suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove Key.prototype.encrypt() and Key.prototype.decrypt() (#1285)

Browse Source 
To encrypt/decrypt a key, the top-level functions `openpgp.encryptKey` and
`openpgp.decryptKey` should be used instead: these don't mutate the key;
instead, they either return a new encrypted/decrypted key object or throw an
error.

With `Key.prototype.encrypt` and `decrypt`, which mutated the key, it was
possible to end up in an inconsistent state if some (sub)keys could be
decrypted but others couldn't, they would both mutate the key and throw an
error, which is unexpected.

Note that the `keyID` parameter is not supported by `encryptKey`/`decryptKey`,
since partial key decryption is not recommended. If you still need to decrypt
a single subkey or primary key `k`, you can call `k.keyPacket.decrypt(...)`,
followed by `k.keyPacket.validate(...)`. Similarly, for encryption, call
`k.keyPacket.encrypt(...)`.

Additionally, `openpgp.generateKey` now requires `options.userIDs` again,
since otherwise the key is basically unusable. This was a regression from v4,
since we now allow parsing keys without user IDs (but still not using them).
This commit is contained in:
larabr 2021-04-23 15:43:38 +02:00 committed by GitHub
parent 39aa742c7a
commit 0654bbe505
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 532 additions and 400 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
README.md
View File

@ -212,8 +212,10 @@ const openpgp = require('openpgp'); // use as CommonJS, AMD, ES6 module or via w
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
passphrase
});
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: 'Hello, World!' }), // input as Message object
@ -255,8 +257,10 @@ Encrypt to multiple public keys:
const publicKeys = await Promise.all(publicKeysArmored.map(armoredKey => openpgp.readKey({ armoredKey })));
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
await privateKey.decrypt(passphrase)
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
passphrase
});
const message = await openpgp.createMessage({ text: message });
const encrypted = await openpgp.encrypt({
@ -282,8 +286,10 @@ If you expect an encrypted message to be signed with one of the public keys you
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
passphrase
});
const encryptedAndSignedMessage = `-----BEGIN PGP MESSAGE-----
...
@ -386,8 +392,10 @@ its [Reader class](https://openpgpjs.org/web-stream-tools/Reader.html).
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
passphrase
});
const readableStream = new openpgp.stream.ReadableStream({
start(controller) {
@ -490,8 +498,10 @@ Using the private key:
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
passphrase
});
const unsignedMessage = await openpgp.createCleartextMessage({ text: 'Hello, World!' });
const cleartextMessage = await openpgp.sign({
@ -530,8 +540,10 @@ Using the private key:
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
passphrase
});
const cleartextMessage = await openpgp.createCleartextMessage({ text: 'Hello, World!' });
const detachedSignature = await openpgp.sign({
@ -577,8 +589,10 @@ Using the private key:
-----END PGP PRIVATE KEY BLOCK-----`; // encrypted private key
const passphrase = `yourPassphrase`; // what the private key is encrypted with
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
passphrase
});
const message = await openpgp.createMessage({ binary: readableStream }); // or createMessage({ text: ReadableStream<String> })
const signatureArmored = await openpgp.sign({

2
openpgp.d.ts vendored
View File

@ -28,8 +28,6 @@ export class Key {
private keyPacket: PublicKeyPacket | SecretKeyPacket;
public write(): Uint8Array;
public armor(config?: Config): string;
public decrypt(passphrase: string | string[], keyID?: KeyID, config?: Config): Promise<void>; // throws on error
public encrypt(passphrase: string | string[], keyID?: KeyID, config?: Config): Promise<void>; // throws on error
public getExpirationTime(capability?: 'encrypt' | 'encrypt_sign' | 'sign', keyID?: KeyID, userID?: UserID, config?: Config): Promise<Date | typeof Infinity | null>; // Returns null if `capabilities` is passed and the key does not have the specified capabilities or is revoked or invalid.
public getKeyIDs(): KeyID[];
public getPrimaryUser(date?: Date, userID?: UserID, config?: Config): Promise<PrimaryUser>; // throws on error

