GnuPG developers have recently begun working on Sequoia, a new OpenPGP implementation in Rust. OpenPGP is an open, free version of the Pretty Good Privacy (PGP) standard. It defines standard formats for emails and other message encryption and is based on the original PGP (Pretty Good Privacy) software.
Sequoia is an OpenPGP library that provides easy-to-use cryptography for applications. It helps you protect the privacy of your users and is easy to incorporate into your application, no matter what language you use. It helps you manage your keys better as its keystore stores keys and updates them so that new keys or revocations are discovered in a timely manner.
It is currently in development led by three former GnuPG developers, Neal H. Walfield, Justus Winter, and Kai. The project is funded by the p≡p foundation, where each of the aforementioned developers has been working since fall 2017.
What motivated the developers for this new implementation was their experience with GnuPG, a free software replacement for Symantec’s PGP cryptographic software. PGP or Pretty Good Privacy is a program which is used to encrypt and decrypt texts, emails, files, directories, etc. to increase the security of data communications.
According to Neal H. Walfield, GnuPG posed several problems as “it is hard to modify due to lack of unit tests and tight component coupling”. He also mentioned other reasons like how a lot of developers are unsatisfied with GnuPG’s API and that GnuPG can’t be used on iOS due to GPL.
The developers also have major social and technical goals in mind for Sequoia. “The social goals are — to create an inclusive environment in our project, it should be free software and — community-centered,” says Neal. Here’s the video of Neal introducing the new OpenPGP library:
On the technical side, the team is taking a different approach. They are putting the library API first, and a command-line interface tool, second. Neal says that the team “encourages” the users to use the library. They also aim to create an API which is friendly, easy to use and supports all modern platforms such as Android, iOS, Mac, etc.
Let’s have a look at how Sequoia is built. Starting at the bottom level, we have the OpenPGP library which provides the low-level interface. There are two services built on top of this library, namely, Sequoia network service ( helps with accessing keyservers) and Sequoia-store which is used for accessing and storing the public keys along with the private keys.
On top of these three, there is a Sequoia library, a high-level API. If it’s a rust application, then it can use this library directly or else it can access the library via FFI ( foreign function interface).
Apart from this, the vision for Sequoia is “a nice OpenPGP implementation — with focus on user development, and its community” says Neal.
For more information on Sequoia, check out the official Sequoia documentation.
