Sequoia is a project to provide encryption, verification, and authentication tools to users and developers to improve their privacy, and security. Sequoia is built around the the OpenPGP standard, but it is much more than just a reimplementation of the standard; it is a whole ecosystem.
Sequoia was started in 2017 by three former GnuPG developers. Unsurprisingly, its architecture is based on their experiences working with GnuPG, and interacting with GnuPG's community.
Sequoia's design philosophy is to provide low-level, policy-free (or policy-light) mechanisms that are secure by default, and cater to users' needs. These low-level mechanisms are augmented by higher level APIs, which progressively add more policy. This design allows users to choose the mechanisms and abstractions that are appropriate for their project.
Sequoia also takes a library-first approach. Our primary command-line
frontend, sq, exposes a lot of functionality, but the libraries are
more flexible. They also don't call out to the command line tool.
More information about the project is on our homepage. Most development is done on Gitlab.
Some of our projects include:
- sequoia-openpgp: Our low-level library.
sq: Our primary command-line frontend.gpgchameleon: A faithful reimplementation of thegpgcommand-line interface using Sequoia's libraries.- Thunderbird
Octopus: A
drop-in replacement of
rnpfor Thunderbird, which restores itsgpgintegration, and web of trust support. - Sequoia git: A specification, and tool for managing a commit signing policy, and checking that commits follow the policy.
- OpenPGP interoperability test suite: An OpenPGP interoperability test suite.