After the seven years of development formed the release of the command line sq 1.0 designed to work with artifacts Openpgp. The toolkit was prepared by the project sequoia pgp , also developing a library of functions with the implementation of the standard Openpgp ( RFC-4880 ). Issue 1.0 is noted as the first stable release of the project, meaning stabilization of the code base and the termination of amendments that violate compatibility. The code is written in Rust and is distributed under the license gplv2+.
The tools are included in the Red Hat Enterprise Linux 10 distribution as an alternative to GNUPG, used to work with PGP in the DNF and RPM package managers, and is used by default in the experimental branch of the APT package manager in the system in the system. The keys created by the developers Sequoia hagrid is used in the keys.openpgp.org.
The Sequoia project was created by three GNUPG developers from G10Code, specializing in the audit of cryptosystems and the development of additions to GNUPG. The aim of the project has been stated the processing of architecture and the implementation of new techniques for increasing safety and reliability of the code base. In addition to using the Rust language, to reduce the probability of errors when working with memory, SEQUOIA implements additional protection against errors at the API level. For example, the API does not allow to accidentally export the material of the secret key and insistence from passing important actions when updating the digital signature. For additional isolation, separation is used in individual processes of services working with open and closed keys.
In addition to the functions for encrypting data, working with electronic signatures and key management similar to GPG capabilities, SQs are additionally provided with a decentralized open -key infrastructure ( PKI ). PKI is used for authentication of certificates and messages, and allows you to make sure that the received open key and the received messages are connected with the declared author, and not formed by the attacker.
When loading a certificate with keys.openpgp.org or other keys server, the SQ utility will automatically maintain information about the certificate on the local system and will use this information in subsequent operations to identify fake certificates. It is noted that the implemented system can be used as the basis for building the likeness of a distributed certificate center (CA), covering various keys.