Hey folks :)
I'd like to inform you about the recent progress on your favorite OpenPGP implementation. It has been five weeks since my last mail, and there are exciting developments to report.
We now emit a warning if a public interface has no documentation. Even though we tried to document everything in the past, this will keep us on our toes.
Sequoia can now parse Autocrypt headers, and this is exposed in the sq frontend. So if you ever get a mail from someone using Autocrypt, you can get her key using sq:
% sq autocrypt decode -i $(notmuch search --output=files from:look@my.amazin.horse | sort -r | head -n1) -----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBFAB3UABEADCyB/vbIBA3m1BwcyjTieEMLySwYgt54EQ2hglOocdtIhqC+b0 ...
The frontend now emits armored data by default, so that users do not get bothered by binary OpenPGP data in case they forget to redirect the output to a file.
Subpacket handling has been reworked, and there are now convenience functions on the Signature type to add subpackets. The subpackets now use high-level types, e.g. broken down time instead of the OpenPGP wire format.
Our secret key handling has been improved. Notably, we now have a TSK type, and can generate and serialize keys.
We now use a formal grammar to verify the structure of OpenPGP messages and TPKs. Users of the packet parser can at any time verify that the message they are processing in a streaming manner is in fact a prefix of a valid message, and abort processing otherwise. When parsing has concluded, the final result of the verification is presented to the user.
Our C interface has received some attention. We added some missing glue functions, and added examples. In Rust, one can include examples in the documentation that are compiled and executed as tests. This makes sure that examples never bitrot, and one gets a few tests for free. We implemented the same for C examples, and updated and fixed examples that no longer compiled. One example of such an example is this:
https://docs.sequoia-pgp.org/sequoia_ffi/openpgp/fn.sq_armor_writer_new.html
Finally, we added a LICENSE.txt file documenting the fact that Sequoia is GPL3+.
Kai, Neal, and me went to the Delta X gathering in Freiburg. It was a welcome opportunity to discuss Sequoia, OpenPGP, and related topics. We also did a fair amount of hacking, and when the heat got too intense around noon, we cooled down in the Dreisam.
As our first non-trivial consumer we started a proof-of-concept port of delta.chat to Sequoia. Currently, delta.chat uses netpgp, and has only modest demands in terms of OpenPGP-related functionality, making it a good target for porting to validate and improve our C interface. The port can be found here:
https://github.com/teythoon/deltachat-core/tree/sequoia
There was some discussion about what to do with the key server network, because the concern is that the network might go down soon due to either the GDPR, the recent keyserver-fs, or both. The keyserver network is seen as a critical infrastructure for OpenPGP to deliver key updates and revocation certificates, and poor keyserver performance reflects badly on OpenPGP clients. As a result of this discussion, we started implementing a new keyserver on top of Sequoia.
On Saturday there were talks at Freiburg's CCC. Kai presented ideas on defining a subset of OpenPGP, Neal gave a talk introducing Sequoia, and I presented our ideas on how to bring forward secrecy to OpenPGP. Slides (and hopefully soon recordings) can be found at:
https://sequoia-pgp.org/talks/
Finally, Azul helped us get continuous integration testing up and running on Gitlab, this will hopefully help us catch mistakes earlier. Unfortunately, the builds on the servers provided by Gitlab are a bit too slow to integrate it in our everyday workflow, but having a CI system is a great step for our project.
We are going on vacation over the next month or so, so expect things to slow down a bit in August.
That's it for now, thanks for flying with Sequoia :) Justus
On Fri, Jul 27, 2018 at 03:37:40PM +0200, Justus Winter wrote:
As our first non-trivial consumer we started a proof-of-concept port of delta.chat to Sequoia.
Hi,
it would be wonderful if we can have a port in p≡p for iOS.
Yours, VB.
Hi Volker,
On Fri, 27 Jul 2018 16:42:14 +0200, Volker Birk wrote:
On Fri, Jul 27, 2018 at 03:37:40PM +0200, Justus Winter wrote:
As our first non-trivial consumer we started a proof-of-concept port of delta.chat to Sequoia.
Hi,
it would be wonderful if we can have a port in p≡p for iOS.
The port of p≡p to Sequoia is actually already underway, but it was a bit too early to announce :). As Justus said, "delta.chat uses netpgp, and has only modest demands in terms of OpenPGP-related functionality," which made it a better first experiment than p≡p.
:) Neal