We have just released version 0.19.0 of Sequoia. The release includes the low-level crate [`sequoia-openpgp`], a program to verify detached signatures geared towards software distribution systems called [`sqv`], and a commandline frontend for Sequoia implementing the [Stateless OpenPGP Command Line Interface] called [`sqop`].
[`sequoia-openpgp`]: https://crates.io/crates/sequoia-openpgp [`sqv`]: https://crates.io/crates/sequoia-sqv [`sqop`]: https://crates.io/crates/sequoia-sop [Stateless OpenPGP Command Line Interface]: https://datatracker.ietf.org/doc/draft-dkg-openpgp-stateless-cli/ [OpenPGP interoperability test suite]: https://tests.sequoia-pgp.org/
If you use Sequoia, please port your code to the latest version and report any problems you encounter. Thank you.
# Notable changes
The big new feature is that Sequoia can now be built to use the [Windows Cryptography API: Next Generation (CNG)] as cryptographic backend on Windows. This makes it easier to build and distribute Sequoia for Windows, as building Nettle requires a POSIXly environment. Furthermore, using CNG reduces your trusted computing base, and will allow us to use cryptographic key stores like HSMs in the future.
[Windows Cryptography API: Next Generation (CNG)]: https://docs.microsoft.com/en-us/windows/win32/seccng/cng-portal
To select the CNG backend, use `default-features = false`, and explicitly include the `crypto-cng` feature. Currently, the CNG backend requires at least Windows 10.
We are in the process of stabilizing the API of the low-level `sequoia-openpgp` crate. To that end, we're going over our documentation, writing more documentation and examples, and slightly amending the API to make it more consistent and easier to use.