Hey folks :)
I'd like to inform you about the recent progress on your favorite
OpenPGP implementation. It has been eight weeks since I last wrote an
update, and there are exciting developments to report.
First of all, the Sequoia project made their [first release] at
RustConf Rome during Neal's talk ([video], [slides]) about our
experiences with Rust. The release includes only the low-level
`openpgp` crate, which we renamed to [`sequoia-openpgp`] to avoid a
[first release]: https://sequoia-pgp.org/blog/2018/11/26/initial-release/
In the weeks prior to the release, we moved a lot of code around, and
refined our API. For example, we introduced a [`crypto`] module and
moved all low-level crypto primitives there.
When generating keys, we now always generate a revocation certificate
in the hope that it will encourage the callee to store it for later
use. Furthermore, our handling of revocations has been improved.
We released the [bindings] for our cryptographic library, Nettle, and
made Sequoia use the released version. We fixed a corner-case with
Cv25519 keys encoded using OpenPGP.
Our command-line frontend `sq` gained a key generation subcommand, and
is now able to verify detached signatures.
Our C API got a significant number of new functions.
Finally, our detached signature verifiaction tool [sqv] was moved to
its own crate. As it only uses the low-level [`sequoia-openpgp`]
crate, we were able to release it on crates.io. Furthermore, since it
doesn't operate on compressed data, we are able to disable
decompression support in the [`sequoia-openpgp`] crate, reducing the
trusted computing base and simplifying packaging of the dependencies.
Work has begun to [package] it for Debian.
That's all for today, and thanks for flying Sequoia!