Sequoia, a library that implements OpenPGP standards

Sequoia is a function library and command line toolkit which implements the OpenPGP standards (RFC-4880), this library is being developed by three members of the GnuPG project, who decided to create a new free implementation of OpenPGP in the Rust language to improve the security and reliability of the codebase, that provides tools to work safely with memory.

In addition to improving safety, Sequoia it is also trying to get rid of the glitches in GnuPG, which cannot be fixed in the main project without breaking compatibility or significantly reworking the code base.

For example, GnuPG is tightly coupled between components, making it difficult to make changes, it confuses the code base and makes it difficult to create a complete unit test system. The gpupg command line toolkit is not functionally synchronized with the function library and some actions can only be performed through the utility.

Sequoia introduces sq command line utility with Git style subcommand support and two API options: low level and high level. There are links for the C and Python languages.

Most of the functions described in the standard OpenPGP support encryption, decryption, creation and verification of digital signatures.

Among the advanced features, it is observed that it admits the verification by digital signatures supplied separately, adaptation for integration with package managers (APT, RPM, cargo, etc.), the ability to limit signatures by threshold values ​​and time.

The low-level API reproduces as faithfully as possible the capabilities of OpenPGP and some related extensions, such as ECC support and draft elements of the future edition of the standard. The only exceptions are the inherited parts of the specification that can negatively affect security, such as MD5 hashing support.

The low-level API also supports unbuffered message processing. The low-level API is already very close to full coverage of the OpenPGP standard and ready to manipulate OpenPGP data at a low level (stable version 1.0 expected soon).

While on the other hand, the high-level API is still beginning to evolve and so far it only covers capabilities such as public key storage and access over the network. Other domain-specific and support capabilities will be added as the project develops.

The package also provides powerful package inspection tools that can be used during incident development, debugging, and analysis. Inspection tools are integrated with the analyzer to visually analyze the structure of encrypted messages, digital signatures, and keys.

Today Sequoia supported platforms are Linux, FreeBSD, Windows, macOS, Android and iOS, In addition, it is possible to use cryptographic services provided by the platform, as coprocessors for the calculation in isolated enclaves.

To provide additional isolation, it is practiced to separate services that work with public and private keys into separate processes. For example, a keystore is developed in the form of a separate process. The Cap'n Proto protocol is used for process interaction.

Finally, it remains to be mentioned that recently a new version was released of Sequoia, the most current version being Sequoia 0.20.0 in which se add the sequoia-openpgp package low-level, the program sqv (replacement of gpgv) to verify separate signatures and the sqop utility with the implementation of the Stateless OpenPGP CLI.

The requirements for the Rust language have been raised to version 1.46 and the use of the continuous integration system to check for changes has been expanded and the OpenPGP compatibility test suite has been improved.

If you want to know more about it about this library, you can check the details on its official website In the following link.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.