Sequoia PGP is a project to create a Rust implementation of OpenPGP, and improve tooling for the OpenPGP ecosystem.

Currently we hang out on at least these IRC channels on OFTC:

Tools

sq, the Sequoia-PGP command line tool

Sequoia-PGP includes a suite of library crates, which are meant to be used from applications. This crate provides the sq command line application. sq is aimed at command line users as a way to use OpenPGP conveniently from the command line.

See the sq user guide for instructions. The program also has built-in help, using the --help option and help subcommand:

sqv, the Sequoia-PGP command line tool for verification

This is intended as an alternative to gpgv.

sqop, the Sequoia-PGP Stateless OpenPGP CLI implementation

This command implements the SOP interface.

sq-wot, a Web Of Trust exploration tool

Parts of this are already integrated in sq pki.

sq-keyring-linter, a keyring and certificates checker

Parts of this are already integrated in sq keyring lint.

sequoia-chameleon-gnupg, a drop-in replacement for GnuPG

The Rust crate "sequoia-chameleon-gnupg" is Sequoia's reimplementation of the GnuPG interfaces and builds two binaries:

The following works in trixie and later:

This is currently only available in unstable:

FIXME: include these descriptions "elsewhere"

Package: sequoia-chameleon-gnupg
Description: Sequoia's GnuPG CLI tools (metapackage)
 This metapackage depends on the following binary packages:
  - gpg-sq: gpg-like OpenPGP CLI toolkit
  - gpgv-sq: gpgv-like validator for OpenPGP signatures
 Both are drop-in replacements using the Sequoia OpenPGP implementation
 provided in the Rust crate sequoia-chameleon-gnupg.

Package: gpg-sq
Recommends:
 sq
Description: gpg-like OpenPGP CLI toolkit
 gpg-sq is Sequoia's alternative implementation of a tool following
 the GnuPG command line interface. It provides a drop-in but not
 feature-complete replacement for the GnuPG project's gpg.
 .
 It currently implements a commonly used subset of the signature
 creation and verification commands, the encryption and decryption
 commands, the key listing commands, and some miscellaneous commands.
 .
 Support for trust models is limited.  Currently, the web-of-trust
 and always-trust models are implemented (as "--pgp" and "--always").
 .
 This tool is provided by the Sequoia project via the sequoia-chameleon-gnupg
 crate.

Package: gpgv-sq
Recommends:
 sq
Description: gpgv-like validator for OpenPGP signatures
 gpgv-sq is Sequoia's alternative implementation of a verification-only
 interface for OpenPGP signatures. It provides a feature-complete drop-in
 replacement for the GnuPG project's gpgv.
 .
 This tool is provided by the Sequoia project via the sequoia-chameleon-gnupg
 crate.

Package: gpg-from-sq
Depends:
 gpg-sq
Description: use gpg-sq for /usr/bin/gpg
 This package diverts the GnuPG implementation of gpg (if installed)
 to gpg-g10code, while /usr/bin/gpg is provided by the Rust crate
 sequoia-chameleon-gnupg.

Package: gpgv-from-sq
Depends:
 gpgv-sq
Description: use gpgv-sq for /usr/bin/gpgv
 This package diverts the GnuPG implementation of gpgv (if installed)
 to gpgv-g10code, while /usr/bin/gpgv is provided by the Rust crate
 sequoia-chameleon-gnupg.

sequoia-octopus, a reimplementation of librnp for Thunderbird by Sequoia

Thunderbird by default ships librnp which is a C++ implementation of OpenPGP. In unstable it's possible to replace that librnp by an implementation by Sequoia in Rust by running:

Integration

There are some references on how to integrate Sequoia-PGP into various tools at https://www.reddit.com/r/GnuPG/comments/tt5zxe/anyone_using_sequoia_sq_instead_of_gpg/.

For mutt there is also sq-mutt but this hasn't seen any commits since 2022.