88
src/key/key.js
View File

@ -159,11 +159,29 @@ class Key {
/**
* Clones the key object
* @returns {Promise<Key>} Shallow clone of the key.
* @param {Boolean} [deep=false] Whether to return a deep clone
* @returns {Promise<Key>} Clone of the key.
* @async
*/
async clone() {
return new Key(this.toPacketlist());
async clone(deep = false) {
const key = new Key(this.toPacketlist());
if (deep) {
key.getKeys().forEach(k => {
// shallow clone the key packets
k.keyPacket = Object.create(
Object.getPrototypeOf(k.keyPacket),
Object.getOwnPropertyDescriptors(k.keyPacket)
);
if (!k.keyPacket.isDecrypted()) return;
// deep clone the private params, which are cleared during encryption
const privateParams = {};
Object.keys(k.keyPacket.privateParams).forEach(name => {
privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);
});
k.keyPacket.privateParams = privateParams;
});
}
return key;
}
/**
@ -413,70 +431,6 @@ class Key {
return keys;
}
/**
* Encrypts all secret key and subkey packets matching keyID
* @param {String|Array<String>} passphrases - If multiple passphrases, then should be in same order as packets each should encrypt
* @param {module:type/keyid~KeyID} keyID
* @param {Object} [config] - Full configuration, defaults to openpgp.config
* @throws {Error} if encryption failed for any key or subkey
* @async
*/
async encrypt(passphrases, keyID = null, config = defaultConfig) {
if (!this.isPrivate()) {
throw new Error("Nothing to encrypt in a public key");
}
const keys = this.getKeys(keyID);
passphrases = util.isArray(passphrases) ? passphrases : new Array(keys.length).fill(passphrases);
if (passphrases.length !== keys.length) {
throw new Error("Invalid number of passphrases for key");
}
await Promise.all(keys.map(async function(key, i) {
const { keyPacket } = key;
await keyPacket.encrypt(passphrases[i], config);
keyPacket.clearPrivateParams();
}));
}
/**
* Decrypts all secret key and subkey packets matching keyID
* @param {String|Array<String>} passphrases
* @param {module:type/keyid~KeyID} keyID
* @param {Object} [config] - Full configuration, defaults to openpgp.config
* @throws {Error} if any matching key or subkey packets did not decrypt successfully
* @async
*/
async decrypt(passphrases, keyID = null, config = defaultConfig) {
if (!this.isPrivate()) {
throw new Error("Nothing to decrypt in a public key");
}
passphrases = util.isArray(passphrases) ? passphrases : [passphrases];
await Promise.all(this.getKeys(keyID).map(async function(key) {
let decrypted = false;
let error = null;
await Promise.all(passphrases.map(async function(passphrase) {
try {
await key.keyPacket.decrypt(passphrase);
// If we are decrypting a single key packet, we also validate it directly
if (keyID) await key.keyPacket.validate();
decrypted = true;
} catch (e) {
error = e;
}
}));
if (!decrypted) {
throw error;
}
}));
if (!keyID) {
// The full key should be decrypted and we can validate it all
await this.validate(config);
}
}
/**
* Returns true if the primary key or any subkey is decrypted.
* A dummy key is considered encrypted.

