Hey folks :)
I'd like to inform you about the recent progress on your favorite
OpenPGP implementation. It has been five weeks since my last mail,
and there are exciting developments to report.
We now emit a warning if a public interface has no documentation.
Even though we tried to document everything in the past, this will
keep us on our toes.
Sequoia can now parse Autocrypt headers, and this is exposed in the sq
frontend. So if you ever get a mail from someone using Autocrypt, you
can get her key using sq:
% sq autocrypt decode -i $(notmuch search --output=files from:look@my.amazin.horse | sort -r | head -n1)
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBFAB3UABEADCyB/vbIBA3m1BwcyjTieEMLySwYgt54EQ2hglOocdtIhqC+b0
...
The frontend now emits armored data by default, so that users do not
get bothered by binary OpenPGP data in case they forget to redirect
the output to a file.
Subpacket handling has been reworked, and there are now convenience
functions on the Signature type to add subpackets. The subpackets now
use high-level types, e.g. broken down time instead of the OpenPGP
wire format.
Our secret key handling has been improved. Notably, we now have a TSK
type, and can generate and serialize keys.
We now use a formal grammar to verify the structure of OpenPGP
messages and TPKs. Users of the packet parser can at any time verify
that the message they are processing in a streaming manner is in fact
a prefix of a valid message, and abort processing otherwise. When
parsing has concluded, the final result of the verification is
presented to the user.
Our C interface has received some attention. We added some missing glue
functions, and added examples. In Rust, one can include examples in the
documentation that are compiled and executed as tests. This makes sure
that examples never bitrot, and one gets a few tests for free. We
implemented the same for C examples, and updated and fixed examples that
no longer compiled. One example of such an example is this:
https://docs.sequoia-pgp.org/sequoia_ffi/openpgp/fn.sq_armor_writer_new.html
Finally, we added a LICENSE.txt file documenting the fact that Sequoia
is GPL3+.
Kai, Neal, and me went to the Delta X gathering in Freiburg. It was a
welcome opportunity to discuss Sequoia, OpenPGP, and related topics.
We also did a fair amount of hacking, and when the heat got too
intense around noon, we cooled down in the Dreisam.
As our first non-trivial consumer we started a proof-of-concept port
of delta.chat to Sequoia. Currently, delta.chat uses netpgp, and has
only modest demands in terms of OpenPGP-related functionality, making
it a good target for porting to validate and improve our C interface.
The port can be found here:
https://github.com/teythoon/deltachat-core/tree/sequoia
There was some discussion about what to do with the key server
network, because the concern is that the network might go down soon
due to either the GDPR, the recent keyserver-fs, or both. The
keyserver network is seen as a critical infrastructure for OpenPGP to
deliver key updates and revocation certificates, and poor keyserver
performance reflects badly on OpenPGP clients. As a result of this
discussion, we started implementing a new keyserver on top of Sequoia.
On Saturday there were talks at Freiburg's CCC. Kai presented ideas
on defining a subset of OpenPGP, Neal gave a talk introducing Sequoia,
and I presented our ideas on how to bring forward secrecy to OpenPGP.
Slides (and hopefully soon recordings) can be found at:
https://sequoia-pgp.org/talks/
Finally, Azul helped us get continuous integration testing up and
running on Gitlab, this will hopefully help us catch mistakes earlier.
Unfortunately, the builds on the servers provided by Gitlab are a bit
too slow to integrate it in our everyday workflow, but having a CI
system is a great step for our project.
We are going on vacation over the next month or so, so expect things
to slow down a bit in August.
That's it for now, thanks for flying with Sequoia :)
Justus