Sequoia PGP 1.3 is launched

We’re jubilant to yelp the discharge of model 1.3 of our low-diploma
OpenPGP library. For these of you following along at home, you’re
doubtlessly asking what took situation to 1.2. This past Sunday was as soon as PGP’s 30th
birthday
. To get a superb time three decades of PGP, we’ve made up our minds to skip
1.2 and straight release 1.3.



Sequoia PGP is the most evolved OpenPGP implementation on hand recently.


Phil Zimmermann,

Creator of PGP

30 years is a actually lengthy time for a program. And indeed, recently, the
fashioned PGP implementation isn’t any longer incessantly recognizable
after having changed hands so many occasions. Alternatively, OpenPGP, the
protocol that PGP historical and was as soon as standardized by the IETF first in RFC
1991
in 1996, and up to this point by RFC 2440 and RFC 4880, lives on.
And, it composed has undoubtedly a number of the basic flexible authentication mechanisms
and PKIs. Historically, this has easiest been accessible to evolved
users, but by our work on tools luxuriate in keys.openpgp.org and
OpenPGP CA, we’re beginning to leverage its power to lift solid
and simple-to-exhaust authentication to long-established users. For this motive and
others, Phil Zimmermann, the creator of PGP, has mentioned that “Sequoia
PGP is the most evolved OpenPGP implementation on hand recently.”
We’re proud to get a Champion of Freedom’s endorsement, and ought to composed
proceed to innovate in this home to higher offer protection to the privateness and
security of Web users.

Sequoia 1.3

For the duration of the 1.x release cycle, we’re adding facets, fixing bugs, and
bettering the documentation, whereas maintaining the API proper. Downstream
users ought to composed have the choice to update to model 1.3 with out changing their
code. In December 2020, we commited to offering security fixes for
and declaring the 1.x releases for 1 year. We remain commited to
that promise.

Security Fixes

We’re no longer responsive to any security points in this model of Sequoia.
Alternatively, whereas you are the exhaust of Sequoia with Infuriate, Sequoia’s default
cryptographic backend, please snatch into legend that variations of Infuriate prior
to three.7.3 get a pc virus, which an attacker can exploit to smash Infuriate and
this potential that this intention the exhaust of Sequoia. For more famous facets, please take into legend
CVE-2021-3580 and Infuriate’s release announcement.

Critical Bug Fixes

  • #715: The Dwelling windows CNG backend did no longer clamp Curve25519 secret
    key topic cloth before the exhaust of them. This introduced about decryption failures
    when the exhaust of the keys. In keeping with the celebrated, Curve25519 keys
    ought to composed be clamped, then yet one more time, some OpenPGP implementations did no longer attain
    this. Fairly than power the client to create fresh keys, the Dwelling windows
    CNG backend now merely clamps the keys. This also aligns the
    habits of the CNG backend with the Infuriate backend.
  • #706: Cert::insert_packets ran in quadratic time. We rewrote
    the deduplication code to bustle in O(n log n) time.
  • #699: When CertParser encountered invalid files, it could perchance perchance perchance
    eagerly return the error sooner than returning the already parsed
    certificates. This has been fastened to first return the pending
    certificates and then return the error.

Aspects

Contemporary API

The following fresh choices get been added:

  • CertBuilder::add_subkey_with
  • CertBuilder::add_user_attribute_with
  • CertBuilder::add_userid_with
  • ComponentBundle::attestations
  • Encryptor::with_session_key
  • Signature::verify_user_attribute_attestation
  • Signature::verify_userid_attestation
  • SignatureBuilder::pre_sign
  • SignatureBuilder::set_attested_certifications
  • SignatureType::AttestationKey
  • SubpacketAreas::MAX_SIZE
  • SubpacketAreas::attested_certifications
  • SubpacketTag::AttestedCertifications
  • SubpacketValue::AttestedCertifications
  • UserAttributeAmalgamation::attest_certifications
  • UserIDAmalgamation::attest_certifications
  • ValidUserAttributeAmalgamation::attest_certifications
  • ValidUserAttributeAmalgamation::attestation_key_signatures
  • ValidUserAttributeAmalgamation::attested_certifications
  • ValidUserIDAmalgamation::attest_certifications
  • ValidUserIDAmalgamation::attestation_key_signatures
  • ValidUserIDAmalgamation::attested_certifications

Read More

Share your love