Status

This documents the current status of Sequoia as of 2019-02-20 . Note: At this point, there are few to no projects using Sequoia, so there is not a lot of experience with it in the wild. Crucially, no audit has been done, and few people have looked at the source.

OpenPGP

RFC4880bis-06 RFC4880 Content Status Notes
2 2 General functions
2.1 2.1 Confidentiality via Encryption
2.2 2.2 Authentication via Digital Signature
2.3 2.3 Compression See below for supported algorithms.
2.4 2.4 Conversion to Radix-64
2.5 2.5 Signature-Only Applications
3.2 3.2 Multiprecision Integers
3.3 3.3 Key IDs
3.6 3.6 Keyrings
3.7.1 3.7.1 String-to-Key (S2K) Specifier Types
3.7.2 3.7.2 String-to-Key Usage
4.2.1 4.2.1 Old Format Packet Lengths
4.2.2 4.2.2 New Format Packet Lengths
4.3 4.3 Packet Tags
5.1 5.1 Public-Key Encrypted Session Key Packets (Tag 1)
5.2.1 5.2.1 Signature Types
5.2.2 5.2.2 Version 3 Signature Packet Format
5.2.3 5.2.3 Version 4 Signature Packet Format
5.2.3 Version 5 Signature Packet Format
5.2.3.1 5.2.3.1 Signature Subpacket Specification Parsing & serializing of all subpackets, not all are honored.
5.2.3.4 5.2.3.4 Signature Creation Time
5.2.3.5 5.2.3.5 Issuer
5.2.3.6 5.2.3.6 Key Expiration Time
5.2.3.7 5.2.3.7 Preferred Symmetric Algorithms
5.2.3.8 Preferred AEAD Algorithms
5.2.3.9 5.2.3.8 Preferred Hash Algorithms
5.2.3.10 5.2.3.9 Preferred Compression Algorithms
5.2.3.11 5.2.3.10 Signature Expiration Time
5.2.3.12 5.2.3.11 Exportable Certification
5.2.3.13 5.2.3.12 Revocable
5.2.3.14 5.2.3.13 Trust Signature
5.2.3.15 5.2.3.14 Regular Expression Regular expressions are not yet supported .
5.2.3.16 5.2.3.15 Revocation Key
5.2.3.17 5.2.3.16 Notation Data
5.2.3.17.1 The ‘charset’ Notation
5.2.3.17.2 The ‘manu’ Notation
5.2.3.17.3 The ‘make’ Notation
5.2.3.17.4 The ‘model’ Notation
5.2.3.17.5 The ‘prodid’ Notation
5.2.3.17.6 The ‘pvers’ Notation
5.2.3.17.7 The ‘lot’ Notation
5.2.3.17.8 The ‘qty’ Notation
5.2.3.17.9 The ‘loc’ and ‘dest’ Notations
5.2.3.17.10 The ‘hash’ Notation
5.2.3.18 5.2.3.17 Key Server Preferences
5.2.3.19 5.2.3.18 Preferred Key Server
5.2.3.20 5.2.3.19 Primary User ID
5.2.3.21 5.2.3.20 Policy URI
5.2.3.22 5.2.3.21 Key Flags
5.2.3.23 5.2.3.22 Signer’s User ID
5.2.3.24 5.2.3.23 Reason for Revocation
5.2.3.25 5.2.3.24 Features
5.2.3.26 5.2.3.25 Signature Target
5.2.3.27 5.2.3.26 Embedded Signature
5.2.3.28 Issuer Fingerprint
Intended Recipient Proposed.
5.2.4 5.2.4 Computing Signatures
5.3 5.3 Symmetric-Key Encrypted Session Key Packets (Tag 3) V4
5.3 Symmetric-Key Encrypted Session Key Packets (Tag 3) V5
5.4 5.4 One-Pass Signature Packets (Tag 4)
5.5.2 5.5.2 Public-Key Packet Format V2 Obsolete.
5.5.2 5.5.2 Public-Key Packet Format V3 Obsolete.
5.5.2 5.5.2 Public-Key Packet Format V4
5.5.2 5.5.2 Public-Key Packet Format V5
5.5.3 5.5.3 Secret-Key Packet Format V2 Obsolete.
5.5.3 5.5.3 Secret-Key Packet Format V3 Obsolete.
5.5.3 5.5.3 Secret-Key Packet Format V4
5.5.3 5.5.3 Secret-Key Packet Format V5
5.6.1 Algorithm-Specific Part for RSA Keys
5.6.2 Algorithm-Specific Part for DSA Keys
5.6.3 Algorithm-Specific Part for Elgamal Keys
5.6.4 Algorithm-Specific Part for ECDSA Keys
5.6.5 Algorithm-Specific Part for EdDSA Keys
5.6.6 Algorithm-Specific Part for ECDH Keys
5.7 5.6 Compressed Data Packet (Tag 8)
5.8 5.7 Symmetrically Encrypted Data Packet (Tag 9) Insecure.
5.9 5.8 Marker Packet (Obsolete Literal Packet) (Tag 10)
5.10 5.9 Literal Data Packet (Tag 11)
5.11 5.10 Trust Packet (Tag 12) Implementation defined.
5.12 5.11 User ID Packet (Tag 13)
5.13 5.12 User Attribute Packet (Tag 17)
5.13.1 5.12.1 The Image Attribute Subpacket
5.13.2 User ID Attribute Subpacket
5.14 5.13 Sym. Encrypted Integrity Protected Data Packet (Tag 18)
5.15 5.14 Modification Detection Code Packet (Tag 19)
5.16 AEAD Encrypted Data Packet (Tag 20)
5.16.1 EAX Mode
5.16.2 OCB Mode
6.2 6.2 Forming ASCII Armor
7 7 Cleartext Signature Framework
8 8 Regular Expressions
9.1 9.1 Public-Key Algorithms See below for supported algorithms.
9.2 ECC Curve OID See below for supported algorithms.
9.3 9.2 Symmetric-Key Algorithms See below for supported algorithms.
9.4 9.3 Compression Algorithms See below for supported algorithms.
9.5 9.4 Hash Algorithms See below for supported algorithms.
9.6 AEAD Algorithms See below for supported algorithms.
11 11 Packet Composition
11.1 11.1 Transferable Public Keys We use a formal grammar.
11.2 11.2 Transferable Secret Keys We use a formal grammar.
11.3 11.3 OpenPGP Messages We use a formal grammar.
11.4 11.4 Detached Signatures
12.1 12.1 Key Structures V3 Obsolete.
12.1 12.1 Key Structures V4
12.2 12.2 Key IDs and Fingerprints V3 Obsolete.
12.2 12.2 Key IDs and Fingerprints V4
12.2 Key IDs and Fingerprints V5
13 Elliptic Curve Cryptography
13.1 Supported ECC Curves See below for supported algorithms.
13.2 ECDSA and ECDH Conversion Primitives
13.3 EdDSA Point Format
13.4 Key Derivation Function
13.5 EC DH Algorithm (ECDH)

