Sequoia PGP: A not quite new implementation of OpenPGP

Learn how SequoiaPGP reimagines OpenPGP with mandatory authentication, flexible trust models, and adjustable security levels while maintaining compatibility with existing tools.

Key takeaways
  • SequoiaPGP takes a library-first approach focusing on being clean, safe by default, and UI-independent while supporting multiple threat models from casual users to high-security scenarios

  • Authentication is mandatory in Sequoia, with no concept of a curated keyring. The system uses “shadow CAs” and the Web of Trust model to combine multiple pieces of evidence for key verification

  • Keys.openpgp.org acts as a de facto CA by verifying email addresses, though users can control how much they trust it and scope trust to specific domains

  • The system supports different security levels through a “dial” approach - users can adjust automation vs security based on their threat model, from basic privacy needs to high-security activist scenarios

  • Command line interface (SQ) provides clear guidance and transparency, showing authentication paths and trust levels to help users understand the system’s security decisions

  • Federated CAs offer a middle ground between fully decentralized trust and global CAs, allowing organizations to manage their own trust infrastructure

  • Sequoia maintains compatibility through GPG-SQ, a drop-in replacement for GPG, while adding new security features and improvements

  • The project focuses on making good security practices accessible without forcing users to learn entirely new tools or workflows

  • Authentication is treated as fundamental - the system refuses to encrypt without proper authentication rather than offering insecure fallback options

  • Built with multiple crypto backends (Nettle, OpenSSL, Botan, etc.) and emphasizes safe-by-default interfaces while still allowing advanced usage when needed