68
src/openpgp.js
View File

@ -33,8 +33,8 @@ import util from './util';
/**
* Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type.
* @param {Object} options
* @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA
* @param {Object|Array<Object>} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`
* @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA
* @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key
* @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys
* @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys:
@ -53,10 +53,13 @@ import util from './util';
export function generateKey({ userIDs = [], passphrase = "", type = "ecc", rsaBits = 4096, curve = "curve25519", keyExpirationTime = 0, date = new Date(), subkeys = [{}], config }) {
config = { ...defaultConfig, ...config };
userIDs = toArray(userIDs);
const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };
if (userIDs.length === 0) {
throw new Error('UserIDs are required for key generation');
}
if (type === "rsa" && rsaBits < config.minRSABits) {
throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);
}
const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };
return generate(options, config).then(async key => {
const revocationCertificate = await key.getRevocationCertificate(date, config);
@ -159,19 +162,22 @@ export function revokeKey({ key, revocationCertificate, reasonForRevocation, con
*/
export async function decryptKey({ privateKey, passphrase, config }) {
config = { ...defaultConfig, ...config };
const key = await privateKey.clone();
// shallow clone is enough since the encrypted material is not changed in place by decryption
key.getKeys().forEach(k => {
k.keyPacket = Object.create(
Object.getPrototypeOf(k.keyPacket),
Object.getOwnPropertyDescriptors(k.keyPacket)
);
});
if (!privateKey.isPrivate()) {
throw new Error("Cannot decrypt a public key");
}
const clonedPrivateKey = await privateKey.clone(true);
try {
await key.decrypt(passphrase, undefined, config);
return key;
const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];
await Promise.all(clonedPrivateKey.getKeys().map(key => (
// try to decrypt each key with any of the given passphrases
util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))
)));
await clonedPrivateKey.validate(config);
return clonedPrivateKey;
} catch (err) {
key.clearPrivateParams();
clonedPrivateKey.clearPrivateParams();
return onError('Error decrypting private key', err);
}
}
@ -188,26 +194,26 @@ export async function decryptKey({ privateKey, passphrase, config }) {
*/
export async function encryptKey({ privateKey, passphrase, config }) {
config = { ...defaultConfig, ...config };
const key = await privateKey.clone();
key.getKeys().forEach(k => {
// shallow clone the key packets
k.keyPacket = Object.create(
Object.getPrototypeOf(k.keyPacket),
Object.getOwnPropertyDescriptors(k.keyPacket)
);
if (!k.keyPacket.isDecrypted()) return;
// deep clone the private params, which are cleared during encryption
const privateParams = {};
Object.keys(k.keyPacket.privateParams).forEach(name => {
privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);
});
k.keyPacket.privateParams = privateParams;
});
if (!privateKey.isPrivate()) {
throw new Error("Cannot encrypt a public key");
}
const clonedPrivateKey = await privateKey.clone(true);
try {
await key.encrypt(passphrase, undefined, config);
return key;
const keys = clonedPrivateKey.getKeys();
const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);
if (passphrases.length !== keys.length) {
throw new Error("Invalid number of passphrases for key");
}
await Promise.all(keys.map(async (key, i) => {
const { keyPacket } = key;
await keyPacket.encrypt(passphrases[i], config);
keyPacket.clearPrivateParams();
}));
return clonedPrivateKey;
} catch (err) {
key.clearPrivateParams();
clonedPrivateKey.clearPrivateParams();
return onError('Error encrypting private key', err);
}
}

3
src/packet/secret_key.js
View File

@ -312,10 +312,11 @@ class SecretKeyPacket extends PublicKeyPacket {
/**
* Decrypts the private key params which are needed to use the key.
* Successful decryption does not imply key integrity, call validate() to confirm that.
* {@link SecretKeyPacket.isDecrypted} should be false, as
* otherwise calls to this function will throw an error.
* @param {String} passphrase - The passphrase for this private key as string
* @throws {Error} if decryption was not successful
* @throws {Error} if the key is already decrypted, or if decryption was not successful
* @async
*/
async decrypt(passphrase) {

6
test/general/brainpool.js
View File

@ -182,10 +182,12 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
if (data[name].priv_key) {
return data[name].priv_key;
}
const pk = await openpgp.readKey({ armoredKey: data[name].priv });
const pk = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: data[name].priv }),
passphrase: data[name].pass
});
expect(pk).to.exist;
expect(pk.getKeyID().toHex()).to.equal(data[name].id);
await pk.decrypt(data[name].pass);
data[name].priv_key = pk;
return pk;
}

6
test/general/ecc_secp256k1.js
View File

@ -150,10 +150,12 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve
if (data[name].priv_key) {
return data[name].priv_key;
}
const pk = await openpgp.readKey({ armoredKey: data[name].priv });
const pk = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: data[name].priv }),
passphrase: data[name].pass
});
expect(pk).to.exist;
expect(pk.getKeyID().toHex()).to.equal(data[name].id);
await pk.decrypt(data[name].pass);
data[name].priv_key = pk;
return pk;
}

