We have just released version 0.19.0 of Sequoia. The release includes
the low-level crate [`sequoia-openpgp`], a program to verify detached
signatures geared towards software distribution systems called
[`sqv`], and a commandline frontend for Sequoia implementing the
[Stateless OpenPGP Command Line Interface] called [`sqop`].
[`sequoia-openpgp`]: https://crates.io/crates/sequoia-openpgp
[`sqv`]: https://crates.io/crates/sequoia-sqv
[`sqop`]: https://crates.io/crates/sequoia-sop
[Stateless OpenPGP Command Line Interface]: https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/
[OpenPGP interoperability test suite]: https://tests.sequoia-pgp.org/
If you use Sequoia, please port your code to the latest version and
report any problems you encounter. Thank you.
# Notable changes
The big new feature is that Sequoia can now be built to use the
[Windows Cryptography API: Next Generation (CNG)] as cryptographic
backend on Windows. This makes it easier to build and distribute
Sequoia for Windows, as building Nettle requires a POSIXly
environment. Furthermore, using CNG reduces your trusted computing
base, and will allow us to use cryptographic key stores like HSMs in
the future.
[Windows Cryptography API: Next Generation (CNG)]: https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal
To select the CNG backend, use `default-features = false`, and
explicitly include the `crypto-cng` feature. Currently, the CNG
backend requires at least Windows 10.
We are in the process of stabilizing the API of the low-level
`sequoia-openpgp` crate. To that end, we're going over our
documentation, writing more documentation and examples, and slightly
amending the API to make it more consistent and easier to use.