By Justus & Neal | June 8, 2021
We’re happy to announce the release of version 1.3 of our low-level OpenPGP library. For those of you following along at home, you’re probably asking what happened to 1.2. This past Sunday was PGP’s 30th birthday. To celebrate three decades of PGP, we’ve decided to skip 1.2 and directly release 1.3.
30 years is a long time for a program. And indeed, today, the original PGP implementation is hardly recognizable after having changed hands so many times. However, OpenPGP, the protocol that PGP used and was standardized by the IETF first in RFC 1991 in 1996, and updated by RFC 2440 and RFC 4880, lives on. And, it still has one of the most flexible authentication mechanisms and PKIs. Historically, this has only been accessible to advanced users, but through our work on tools like keys.openpgp.org and OpenPGP CA, we are starting to leverage its strength to bring strong and easy-to-use authentication to normal users. For this reason and others, Phil Zimmermann, the creator of PGP, has said that “Sequoia PGP is the most advanced OpenPGP implementation available today.” We’re proud to have a Champion of Freedom’s endorsement, and will continue to innovate in this space to better protect the privacy and security of Internet users.
During the 1.x release cycle, we are adding features, fixing bugs, and improving the documentation, while keeping the API stable. Downstream users should be able to update to version 1.3 without changing their code. In December 2020, we commited to providing security fixes for and maintaining the 1.x releases for 1 year. We remain commited to that promise.
We are not aware of any security issues in this version of Sequoia. However, if you are using Sequoia with Nettle, Sequoia’s default cryptographic backend, please be aware that versions of Nettle prior to 3.7.3 have a bug, which an attacker can exploit to crash Nettle and consequently the program using Sequoia. For more details, please see CVE-2021-3580 and Nettle’s release announcement.
Notable Bug Fixes
- #715: The Windows CNG backend did not clamp Curve25519 secret key material prior to using them. This caused decryption failures when using the keys. According to the standard, Curve25519 keys must be clamped, however, some OpenPGP implementations did not do this. Rather than force the user to create new keys, the Windows CNG backend now simply clamps the keys. This also aligns the behavior of the CNG backend with the Nettle backend.
Cert::insert_packetsran in quadratic time. We rewrote the deduplication code to run in
O(n * log n)time.
- #699: When
CertParserencountered invalid data, it would eagerly return the error before returning the already parsed certificate. This has been fixed to first return the pending certificate and then return the error.
Sequoia now supports first-party attestations of third-party confirmation signatures. This lets certificate holders attest to third-party certifications over their certificate, and allow those certifications to be distributed by a abuse-resistant keyserver (like, for example, https://keys.openpgp.org) that preserves the holders sovereignty over the information distributed with her cert.
Sequoia now allows the re-use of session keys. This solves a long-standing problem: How do you reply to an email if you don’t have the certs of each and every recipient? Previously, users had no chance but to reply in plaintext, potentially revealing sensitive information. With session key re-use, the original message’s session key is used, which already has been encrypted for every recipient in the conversation.
The following new functions have been added: