A new OpenPGP Library

  • Focus on safety and correctness
  • Uses a memory-safe language
  • First-Class Library

Secure and Robust

Sequoia focuses on security and robustness in our choice of tools, our development methodology, and feature set.

Read more.

Easy to Use

A library is only as good as its integration in downstream projects. As such, we made ease of use one of our main goals.

Read more.

Holistic Approach

Improving the security of OpenPGP users requires more than a new implementation. Therefore, we are taking a holistic approach and are improving the ecosystem.

Read more.

Testimonials

  • Sequoia PGP is more than just a reimplementation of an existing tool. The team behind it is rethinking tooling for the broader PGP ecosystem. Their innovative ideas are making PGP easier to use. I can’t wait to see Sequoia PGP be more broadly adopted.

    Phil Zimmermann

    Creator of PGP

  • During the last 3 years the PGP ecosystem got un-stuck, largely thanks to the Sequoia project. They put in the gargantuan effort of re-implementing PGP, but also started re-imagining other tools in the ecosystem, with the same common-sense, practical security approach. This is already making a difference for my team, and those whose security we’re responsible for.

    Michał "rysiek" Woźniak

    Head of Infrastructure and Information Security, OCCRP

  • Sequoia has fundamentally improved my work on the pEp Engine. I love how fast all the tests run on Sequoia. It’s OBSCENE. With the old PGP implementation it would take nearly 2 minutes to run. With Sequoia, running the whole test suite takes less than 2 seconds. I am… not free from symptoms of ADHD. Running all of the tests on Sequoia means that they’re over before I have time to get distracted. That’s a serious improvement.

    Krista Bennett

    Senior Developer, the pEp Engine

News

Thoughts on To Sign or Not to Sign

By Neal H. Walfield on January 12, 2026

39C3, the annual meeting of the Chaos Computer Club (CCC), included a presentation called To sign or not to sign: Practical vulnerabilities in GPG & friends. In their presentation, the security researchers discuss the vulnerabilities that they found in GnuPG, Sequoia, age and minisign. The talk is impressive not the least for the shear number of vulnerabilities (14!) that they found, but also their breadth. They range from buffer overflows, to the use of uninitialized memory, to improper input validation.

In this blog post, I will take a look at the attack that the researchers claim demonstrates a security weakness in Sequoia, and consider its possible impact. In my estimation, this characterization is primarily due to a literal translation of gpg invocations to sq invocations, and the user ignoring sq’s output. As the user is following a recipe, a more realistic analysis should have considered a less naive translation that uses sq’s standard workflows, which would have prevented the attack. That said, the security researchers identify an issue that raises legitimate concerns, and the ecosystem as a whole needs to improve to better protect users.

Continue reading

Post Quantum Cryptography in Sequoia PGP

By Neal H. Walfield on November 15, 2025

Post-quantum cryptography is coming to OpenPGP. Over the past three years, several parties have collaborated on a new specification within the IETF OpenPGP working group. That document, Post-Quantum Cryptography in OpenPGP, is making its final steps towards ratification. During the last year, we’ve implemented the standard in Sequoia, and exposed the functionality in various components. In this blog post, I’ll explain what post-quantum cryptography is, why we’ve implemented it, and how to use it.

Continue reading

Presentations

Sequoia PGP: Following a Moral Imperative

Karakun AG ★ 2023-11-07

Neal makes a call to action: As developers, we have the moral imperative to explain to our clients that they must not violate human rights, in particular the rights to privacy, security, and freedom of expression. Further, we must resist requests to collect unnecessary data, and we must add end-to-end encryption where possible.

He then presents OpenPGP, and in particular Sequoia PGP, as one possible option that developers should consider to help protect users.

Slides Video

Interop Testing v6

IETF 116 ★ 2023-03-29

Justus presents the OpenPGP Interoperability Test Suite with an eye towards testing the upcoming revision of the OpenPGP standard.

Slides Video

Sequoia-PGP, v5 OpenPGP, Authentication, and Debian

Debconf Kosovo 22 ★ 2022-07-18

Justus introduces the Sequoia-PGP project and highlights changes in the upcoming OpenPGP v5. Further, he talks about authentication, and how we can help Debian and the broader FOSS ecosystem secure their communications and software supply chains.

Slides Video

The Future of Sequoia PGP

NLnet Webinar ★ 2021-11-23

Neal introduces the Sequoia project, its past, present, and future. Wiktor talks about TPM support, Lars about making sq better, Justus about our gpg replacement, and Heiko about OpenPGP CA.

Slides Video

A common OpenPGP Interoperability Test Suite

IETF 110 ★ 2021-03-11

Justus briefly introduces the OpenPGP Interoperability Test Suite, and presents notable results.

Slides Video

Sequoia: A New OpenPGP Implementation in Rust

RustFest Rome 2018 ★ 2018-11-24

Neal briefly introduces the Sequoia project, and talks about challenges that we’ve faced using the Rust programming language.

Slides Video

Sequoia: A Cool OpenPGP Library

Delta X Freiburg ★ 2018-07-21

Neal introduces the Sequoia project, its technical and social goals, and its current state.

Slides Video

Moving forward: Forward Secrecy in OpenPGP

Delta X Freiburg ★ 2018-07-21

Justus discusses two approaches how to bring Forward Secrecy to OpenPGP.

Slides Video

Do you want to see more?

There are a number of projects under the Sequoia umbrella.

Projects