| Website | https://sequoia-pgp.org/ |
Whenever Sequoia does a security sensitive operation, it first consults a policy. A policy says what cryptographic algorithms and constructs are allowed. SHA-1 is disallowed by default, for instance. The policy is first loaded from /etc/crypto-policies/back-ends/sequoia.config , but it can be overridden by the user's configuration file. You can inspect the effective policy using the following command:
$ sq config inspect policy
https://docs.rs/sequoia-policy-config/latest/sequoia_policy_config/
If sq inspect does show enough details, sq packet dump might be what you want. It shows information about each OpenPGP packet. Or with the --hex option, it acts like xxd, and shows every single byte as a hex value, and labels it.
https://sequoia-pgp.gitlab.io/sequoia-sq/man/sq-packet-dump.1.html
There's also an online version of the tool:
https://dump.sequoia-pgp.org/
Do you have some OpenPGP data and are not sure what to make of it? sq inspect can probably help. It's a like file(1), but specialized for OpenPGP data, and a bit more detailed. It's as simple as:
$ sq inspect file.pgp
https://sequoia-pgp.gitlab.io/sequoia-sq/man/sq-inspect.1.html
The next version of sq will include "sq download," which downloads a file, and a signature, and then authenticates the data. This should make verifying downloads a lot easier, as there are fewer commands to run.
