The Sequoia Community

A number of people working in the OpenPGP space are involved in the Sequoia project. Some work directly on Sequoia, some work on projects using Sequoia, some are otherwise working on improving the state of the OpenPGP ecosystem.

Neal H. Walfield

Neal began working on GnuPG towards the end of his PhD. After two and a half years at g10code, he joined p≡p in 2017 and co-founded the Sequoia project with Justus and Kai. Outside of working to improve the OpenPGP ecosystem and advocating privacy, Neal likes cooking with friends, going to the sauna, and playing with his kids.

OpenPGP certificate: 8F17777118A33DDA9BA48E62AACB3243630052D9.


Justus started working on GnuPG after (finally!!) finishing his Diplom. After hacking on GnuPG, its test suite, and Python bindings for a bit over two years, he joined forces with Kai and Neal to start a new OpenPGP implementation. In his free time, he likes to tinker, puzzle, hack, and has an ongoing twist with gravity.

OpenPGP certificate: CBCD8F030588653EEDD7E2659B7DD433F254904A.


Devan thinks computers should listen to people, not the other way around. A Generalist Agnostic when it comes to technologies, despite the brisk opinions he declaims on and off the net. Afraid of the looming, all-pervasive, cyber-bureau-dystopia, but intrigued at the same time. Using PGP for long enough to know a new approach is our only hope. Devan tries to make things smoother for the rest of the team, by taking hammer and tongs to Sequoia's CI systems.

OpenPGP certificate: EC0ACCCA81CAA46BE40ECB79E1707CFFD7B85A02.

Fabio (decathorpe)

Fabio has been a package maintainer for Fedora Linux since 2016. Through some unexpected twists of fate (and a detour through coffee-themed programming languages) he ended up becoming the primary maintainer of most Rust packages and the associated tooling by 2021. At this point, he also started working on Fedora Linux packages for all Sequoia-PGP projects. This includes rpm-sequoia, the new default PGP backend for RPM in Fedora Linux, which is now a core component of the distribution. When not sitting at his desk, he likes to go where work cannot find him - preferably hiking alone on a mountain without cellular reception, or meeting friends who take away his phone when he spends too much time reading e-mails.

OpenPGP certificate: 2DDA2507B511C02AF9EAC16F5AC5F572E5D410AF.

Alexander Kjäll

Alexander is security engineer with a strong ideological interest in free software. He spends some of his free time packaging rust software for Debian in order to promote the usage of more memory safe languages in society. The rest of his free time is spent playing board games and drinking tea.

OpenPGP certificate: 7E068070D5EF794B00C8A9D91D108E6C07CBC406.


Holger Levsen has used PGP on Amiga OS before he started using Linux. Since 2001 he has been contributing to Debian in many areas, probably most notably with the DebConf (video) team, and now Some days the old Amiga logo is still visible on his head.

OpenPGP certificate: B8BF54137B09D35CF026FE9D091AB856069AAA1C.


After years of working with the universal free software operating system, dkg became a Debian Developer in 2009. He is currently employed by the ACLU as a Senior Staff Technologist in the ACLU Speech, Privacy, and Technology Project. One of his major focuses is improving the OpenPGP ecosystem. In particular, he has spent much time over the past decade working on email encryption, securing the distribution of software, improving tooling, and helping standardization efforts in formal organizations like the IETF, as well as informal collaborations like Autocrypt. dkg has a fur hat. The fur was given willingly by a family friend's rescue dog, who liked to be brushed.

OpenPGP certificate: C29F8A0C01F35E34D816AA5CE092EB3A5CA10DBA.


Vincent has been active in the OpenPGP community since 2015. He started by developing OpenKeychain for Android, and integrating it into K-9 Mail. More recently, he co-founded the Autocrypt project, which automates public key management between email clients. In 2019, he worked together with the Sequoia team to launch as an alternative keyserver. You should look at his amazin' horse.

OpenPGP certificate: D4AB192964F76A7F8F8A9B357BD18320DEADFA11.


Kushal Das is a public interest technologist, who is currently helping to maintain SecureDrop at Freedom of the Press Foundation. He is a core deverloper of CPython (the Python programming language), and also part of the Tor Project core team, long time Fedora Project contributor, and co-founded Linux Users' group of Durgapur. Kushal is currently developing a Python module using Sequoia, and also developing a user focused tool called Tumpa to help people with generating OpenPGP keys and smartcards. He regularly blogs at

OpenPGP certificate: A85FF376759C994A8A1168D8D8219C8C43F6C5E1.


