There are a number of projects under the Sequoia umbrella, or a somehow associated with the Sequoia project.



OpenPGP data types and associated machinery.

This crate aims to provide a complete implementation of OpenPGP as defined by RFC 4880 as well as some extensions (e.g., RFC 6637, which describes ECC cryptography for OpenPGP. There are prototypes of crates providing higher-level interfaces. Take a look at the other crates in the toplevel of the repository.


An implementation of SOP using Sequoia.

sqop implements the Stateless OpenPGP Command Line Interface and provides encryption, decryption, signature creation and verification, and basic key and certificate management with a convenient git-style subcommand interface.


A command-line OpenPGP signature verification tool.

sqv verifies detached OpenPGP signatures. It is a replacement for gpgv. Unlike gpgv, it can take additional constraints on the signature into account. It is designed for sotware distribution systems. See this bug report.


A command-line frontend for Sequoia.

sq provides encryption, decryption, signature creation and verification, key and certificate management, and key server and WKD interactions with a convenient git-style subcommand interface.

Language bindings

C bindings for Sequoia

Allows the use of Sequoia from the C programming language.

Python bindings for Sequoia

Allows the use of Sequoia from the Python programming language.

Ruby bindings for Sequoia

Allows the use of Sequoia from the Ruby programming language.

Projects under Sequoia's Umbrella


Hagrid is a verifying OpenPGP key server.

Hagrid, notably running on, is a public service for the distribution and discovery of OpenPGP-compatible keys, commonly referred to as a keyserver. In contrast to conventional keysevers, Hagrid does not publish identity information without the consent of the user, and allows the removal of identity information.


OpenPGP CA is a tool for managing OpenPGP keys within an organization.

OpenPGP CA's primary goal is to make it trivial for end users to authenticate OpenPGP keys for users in their organization or in an adjacent organization. In other words, OpenPGP CA makes it possible for users in an organization to securely and seamlessly communicate via PGP-encrypted email using existing email clients and encryption plugins without having to manually compare fingerprints and without having to understand OpenPGP keys or signatures.


Koverto is an OpenPGP encrypting SMTP Proxy.

Integrating OpenPGP encryption in the mail server makes it easy to encrypt messages from any service. Koverto signs and encrypts notification emails before it sends them out to the recipients.

OpenPGP interoperability test suite

A test suite designed to chart and improve interoperability of OpenPGP implementations.

It uses a simple black-box API implemented by several backends, and maps test over all implementations. Implementations that implement a subset of the Stateless OpenPGP Command Line Interface can be plugged into the test suite.

A PGP packet dumper as a service.

Rust bindings for nettle

Rust bindings for the Nettle cryptographic library.


pgpcat is a simple program to extract the data from an OpenPGP message. This program does not do any decryption nor does it verify signatures. In fact, it can't even decompress any compressed data.

pgpcat is a first step towards allowing data to be signed inline by default. Distributing signatures inline makes it much easier to verify signatures, because there is only a single file to download, and there is no need to determine what the signature file is called (foo.sig? foo.sign? foo.asc?) or whether the signature data is over the compressed or uncompressed data (for instance, the linux kernel distributes linux.tar.gz, but the signature is over linux.tar).


Web Key Directory checker provides a lint service for WKD deployments.

    Downstream users


    Pijul is a free and open source distributed version control system.

    Its distinctive feature is to be based on a sound theory of patches, which makes it easy to learn and use, and really distributed. The main difference between Pijul and Git is that Pijul deals with changes (or patches), whereas Git deals only with snapshots (or versions).


    A distributed Key to IP Address query network.

    KIPA is a look-up service for finding out which IP addresses belong to a public key. Everyone on the KIPA network allows themselves to be looked up by their key, and is helps to look up others in the network. It is distributed, meaning that there is no single server on which the network relies. It is zero-trust, meaning it is resilient against bad actors. It is scalable, performing well with large network sizes and slow network speeds.


    Secure peer-to-peer code collaboration without intermediaries.

    Radicle is being built to provide a convenient collaboration workflow without intermedaries or central servers. Issues, patches and code review items can be shared seamlessly between peers and interacted with on the user's machine, just like one interacts with a git repository.

    If you want to include a project in this list, please get in contact.