286
test/general/key.js
View File

@ -2340,9 +2340,8 @@ function versionSpecificTests() {
it('Reformat key - one signing subkey', function() {
const userID = { name: 'test', email: 'a@b.com' };
const opt = { userIDs: [userID], passphrase: '123', subkeys:[{}, { sign: true }] };
const opt = { userIDs: [userID], subkeys:[{}, { sign: true }] };
return openpgp.generateKey(opt).then(async function({ key }) {
await key.decrypt('123');
return openpgp.reformatKey({ privateKey: key, userIDs: [userID] });
}).then(async function({ privateKeyArmored }) {
const key = await openpgp.readKey({ armoredKey: privateKeyArmored });
@ -2379,20 +2378,27 @@ function versionSpecificTests() {
it('Encrypt key with new passphrase', async function() {
const userID = { name: 'test', email: 'a@b.com' };
const opt = { userIDs: userID, passphrase: 'passphrase' };
const key = (await openpgp.generateKey(opt)).key;
const armor1 = key.armor();
const armor2 = key.armor();
const passphrase = 'passphrase';
const newPassphrase = 'new_passphrase';
const privateKey = (await openpgp.generateKey({ userIDs: userID, passphrase })).key;
const armor1 = privateKey.armor();
const armor2 = privateKey.armor();
expect(armor1).to.equal(armor2);
await key.decrypt('passphrase');
expect(key.isDecrypted()).to.be.true;
await key.encrypt('new_passphrase');
expect(key.isDecrypted()).to.be.false;
await expect(key.decrypt('passphrase')).to.be.rejectedWith('Incorrect key passphrase');
expect(key.isDecrypted()).to.be.false;
await key.decrypt('new_passphrase');
expect(key.isDecrypted()).to.be.true;
const armor3 = key.armor();
const decryptedKey = await openpgp.decryptKey({ privateKey, passphrase });
expect(decryptedKey.isDecrypted()).to.be.true;
const newEncryptedKey = await openpgp.encryptKey({
privateKey: decryptedKey, passphrase: newPassphrase
});
expect(newEncryptedKey.isDecrypted()).to.be.false;
await expect(openpgp.decryptKey({
privateKey: newEncryptedKey, passphrase
})).to.be.rejectedWith('Incorrect key passphrase');
expect(newEncryptedKey.isDecrypted()).to.be.false;
const newDecryptedKey = await openpgp.decryptKey({ privateKey: newEncryptedKey, passphrase: newPassphrase });
expect(newDecryptedKey.isDecrypted()).to.be.true;
const armor3 = newDecryptedKey.armor();
expect(armor3).to.not.equal(armor1);
});
@ -2419,8 +2425,10 @@ function versionSpecificTests() {
it('Sign and verify key - primary user', async function() {
let publicKey = await openpgp.readKey({ armoredKey: pub_sig_test });
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const { minRSABits } = openpgp.config;
openpgp.config.minRSABits = 1024;
@ -2441,9 +2449,11 @@ function versionSpecificTests() {
it('Sign key and verify with wrong key - primary user', async function() {
let publicKey = await openpgp.readKey({ armoredKey: pub_sig_test });
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
const wrongKey = await openpgp.readKey({ armoredKey: wrong_key });
await privateKey.decrypt('hello world');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const { minRSABits } = openpgp.config;
openpgp.config.minRSABits = 1024;
@ -2464,8 +2474,10 @@ function versionSpecificTests() {
it('Sign and verify key - all users', async function() {
let publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const { minRSABits } = openpgp.config;
openpgp.config.minRSABits = 1024;
@ -2494,9 +2506,11 @@ function versionSpecificTests() {
it('Sign key and verify with wrong key - all users', async function() {
let publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const wrongKey = await openpgp.readKey({ armoredKey: wrong_key });
