By Justus | October 6, 2021
We’re happy to announce the release of version 1.4 of our low-level OpenPGP library. The most prominent change is the addition of a new cryptographic backend based on the RustCrypto crates.
Cryptographic backends
Sequoia allows you to chose between several cryptographic libraries at compile time. Previously, there were two options available:
- Nettle: Based on the Nettle cryptographic library
- CNG: Using Windows’ Cryptography API: Next Generation (only available on Windows)
This release adds a third option:
- RustCrypto: Cryptographic algorithms implemented in pure Rust
This work was started by Nikhil Benesch sponsored by Materialize (you can sponsor us too!). This makes it possible to use Sequoia in environments where the other options are not available or desirable (e.g. WASM, non-Rust dependencies). The set of supported cryptographic algorithms depends on the backend, for more information please see our status page.
Sequoia 1.4
During the 1.x release cycle, we are adding features, fixing bugs, and improving the documentation, while keeping the API stable. Downstream users should be able to update to version 1.4 without changing their code. In December 2020, we commited to providing security fixes for and maintaining the 1.x releases for 1 year. We remain commited to that promise.
Notable Bug Fixes
- #738: Unbounded, attacker-controlled heap allocation during decryption of AEAD encrypted messages.
- win-crypto-ng#39: Some DSA keys triggered a crash in the CNG backend. Sequoia now works around that problem.
New API
The following new functions have been added:
- CipherSuite::is_supported
- MPI::value_padded
- Preferences::policy_uri
- ProtectedMPI::value_padded
- TSK::eq
- ValidAmalgamation::revocation_keys
- ValidCert::policy_uri
- ValidCert::revocation_keys
