The GnuPG command line tool
gpg is the most popular
implementation of the OpenPGP specification. The Sequoia PGP
project produces the corresponding
sq tool, and that tool is
very much in its early stages. In the long run, we want
sq to become
so capable it has a comparable feature set to
gpg. This blog post is
a comparison of what the two tools can do.
The GnuPG command line tool
We are pleased to announce a new release of the Octopus, an alternative OpenPGP backend for Thunderbird. This release notably fixes a bug that could lead to a loss of secret key material. It also includes fixes that make the Octopus compatible with Thunderbird 91.8.0.
We are pleased to announce a new release of the Octopus, an alternative OpenPGP backend for Thunderbird. This release brings compatibility with newer versions of Thunderbird (Thunderbird 99 and up), a few bug fixes, and some documentation improvements.
Would you like to use Sequoia
sq from your script? We’d like your
I’m sketching what the JSON output of
sq might look like. We in the
Sequoia project would like to make sure the JSON serves you well and
is convenient for your code to consume. This blog post outlines the
principles of how JSON output is meant to work, and has a concrete
example of what it’s meant to look like. Your feedback would very much be
Last month I was looking for volunteers to be interviewed as stakeholders for sq. The interviews happened last week and this is an anonymized summary of what I was told. I promised to make the summary anonymous to let the volunteers speak more freely.
Do you use
sq or want to use it in the future? Please volunteer to
help guide its development.
Sequoia isn’t just a library. It just takes a library-first approach.
Sequoia’s command-line interface, which exposes a lot of the library’s
functionality, is called
sq. It already exists in a basic form, but a
lot of functionality is missing. You can help with that.
I will add important missing functionality, especially compared to GnuPG. This work will be guided by feedback from actual and potential users and the wisdom of Sequoia developers.
I will also add a JSON API to allow sq to be used from scripts.
Ideally, other programs would use the Sequoia library directly,
sq from other programs should be easy and secure, and
JSON is a better format than parsing textual output or ad hoc
structured data formats
I will additionally document the acceptance criteria of
sq and how
they are verified automatically, to make sure
sq does the right
thing for its users, and to help keep
sq working far into the
I have now started the work, and am about to reach the first milestone.
Over the last months we’ve worked on adding support for OpenPGP card hardware tokens to Sequoia. OpenPGP cards (like the free Gnuk implementation, or e.g. Nitrokey and YubiKey devices) are great when you want to use an OpenPGP key, but don’t want the private key material stored on your computer. Advanced OpenPGP users have come to expect their software to support them.
Earlier this month, we connected a set of physical cards to our continuous integration (CI) machine and configured a job to run a test suite on these cards. This setup ensures that every change to our code is tested on a set of physical OpenPGP cards. The ability to test against multiple cards is essential, as cards implement different versions of the specification, and, on top of that, many have various quirks.
I’m pleased to announce a new release of the Octopus, an alternative OpenPGP backend for Thunderbird. This release brings several compatibility improvements with newer versions of Thunderbird, a few bug fixes, and some documentation improvements. And, it changes the Octopus’ license from the GPL to the LGPL to be consistent with our recent relicensing of the Sequoia libraries.