Brussels / 3 & 4 February 2024


Sequoia PGP: Rethinking OpenPGP Tooling

Six and a half years ago, we, Justus, Kai, and Neal, started the Sequoia PGP project. Our goal with Sequoia PGP was not just to implement OpenPGP in Rust, but to provide a set of privacy and security tools that are easier to use, and more robust than what was previously available.

Although OpenPGP is widely considered hard to use, overcomplicated, and the stuff of nerds, our prior experience working on another OpenPGP implementation suggested that the OpenPGP standard is actually pretty good, but the tooling needs improvement.

In this talk, I'll present Sequoia's architecture (library first), our design philosophy (usable, low-level, unopinionated interfaces, which are secure by default and are complemented by high-level opinionated interfaces), and the status of the project (we released 1.0 of our low-level library in December 2020, and are currently working towards 1.0 releases of our higher-level libraries and services).

Today, Sequoia PGP is used by the RPM package manager, which has shipped with Fedora since version 38. Sequoia PGP has been adopted by SecureDrop, a whistle blowing platform, which is relied by many news organizations around the world. And, Switzerland's BioMedIt uses it as part of their Sett tool, which hospitals and researchers use to exchange sensitive medical information.


Photo of Neal H. Walfield Neal H. Walfield