Openpgp-card-sequoia is deprecated in favor of openpgp-card-rpgp

[dvzrv]

Hi! :wave:

I am not a direct user of this project, but noticed that you are using the openpgp-card-sequoia crate. With version 0.2.2 it has been deprecated in favor of openpgp-card-rpgp.

The migration path looks fairly straight forward for your use-case and it looks like users of this project would then be able to rely on an OpenPGP implementation in pure Rust (the openpgp-card-tools project recently also switched to rpgp which allowed dropping many c-bindings and overall led to a smaller binary size) :)

[andrewbaxter]

Oh thanks! I appreciate the notice, there's a lot of libraries to navigate so this really helps. That sounds like a good change.

I didn't realize sequoia (or maybe, a lower level helper crate?) wasn't pure rust... although IIRC there was something about nettle I hit in musl builds, was that it?

I'll need to read up on everything.

[wiktor-k]

I didn't realize sequoia (or maybe, a lower level helper crate?) wasn't pure rust... although IIRC there was something about nettle I hit in musl builds, was that it?

Right, nettle is a native dependency, used by default in Sequoia for cryptography (rpgp uses RustCrypto). Also bzip if compression is enabled (it is by default). Just in case you're interested in fine details here's a discussion on the pureness of two major OpenPGP Rust implementations: https://github.com/rpgp/rpgp/pull/241#discussion_r1212677160

This made it extra hard to build on multiple architectures in pysequoia (PR) and long-term, depending on my time I'd consider switching to rpgp there.

Just my 2 cents. :wave:

[andrewbaxter]

Hey, sorry I'm taking so long to get to this, and thanks again for pinging me.

I guess the unstated implication is that the card stuff can no longer be used by sequoia? It seems like I'll need to replace openpgp-card-sequoia->openpgp-card-rpgp, openpgp-sequoia->rpgp? Like, I was using card.public_key which I think is from a trait in openpgp-card-sequoia for getting a sequoia public key but perhaps obviously isn't present in openpgp-card-rpgp. signer, some other stuff I'm not seeing in openpgp-card-rpgp.

Do you have a cheat sheet for what the conversions are, from when you thought it would be straight forward? I guess I'll need to figure this out eventually but I'm not having an easy time identifying replacements.