Paul's philosophy is to choose boring tech (tried and tested, openly standardized and decentralized). After working on some projects within the XMPP community where he focused on improving end-to-end encryption by contributing both protocol specifications and code, he discovered OpenPGP as yet another boring internet standard. Nowadays he primarily works on improving the status quo in the Java ecosystem. His main project is a library based on Bouncy Castle named PGPainless, around which he grew a number of additional libraries and tools. Paul appreciates collaboration and cooperates with Sequoia-PGP by contributing to interoperability testing.

OpenPGP certificate: 7F9116FEA90A5983936C7CFAA027DB2F3E1E118A.

Hacker Emeritus


Kai worked on Trusted Platform Modules before moving on to g10code to work on GnuPG and Enigmail. After two years, he joined forces with Neal and Justus to create a novel OpenPGP written in Rust. Notably, he evaluated available crypto libraries, and —settling on Nettle— he created bindings for the Rust language, and took care of the integration into the Sequoia library. Kai now works on a solution protecting the integrity of software deployments in data centers.

Kai's work was funded by the p≡p foundation.

OpenPGP certificate: E4508270DE214DF139963E7E9AC6410711E9E784.


Heiko cares deeply about free software and privacy. In 2018, he decided to take a more active role in realizing these ideas and began work on OpenPGP CA, a tool to help organizations use OpenPGP in a more secure manner with much less effort. He also works on a library for OpenPGP card devices and the opgpcard tool. Heiko lives on planet Earth.

His work is funded by the NLnet Foundation.

Heiko's work was funded by the p≡p foundation.

OpenPGP certificate: 68C8B3725276BEBB3EEA0E208ACFC41124CCB82E.


Jonas was our resident Emacs expert and involved in all kinds of projects concerning that fine editor. In 2013 he became the maintainer of Magit, a Git interface for Emacs, which is by many considered to be one of Emacs' killer features. He investigated doing the same for encrypted mail as he has done for Git.

Jonas' work was funded by the p≡p foundation.

OpenPGP certificate: 7E108E46F316CBA0CE3C8D20FC61B7237C7155B7.


Azul has been working to make the world a better place. In the last years he has joined several efforts to encrypt more emails. With he improved tooling for providers to support their users use of OpenPGP. In the context of the research project, he discussed and implemented mechanisms for key distribution and validation. He's also involved with Autocrypt

Azul's work was funded by the p≡p foundation.

OpenPGP certificate: EADBF082550195F3BE11678F25F9B1181B7374C3.


Wiktor works on Sequoia and other OpenPGP related projects including, but not limited to, OpenKeychain and OpenPGP.js. In his spare time he created a Web Key Directory checker service and designed a keybase-like system of social proofs that was later extended by the Keyoxide project. At Sequoia, Wiktor aims to "raise the ceiling, not the floor" by adding support to more elaborate security schemes including hardware security modules: TPMs and PKCS#11 tokens. Most recently he's been working on PySequoia - safe, high-level OpenPGP library for Python.

Wiktor's work was funded by the p≡p foundation.

OpenPGP certificate: 653909A2F0E37C106F5FAF546C8857E0D8E8F074.


Daniel is a long-time free software developer. He doesn't only start free software projects, but he has a history of contributing to existing efforts. Currently, his main focus is on rustup, Rust's installer. He's working to secure Rust's software distribution by improving the project's use of digital signatures. His first DebConf was DebConf 3 in Oslo, Norway. He runs, for his sins.

OpenPGP certificate: 19568523759E2A2858F4606B3CCEBABE206C3B69.


David is a developer and packager for Arch Linux and while working on their curated keyring noticed the lack of well integrated OpenPGP tooling for certain aspects of community management in the FOSS context. He worked on improvements for the sq command-line tool. David's work was partly funded by the NLnet Foundation.

OpenPGP certificate: 1793DAD5D803A8FFD7451697BB992F9864FAD168.


Nora joined the Sequoia team in April 2020. She has since focused on packaging, continuous integration, and benchmarks for the Sequoia library and tools.

Nora's work was funded by the p≡p foundation.

OpenPGP certificate: 379D09E0A09685C48312D46E9F4EE06E0E229F37.


Lars joined the Sequoia team in August, 2021. He focused on improving the sq command line tool, and related documentation. In his free time Lars likes to develop software for backups and acceptance testing. He drinks tea.

Lars' work was funded by the NLnet Foundation.

Lars' work was funded by the p≡p foundation.

OpenPGP certificate: DBE5439D97D8262664A1B01844E17740B8611E9C.


Igor is a part of the Rust dev-tools team. He doesn't stop until everything is successfully (re)written in pure Rust - including writing Windows CNG support for Sequoia.

Igor's work was funded by the p≡p foundation.

OpenPGP certificate: E92CCF70761F016F7A6A031D468FA805A2255B5C.


All caricatures are by Manuel Ruz from Cartoon Club.