About sq and Sequoia PGP

Sequoia PGP is an implementation of the OpenPGP standard written in Rust. It comes in the form of a library that applications can integrate to gain OpenPGP functionality without reinventing the wheel. sq is a command line application built using Sequoia PGP in this way.

sq aims to expose a useful subset of OpenPGP features for common tasks: encryption and decryption, signing and verifying, key and certificate management, certification, and so on.

OpenPGP is a complex and elaborate standard, addressing difficult issues of privacy and authenticity. As such it's not easy to digest, so sq takes an opinionated approach, making OpenPGP accessible and (hopefully) easy to use without sacrificing OpenPGP's goals.

sq aims to be safe by default. That doesn't mean that you can't do stupid or dangerous things with sq, but the easy, default way of using sq is safe.

Sequoia PGP has implemented the OpenPGP standard defined in RFC9580 (published in 2024, also known as v6) since version 2.0.0, which in turn has been used in sq since version 1.3.0.

Design and specialties

sq (and Sequoia PGP for that matter) uses specific terminology when referring to keys (public and private) – please read the chapter 'Getting started' for an overview.

There is no "automatic trust". Having a (secret) key in your key store doesn't imply that you "trust" signatures and certifications issued by that key. There is an extra step necessary, which protects against unwanted consequences of inadvertently imported keys. The same holds true for certificates ('public keys'); sq wants you to be certain when designating a certificate as "trusted".

sq doesn't use keyrings by default; it uses stores. While the key store operates similarly to a keyring, the certificate store is more like a cache. Trust relationships are managed within the PKI, which is a separate entity.

sq tries to minimize user interaction, for instance, in the form of yes/no questions. The design of the user interface aims to make this kind of question superfluous.

sq uses subcommands to structure its interface. It has help-pages for each subcommand in the hierarchy to help with orientation. Alternatively, tab expansion gives you a preview of possible options, and helps to avoid typing long option names or subcommands.

sq is stateful. It updates its stores directly, according to the operations applied to them. While there are ways to avoid these updates and work in a stateless fashion, it's not the default mode of operation. If you are looking for statelessness, have a look at sqop.