Hello everyone :)
I'd like to inform you about the recent progress on your favorite
OpenPGP implementation. We've been quite busy in the last three weeks,
and among various cleanups and bug fixes, we implemented the following
Our frontend gained a new subcommand, sq split, that recursively
splits an OpenPGP message into packets that can easily be recombined
Sequoia now supports all ciphers specified in OpenPGP (RFC 4880 and
RFC 4880bis) that are supported by our crypto library Nettle, namely
TripleDES, Blowfish, AES128, AES192, AES256, Twofish, Camellia128,
Camellia192, and Camellia256.
Our handling of multi-precision integers changed substantially.
Previously, we used plain vectors of MPIs, now we have a sum type that
is aware of the kind of data we expect, e.g. whether we have an RSA
public key with two MPIs, e and n, or an ECDSA public key with a Curve
OID and an MPI q containing the encoded point on the curve.
Sequoia now supports verification of DSA signatures, ECDSA signatures
using the NIST curves specified in RFC 6637, and EdDSA using Ed25519.
Sequoia gained a new type for an OpenPGP message as defined in RFC
4880, section 11.3. The previous message type, which was just a
sequence of OpenPGP packets, was renamed to PacketPile to better
reflect its unstructured nature.
Sequoia now supports encrypting and decrypting of PKESKs using RSA and
ECDH/Cv25519. Support for other curves needs a bit more support from
our crypto library.
The openpgp crate can now be built without compression support,
reducing the trusted computing base in case compression is not needed,
and making fuzzing of the openpgp crate easier, as the fuzzer can no
longer generate compression bombs.
Casual fuzzing of the parser revealed all the places where we cut
corners, as well a real bug (index out of bounds) when parsing an MPI
of length 0.