Blog

Thunderbird, RNP, and the Importance of a Good API

I was recently talking to a Thunderbird developer about API design. In the course of that conversation, I expressed concerns about RNP, the new OpenPGP implementation that Thunderbird has recently started using in place of GnuPG. That person, skeptical about my assertion that RNP’s API needs improvement, asked “Isn’t it subjective what a better API is?” I’d agree that we don’t yet have good metrics to evaluate an API. But, I disagree that we can’t judge APIs at all. In fact, I suspect, most experienced programmers know a bad API when they see it. Further, I think we can come up with some good heuristics, which I’ll try to do based on my experience working on and with GnuPG, Sequoia, and RNP. Then, I’ll take a look at RNP’s API. Unfortunately, RNP’s API is not only easy to misuse, but it’s misleading, and, as such, shouldn’t yet be used in a safety-critical context. Yet, Thunderbird is relied on by vulnerable people like journalists, activists, lawyers, and their communication partners who need this protection. For me, this means that Thunderbird should reevaluate their decision to use RNP.

Continue reading

Sequoia: Super Powering End-to-End Email Encryption in Mozilla Thunderbird

We are thrilled to release the first version of the Octopus, an alternate OpenPGP backend for Thunderbird built on top of Sequoia.

The Octopus is a drop-in replacement for RNP, the OpenPGP library shipped with Thunderbird 78. In addition to providing all of the RNP functionality that Thunderbird uses, the Octopus also includes a number of enhancements. These fall into several categories. The Octopus restores some functionality that was present in Enigmail, but removed or has not yet been reimplemented in Thunderbird’s OpenPGP integration. In particular, the Octopus uses GnuPG’s keystore, interacts with gpg-agent, integrates GnuPG’s web of trust information, and updates certificates in the background. The Octopus includes a number of security fixes and improvements. For instance, it fixes Thunderbird’s insecure message composition, and automatically encrypts in-memory secret key material at rest. The Octopus adds a few performance improvements, such as, parsing the keyring in the background and using multiple threads. And, the Octopus has better support for parsing less usual, but not necessarily esoteric, certificates and keys.

Continue reading

Talk about OpenPGP interop testing at the IETF 110

I gave a talk at the IETF 110 about the OpenPGP Interoperability Test Suite. Slides and recording are available. The talk introduces the OpenPGP Interoperability Test Suite, describes its benefits, how it works, how to read the test results, talks briefly about results, and how to join the effort, improve the test suite, and how to run it. Enjoy!

Continue reading

sq, Sequoia PGP's CLI, Released

Last month we released version 1.0 of our versatile, low-level OpenPGP library, sequoia-openpgp. Now we have released the first version of sq, version 0.23, which is meant for general use.

Continue reading

Sequoia PGP v1.0 Released: The Seedling's a Sapling

Version 1.0. It’s here. After three and a half years of development, we are happy to announce the release of version 1.0 of Sequoia!

The release includes the low-level crate sequoia-openpgp, and a program to verify detached signatures geared towards software distribution systems called sqv.

We will support this API with security updates for at least one year. In 9 months, we will announce whether we will extend this commitment. The two main criteria will be our financial situation (please donate, or sponsor a developer or two), and the number of users.

Continue reading

Sequoia v0.20.0 released

We have just released version 0.20.0 of Sequoia. The release includes the low-level crate sequoia-openpgp, a program to verify detached signatures geared towards software distribution systems called sqv, and a commandline frontend for Sequoia implementing the Stateless OpenPGP Command Line Interface called sqop.

Continue reading

Sequoia v0.19.0 released

We have just released version 0.19.0 of Sequoia. The release includes the low-level crate sequoia-openpgp, a program to verify detached signatures geared towards software distribution systems called sqv, and a commandline frontend for Sequoia implementing the Stateless OpenPGP Command Line Interface called sqop.

Continue reading

Sequoia v0.18.0 released

We have just released version 0.18.0 of Sequoia. The release includes the low-level crate sequoia-openpgp, a program to verify detached signatures geared towards software distribution systems called sqv, and a commandline frontend for Sequoia implementing the Stateless OpenPGP Command Line Interface called sqop.

Continue reading

Sequoia v0.17.0 released

We have just released version 0.17.0 of Sequoia. The release includes the low-level crate sequoia-openpgp, a program to verify detached signatures geared towards software distribution systems called sqv, and a new commandline frontend for Sequoia implementing the Stateless OpenPGP Command Line Interface sqop. While SOP is not intended for daily use, it is a good way to interact with and explore OpenPGP implementations. SOP is primarily used as abstraction in the OpenPGP interoperability test suite.

Continue reading

Towards Sequoia v1.0

For the past few weeks, Sequoia has been in a feature freeze as we make final preparations for the 1.0 release. This is an exciting time for us. Although there are already 1 several users of our software, we look forward to offering them a stable API, and the promise of security updates. And, we hope that a 1.0 release will generate more interest in Sequoia and, consequently, more opportunities to collaborate with other projects.

Continue reading