Sequoia PGP is a project to create a Rust implementation of OpenPGP, and improve tooling for the OpenPGP ecosystem.
Currently we hang out on at least these IRC channels on OFTC:
- #debian-gnupg-chameleon
- #sequoia
- #rust
Contents
-
Tools
- sq, the Sequoia-PGP command line tool
- sqv, the Sequoia-PGP command line tool for verification
- sqop, the Sequoia-PGP Stateless OpenPGP CLI implementation
- sq-keyring-linter, a keyring and certificates checker
- sequoia-chameleon-gnupg, a drop-in replacement for GnuPG
- sequoia-octopus, a reimplementation of librnp for Thunderbird by Sequoia
- Integration
- Differences in implementation with GnuPG v2.3.0 or later
Tools
sq, the Sequoia-PGP command line tool
Sequoia-PGP includes a suite of library crates, which are meant to be used from applications. The sq package provides the sq command line application. sq is aimed at command line users as a way to use OpenPGP conveniently from the command line.
See the sq user guide for instructions. The program also has built-in help, using the --help option and help subcommand:
apt install sq
manpage online: https://sequoia-pgp.gitlab.io/sequoia-sq/man/sq.1.html
user guide: https://book.sequoia-pgp.org/
sqv, the Sequoia-PGP command line tool for verification
The sqv package is intended as an alternative to gpgv.
apt install sqv
It is currently used by default by apt (when present on that architecture) to verify archive signatures.
sqop, the Sequoia-PGP Stateless OpenPGP CLI implementation
The sqop package provides the sqop command implementing the SOP interface.
apt install sqop
sq-keyring-linter, a keyring and certificates checker
The sq-keyring-linter used to provide the command with the same name in Debian bookworm.
apt install sq-keyring-linter
It has been superseded with new sq versions where it has been integrated natively in sq cert lint.
sequoia-chameleon-gnupg, a drop-in replacement for GnuPG
The Rust crate "sequoia-chameleon-gnupg" is Sequoia's reimplementation of the GnuPG interfaces and builds two binaries:
- gpg-sq: OpenPGP toolkit offering an interface aligned with gpg
- gpgv-sq: Validate OpenPGP signatures as gpgv does
The following works in trixie and later:
sequoia-chameleon-gnupg: apt install sequoia-chameleon-gnupg (installs /usr/bin/gpgv-sq and /usr/bin/gpg-sq)
gpgv-sq: apt install gpgv-sq (installs it into /usr/bin/gpgv-sq)
gpg-sq: apt install gpg-sq (installs it into /usr/bin/gpg-sq)
gpgv-from-sq: apt install gpgv-from-sq (replaces gpgv with the chameleon)
gpg-from-sq apt install gpg-from-sq (replaces gpg with the chameleon)
sequoia-octopus, a reimplementation of librnp for Thunderbird by Sequoia
Thunderbird by default ships librnp which is a C++ implementation of OpenPGP. The libsequoia-octopus-librnp provides a reimplementation of librnp based on the Sequoia-PGP libraries in Rust. It is possible to replace that librnp by that implementation by running:
apt install libsequoia-octopus-librnp
Integration
There are some references on how to integrate Sequoia-PGP into various tools at https://www.reddit.com/r/GnuPG/comments/tt5zxe/anyone_using_sequoia_sq_instead_of_gpg/.
mutt
The following configuration fragment should work out of the box for the OpenPGP support, except for:
the sign commands which require pgp_default_key or pgp_sign_as to be defined to the desired fingerprint.
The config currently needs sq, and gpg-sq due to:
the pgp_list_*_command options currently require gpg-sq, but would ideally use a native interface.
- the pgp_decode_command option expected to perform multiple actions instead of having one option per action.
~/.config/mutt/pgp-sq.rc:
# OpenPGP support using Sequoia-PGP. # Based on <https://git.sr.ht/~ireas/sq-mutt/tree/master/sq.rc>. # vim:syn=muttrc: set crypt_use_gpgme=no #unset pgp_use_gpg_agent set pgp_timeout=3600 # Encryption and signing # TODO: This relies on gpg-sq, as upstream does not distinguish between # verifying cleartext, decrypting messages and analyzing public keys, for # application/pgp types. set pgp_decode_command="gpg-sq --status-fd=2 %?p?--passphrase-fd 0 --pinentry-mode=loopback? --no-verbose --quiet --batch --output - %f" set pgp_verify_command="sq verify --signature-file %s -- %f" set pgp_sign_command="sq sign --batch %?a?--signer %a? --mode text --signature-file - -- %f" set pgp_clearsign_command="sq sign --batch %?a?--signer %a? --cleartext -- %f" set pgp_decrypt_command="sq decrypt --batch --signatures 0 -- %f" # Note: We use pgpewrap because %r is a list, and --for only handles one # argument per option. set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap sq encrypt --batch -- --for %r -- %f" set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap sq encrypt --batch %?a?--signer %a? -- --for %r -- %f" # Keyring management set pgp_import_command="sq cert import -- %f" set pgp_export_command="sq cert export --cert %r" # Note: Disabled by default as the search can take some time. #set pgp_getkeys_command="sq network search --batch --quiet -- %r" set pgp_verify_key_command="sq pki identify --cert %r 2>&1" # TODO: This relies on gpg-sq, ideally this would use a native interface. # Note: the second --with-fingerprint adds fingerprints to subkeys set pgp_list_pubring_command="gpg-sq --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-keys %r" set pgp_list_secring_command="gpg-sq --no-verbose --batch --quiet --with-colons --with-fingerprint --with-fingerprint --list-secret-keys %r" set pgp_good_sign="^[[:space:]]*Good signature from " set pgp_decryption_okay="^[[:space:]]*Encrypted using " # TODO: Does mutt handle non-zero error codes correctly? set pgp_check_exit=yes unset pgp_check_gpg_decrypt_status_fd
Differences in implementation with GnuPG v2.3.0 or later
Sequoia provides a complete implementation of OpenPGP as defined by RFC 9580 and RFC 4880 as well as some extensions (e.g., RFC 6637, which describes ECC cryptography for OpenPGP). OpenPGP is an IETF standard. For more information, refer to Sequoia's documentation and Sequoia's implementation status.
GnuPG does not yet implement the latest version of OpenPGP (RFC 9580). As of version 2.3.0, which was released on April 7, 2021, GnuPG implements LibrePGP, which is an incompatible fork of the OpenPGP specification, and has several documented weaknesses. Among other things, LibrePGP introduces support for v5 keys, which are incompatible with RFC 9580's key. This mail includes a more complete list of differences. Since LibrePGP uses different data structures from OpenPGP, there is a chance that keys and signatures generated with GnuPG v2.3.0 or later may be unreadable by OpenPGP-compliant implementations.