementation is hardly recognizable after having changed hands so many times. However, OpenPGP, the protocol that PGP used and was standardized by the IETF first in RFC 1991 in 1996, and updated by RFC 2440 and RFC 4880, lives on. And, it still has one of the most flexible authentication mechanisms and PKIs. Historically, this has only been accessible to advanced users, but through our work on tools like keys.openpgp.org and OpenPGP CA, we are starting to leverage its strength to bring strong and easy-to-use authentication to normal users. For this reason and others, Phil Zimmermann, the creator of PGP, has said that “Sequoia PGP is the most advanced OpenPGP implementation available today.” We’re proud to have a Champion of Freedom’s endorsement, and will continue to innovate in this space to better protect the privacy and security of Internet users.

Sequoia 1.3

During the 1.x release cycle, we are adding features, fixing bugs, and improving the documentation, while keeping the API stable. Downstream users should be able to update to version 1.3 without changing their code. In December 2020, we commited to providing security fixes for and maintaining the 1.x releases for 1 year. We remain commited to that promise.

Security Fixes

We are not aware of any security issues in this version of Sequoia. However, if you are using Sequoia with Nettle, Sequoia’s default cryptographic backend, please be aware that versions of Nettle prior to 3.7.3 have a bug, which an attacker can exploit to crash Nettle and consequently the program using Sequoia. For more details, please see CVE-2021-3580 and Nettle’s release announcement.

Notable Bug Fixes

  • #715: The Windows CNG backend did not clamp Curve25519 secret key material prior to using them. This caused decryption failures when using the keys. According to the standard, Curve25519 keys must be clamped, however, some OpenPGP implementations did not do this. Rather than force the user to create new keys, the Windows CNG backend now simply clamps the keys. This also aligns the behavior of the CNG backend with the Nettle backend.
  • #706: Cert::insert_packets ran in quadratic time. We rewrote the deduplication code to run in O(n * log n) time.
  • #699: When CertParser encountered invalid data, it would eagerly return the error before returning the already parsed certificate. This has been fixed to first return the pending certificate and then return the error.

Features

New API

The following new functions have been added:

  • CertBuilder::add_subkey_with
  • CertBuilder::add_user_attribute_with
  • CertBuilder::add_userid_with
  • ComponentBundle::attestations
  • Encryptor::with_session_key
  • Signature::verify_user_attribute_attestation
  • Signature::verify_userid_attestation
  • SignatureBuilder::pre_sign
  • SignatureBuilder::set_attested_certifications
  • SignatureType::AttestationKey
  • SubpacketAreas::MAX_SIZE
  • SubpacketAreas::attested_certifications
  • SubpacketTag::AttestedCertifications
  • SubpacketValue::AttestedCertifications
  • UserAttributeAmalgamation::attest_certifications
  • UserIDAmalgamation::attest_certifications
  • ValidUserAttributeAmalgamation::attest_certifications
  • ValidUserAttributeAmalgamation::attestation_key_signatures
  • ValidUserAttributeAmalgamation::attested_certifications
  • ValidUserIDAmalgamation::attest_certifications
  • ValidUserIDAmalgamation::attestation_key_signatures
  • ValidUserIDAmalgamation::attested_certifications