We're happy to announce the release of version 1.3 of our low-level
OpenPGP library. For those of you following along at home, you're
probably asking what happened to 1.2. This past Sunday was [PGP's 30th
birthday]. To celebrate *three* decades of PGP, we've decided to skip
1.2 and directly release 1.*3*.
[PGP's 30th birthday]: https://philzimmermann.com/EN/essays/PGP_30th/
Sequoia PGP is the most advanced OpenPGP implementation available today.
-Phil Zimmermann, Creator of PGP
30 years is a long time for a program. And indeed, today, the
[original PGP implementation][broadcom-pgp] is hardly recognizable
after having changed hands so many times. However, OpenPGP, the
protocol that PGP used and was standardized by the IETF first in [RFC
1991] in 1996, and updated by [RFC 2440] and [RFC 4880], lives on.
And, it still has one of the most flexible authentication mechanisms
and PKIs. Historically, this has only been accessible to advanced
users, but through our work on tools like [keys.openpgp.org] and
[OpenPGP CA], we are starting to leverage its strength to bring strong
and easy-to-use authentication to normal users. For this reason and
others, [Phil Zimmermann], the creator of PGP, has said that "Sequoia
PGP is the most advanced OpenPGP implementation available today."
We're proud to have a [Champion of Freedom]'s endorsement, and will
continue to innovate in this space to better protect the privacy and
security of Internet users.
[RFC 1991]: https://datatracker.ietf.org/doc/html/rfc1991
[RFC 2440]: https://datatracker.ietf.org/doc/html/rfc2440
[RFC 4880]: https://datatracker.ietf.org/doc/html/rfc4880
[Phil Zimmermann]: http://philzimmermann.com/EN/background/index.html
[OpenPGP CA]: https://openpgp-ca.org
[Champion of Freedom]: https://epic.org/events/RELEASE-EPIC-Int%27l-Award-2015.pdf
## Sequoia 1.3
During the 1.x release cycle, we are adding features, fixing bugs, and
improving the documentation, while keeping the API stable. Downstream
users should be able to update to version 1.3 without changing their
code. In December 2020, we commited to providing security fixes for
and maintaining the 1.x releases for 1 year. We remain commited to
### Security Fixes
We are not aware of any security issues in this version of Sequoia.
However, if you are using Sequoia with Nettle, Sequoia's default
cryptographic backend, please be aware that versions of Nettle prior
to 3.7.3 have a bug, which an attacker can exploit to crash Nettle and
consequently the program using Sequoia. For more details, please see
[CVE-2021-3580] and Nettle's [release announcement].
[release announcement]: http://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009545.html
### Notable Bug Fixes
- [#715]: The Windows CNG backend did not clamp Curve25519 secret
key material prior to using them. This caused decryption failures
when using the keys. According to the standard, Curve25519 keys
must be clamped, however, some OpenPGP implementations did not do
this. Rather than force the user to create new keys, the Windows
CNG backend now simply clamps the keys. This also aligns the
behavior of the CNG backend with the Nettle backend.
- [#706]: `Cert::insert_packets` ran in quadratic time. We rewrote
the deduplication code to run in `O(n * log n)` time.
- [#699]: When `CertParser` encountered invalid data, it would
eagerly return the error before returning the already parsed
certificate. This has been fixed to first return the pending
certificate and then return the error.
- Sequoia now supports [first-party attestations of third-party
confirmation signatures]. This lets certificate holders [attest
to third-party certifications] over their certificate, and allow
those certifications to be distributed by a abuse-resistant
keyserver (like, for example, https://keys.openpgp.org) that
preserves the holders sovereignty over the information
[distributed with her cert].
- Sequoia now allows the [re-use of session keys]. This solves a
long-standing problem: How do you reply to an email if you don't
have the certs of each and every recipient? Previously, users had
no chance but to reply in plaintext, potentially revealing
sensitive information. With session key re-use, the original
message's session key is used, which already has been encrypted
for every recipient in the conversation.
- Sequoia's [certificate builder] is now more flexible: it allows
binding signatures to be customized. For example, you can add
notations to it, [restricting the use of subkeys to certain
[first-party attestations of third-party confirmation signatures]: https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-rfc4880bis-10.html…
[attest to third-party certifications]: https://docs.sequoia-pgp.org/sequoia_openpgp/cert/amalgamation/struct.Compo…
[distributed with her cert]: https://docs.sequoia-pgp.org/sequoia_openpgp/cert/amalgamation/struct.Valid…
[re-use of session keys]: https://docs.sequoia-pgp.org/sequoia_openpgp/serialize/stream/struct.Encryp…
[certificate builder]: https://docs.sequoia-pgp.org/sequoia_openpgp/cert/struct.CertBuilder.html
[restricting the use of subkeys to certain domains]: https://docs.sequoia-pgp.org/sequoia_openpgp/cert/struct.CertBuilder.html#e…
### New API
The following new functions have been added: