Hi Everyone,
I'm pleased to announce that we, the Sequoia PGP team, have released v1.0 of the Octopus. The Octopus is an alternate OpenPGP backend for Thunderbird 78 based on Sequoia PGP.
You can find more details in our blog post and README, which also include installation instructions (for Windows we provide precompiled binaries).
https://sequoia-pgp.org/blog/2021/04/08/202103-a-new-backend-for-thunderbird... https://gitlab.com/sequoia-pgp/sequoia-octopus-librnp
The project was started as a simple Thunderbird-specific drop-in replacement for RNP, which Fedora and RedHat do not want to distribute, because Botan is not one of the cryptographic backends that they support.
https://fedoraproject.org/wiki/Fedora_Crypto_Consolidation
In the end, the project grew to also reintroduce many of the features that we and others miss from Enigmail, in particular, close gpg integration, web of trust support, and background updates. Along the way, we also discovered some security flaws, which we found workarounds for (see below). And Sequoia has several non-functional advantages. These include:
- Features
- Integrates GnuPG's keyring.
- Integrates GnuPG's key validity information ("web of trust")
- Directly talks to gpg agent (no GPGME required).
- Updates certificates in the background using something like parcimonie.
- Rejects weak cryptgraphic primitives.
- Works around a 20 year old security flaw that Thunderbird introduced by rewriting Thunderbird-generated signatures on the fly.
- Non-Functional Advantages
- Unencrypted secret key material is protected in memory (like OpenSSH). This frustrates Heartbleed, Spectre, etc.-style attacks.
- Countermeasures for weakness in SHA-1 collision resistance. (RNP accepts SHA-1 everywhere. In fact, stock RNP accepts MD5!)
- Use of a variant of SHA-1 called SHA-1 collision dection, which is used by github, for instance. - SHA-1 is only accepted in safer contexts. - We've published and committed to a SHA-1 deprecation timeline.
- Signatures include a salt to protect them from some attacks on collision resistance (like OpenSSH).
- Avoids RNP's split brain problem due to its multiple sources of truth.
- Some code (in particular, certificate parsing, which is slow) is multithreaded thanks to Rust's safer concurrency primitives.
- Support for a broad range of OpenPGP certificates.
If you have any questions, feel free to reach out either via email or on our irc channel (Freenode, #sequoia).
:) Neal