Lib.rs

Cryptographysequoia
#pgp #sequoia

bin+lib sequoia-policy-config

Configure Sequoia using a configuration file

by Neal H. Walfield. Co-owned by Justus Winter.

8 breaking releases

0.9.0-pqc.1 Nov 12, 2025
0.8.0 Mar 4, 2025
0.7.0 Sep 12, 2024
0.6.0 Mar 6, 2023
0.5.0 Nov 23, 2022

#2164 in Cryptography

Download history 4476/week @ 2025-10-13 4928/week @ 2025-10-20 4280/week @ 2025-10-27 3924/week @ 2025-11-03 5028/week @ 2025-11-10 6802/week @ 2025-11-17 4685/week @ 2025-11-24 5222/week @ 2025-12-01 5010/week @ 2025-12-08 3297/week @ 2025-12-15 3076/week @ 2025-12-22 2946/week @ 2025-12-29 5616/week @ 2026-01-05 6281/week @ 2026-01-12 5256/week @ 2026-01-19 7911/week @ 2026-01-26

25,147 downloads per month
Used in 10 crates (8 directly)

LGPL-2.0-or-later

120KB
1.5K SLoC

A library for reading the configuration of Sequoia's StandardPolicy from a configuration file.

Sequoia's StandardPolicy can be configured using Rust. As with most things, Sequoia's low-level library avoids imposing a policy on users of the library, like where a configuration file should be or even what format it should have. When necessary, it is up to the application to provide an interface, and to configure the policy appropriately.

This library provides a high-level interface that parses a configuration file, and returns a configured StandardPolicy.

See the crate's documentation for a description of the file format.

Quick Start

To add sequoia-policy-config to your crate add the following your crate:

[dependencies]
sequoia-openpgp = { version = "1" }
sequoia-policy-config = { version = "0.6" }

This will use sequoia-openpgp's default cryptographic backend, which is currently Nettle.

To select a different cryptographic backend, such as OpenSSL, you can then do:

cargo build --release --no-default-features --features sequoia-openpgp/crypto-openssl

To use sequoia-policy-config in your crate, it is usually enough to replace the use of StandardPolicy::new with the following::

use sequoia_policy_config::ConfiguredStandardPolicy;

fn main() -> openpgp::Result<()> {
    let mut p = ConfiguredStandardPolicy::new();
    p.from_bytes(b"[hash_algorithms]
        sha1.collision_resistance = \"never\"")?;
    let p = &p.build();

    // ...
    Ok(())
}

Building

This crate is purely a library, so it is not usually built directly. If you do build it (e.g., because you are modifying it), you'll need to select a cryptographic backend. See sequoia-openpgp's README for details.

The short version is:

# Use the Nettle backend:
$ cargo build --release --features sequoia-openpgp/crypto-nettle
$ cargo test --release --features sequoia-openpgp/crypto-nettle

# Use the OpenSSL backend:
$ cargo build --release --features sequoia-openpgp/crypto-openssl
$ cargo test --release --features sequoia-openpgp/crypto-openssl

Dependencies

~17MB
~269K SLoC