Algorithms

We gracefully handle unknown algorithms during parsing and serialization even if we do not support them. This is important for roundtripping OpenPGP packets.

Public-Key Algorithms

ID Algorithm Status Notes
1 RSA (Encrypt or Sign)
2 RSA Encrypt-Only
3 RSA Sign-Only
16 Elgamal (Encrypt-Only) Not supported by Nettle.
17 DSA (Digital Signature Algorithm)
18 ECDH public key algorithm See below for the supported curves.
19 ECDSA public key algorithm See below for the supported curves.
20 Reserved (formerly Elgamal Encrypt or Sign) Insecure.
21 Reserved for Diffie-Hellman (X9.42, as defined for IETF-S/MIME)
22 EdDSA
23 Reserved for AEDH
24 Reserved for AEDSA

ECDH

Curve name Status Notes
NIST P-256
NIST P-384
NIST P-521
brainpoolP256r1 Currently not supported by Nettle.
brainpoolP512r1 Currently not supported by Nettle.
Curve25519

ECDSA

Curve name Status Notes
NIST P-256
NIST P-384
NIST P-521
brainpoolP256r1 Currently not supported by Nettle.
brainpoolP512r1 Currently not supported by Nettle.

Symmetric-Key Algorithms

ID Algorithm Status Notes
1 IDEA Not supported by Nettle.
2 TripleDES (DES-EDE)
3 CAST5 (128 bit key)
4 Blowfish (128 bit key, 16 rounds)
7 AES with 128-bit key
8 AES with 192-bit key
9 AES with 256-bit key
10 Twofish with 256-bit key
11 Camellia with 128-bit key
12 Camellia with 192-bit key
13 Camellia with 256-bit key

Compression Algorithms

ID Algorithm Status Notes
0 Uncompressed
1 ZIP
2 ZLIB
3 BZip2

Related Functionality

Streaming Operation

Safe processing of OpenPGP data requires streaming operation, which we support on all levels.

Public Key Store

Basic prototype exists. Supports refreshing keys in the background.

Key Server

Aspect Status Notes
HKP(S) get Only by KeyID.
HKP(S) send

Autocrypt

Aspect Status Notes
header parsing
keygen V1
keygen V1.1
peer state
header inject
recommend
encrypt
setup message
setup process
gossip
uid decorative

Interfaces

Crate API Status Notes
sequoia-openpgp Rust Mostly feature complete Low-level interface.
sequoia-openpgp-ffi C Incomplete Low-level interface.
sequoia-net Rust Basic HKP(S) support
sequoia-store Rust Incomplete
sequoia Rust Incomplete High-level interface.
sequoia-ffi C Incomplete High-level interface.
python-sequoia Python Early prototype High-level interface.
sqv command line Feature complete Verifies detached signatures, a gpgv replacement.
sq command line Incomplete Generic tool for interactive use.