We're happy to announce the release of version 1.4 of our low-level
OpenPGP library. The most prominent change is the addition of a new
cryptographic backend based on the [RustCrypto] crates.
[RustCrypto]: https://github.com/RustCrypto
## Cryptographic backends
Sequoia allows you to chose between several cryptographic libraries at
compile time. Previously, there were two options available:
- Nettle: Based on the [Nettle cryptographic library]
- CNG: Using Windows' [Cryptography API: Next Generation] (only
available on Windows)
This release adds a third option:
- RustCrypto: Cryptographic algorithms implemented in [pure Rust]
This work was started by Nikhil Benesch sponsored by [Materialize]
(you can [sponsor] us too!). This makes it possible to use Sequoia in
environments where the other options are not available or desirable
(e.g. WASM, non-Rust dependencies). The set of supported
cryptographic algorithms depends on the backend, for more information
please see our [status page].
[Nettle cryptographic library]: https://www.lysator.liu.se/~nisse/nettle/
[Cryptography API: Next Generation]: https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal
[pure Rust]: https://github.com/RustCrypto
[sponsor]: https://pep.foundation/support-pep/index.html
[Materialize]: https://materialize.com/
[status page]: /status/#algorithms
## Sequoia 1.4
During the 1.x release cycle, we are adding features, fixing bugs, and
improving the documentation, while keeping the API stable. Downstream
users should be able to update to version 1.4 without changing their
code. In December 2020, we commited to providing security fixes for
and maintaining the 1.x releases for 1 year. We remain commited to
that promise.
### Notable Bug Fixes
- [#738]: Unbounded, attacker-controlled heap allocation during
decryption of AEAD encrypted messages.
[#738]: https://gitlab.com/sequoia-pgp/sequoia/-/issues/738
- [win-crypto-ng#39]: Some DSA keys triggered a crash in the CNG
backend. Sequoia now works around that problem.
[win-crypto-ng#39]: https://github.com/emgre/win-crypto-ng/issues/39
### New API
The following new functions have been added:
- CipherSuite::is_supported
- MPI::value_padded
- Preferences::policy_uri
- ProtectedMPI::value_padded
- TSK::eq
- ValidAmalgamation::revocation_keys
- ValidCert::policy_uri
- ValidCert::revocation_keys