The Sequoia OpenPGP library has been in development for some time. LWN covered the library in 2020. Now the project's command-line interface has been released. The sq tool offers a promising alternative to the venerable GNU Privacy Guard (GPG) tool — albeit one with a different interface, set of terminology, and approach to the web of trust. Several distributions are making increasing use of the tool behind the scenes.

The Sequoia documentation opens with a warning that the tool uses different terminology than existing OpenPGP implementations. This warning is deserved: what other tools call "public keys", Sequoia calls "certificates". It refers to private keys as merely "keys". The documentation justifies the difference by observing that what OpenPGP and related implementations call a "public key" really bundles a lot of unrelated data: user IDs, metadata, preferences, certifications, signatures, and subkeys, as well as the actual key material itself. Sequoia calls OpenPGP public keys "certificates" in order to emphasize that they are really more than just keys.