await privateKey.decrypt('hello world');
const { minRSABits } = openpgp.config;
openpgp.config.minRSABits = 1024;
@ -2604,18 +2618,15 @@ function versionSpecificTests() {
const userID2 = { name: 'test2', email: 'b@c.com' };
const userID3 = { name: 'test3', email: 'c@d.com' };
const opt = { userIDs: userID1 };
return openpgp.generateKey(opt).then(function(key) {
key = key.key;
opt.privateKey = key;
opt.userIDs = [userID2, userID3];
opt.passphrase = '123';
return openpgp.reformatKey(opt).then(async function(newKey) {
newKey = newKey.key;
expect(newKey.users.length).to.equal(2);
expect(newKey.users[0].userID.userID).to.equal('test2 <b@c.com>');
expect(newKey.isDecrypted()).to.be.false;
await newKey.decrypt('123');
expect(newKey.isDecrypted()).to.be.true;
return openpgp.generateKey(opt).then(function ({ key }) {
const passphrase = '123';
const reformatOpt = { privateKey: key, userIDs: [userID2, userID3], passphrase };
return openpgp.reformatKey(reformatOpt).then(async ({ key: refKey }) => {
expect(refKey.users.length).to.equal(2);
expect(refKey.users[0].userID.userID).to.equal('test2 <b@c.com>');
expect(refKey.isDecrypted()).to.be.false;
const decryptedKey = await openpgp.decryptKey({ privateKey: refKey, passphrase });
expect(decryptedKey.isDecrypted()).to.be.true;
});
});
});
@ -2664,9 +2675,8 @@ function versionSpecificTests() {
});
it('Revoke generated key with private key', function() {
const opt = { userIDs: { name: 'test', email: 'a@b.com' }, passphrase: '1234' };
const opt = { userIDs: { name: 'test', email: 'a@b.com' } };
return openpgp.generateKey(opt).then(async function(original) {
await original.key.decrypt('1234');
return openpgp.revokeKey({ key: original.key, reasonForRevocation: { string: 'Testing key revocation' } }).then(async function(revKey) {
revKey = revKey.publicKey;
expect(revKey.revocationSignatures[0].reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.noReason);
@ -2926,15 +2936,9 @@ module.exports = () => describe('Key', function() {
expect(encryptExpirationTime).to.equal(Infinity);
});
it("decrypt() - throw if key parameters don't correspond", async function() {
const key = await openpgp.readKey({ armoredKey: mismatchingKeyParams });
await expect(key.decrypt('userpass')).to.be.rejectedWith('Key is invalid');
});
it("decrypt(keyID) - throw if key parameters don't correspond", async function() {
const key = await openpgp.readKey({ armoredKey: mismatchingKeyParams });
const subKeyID = key.subKeys[0].getKeyID();
await expect(key.decrypt('userpass', subKeyID)).to.be.rejectedWith('Key is invalid');
it("decryptKey() - throw if key parameters don't correspond", async function() {
const privateKey = await openpgp.readKey({ armoredKey: mismatchingKeyParams });
await expect(openpgp.decryptKey({ privateKey, passphrase: 'userpass' })).to.be.rejectedWith('Key is invalid');
});
it("validate() - don't throw if key parameters correspond", async function() {
@ -2966,15 +2970,15 @@ module.exports = () => describe('Key', function() {
const passphrase = '12345678';
const { key } = await openpgp.generateKey({ userIDs: {}, curve: 'ed25519', passphrase });
expect(key.isDecrypted()).to.be.false;
await key.decrypt(passphrase, key.subKeys[0].getKeyID());
await key.subKeys[0].keyPacket.decrypt(passphrase);
expect(key.isDecrypted()).to.be.true;
});
it("isDecrypted() - gnu-dummy primary key", async function() {
const key = await openpgp.readKey({ armoredKey: gnuDummyKeySigningSubkey });
expect(key.isDecrypted()).to.be.true;
await key.encrypt('12345678');
expect(key.isDecrypted()).to.be.false;
const encryptedKey = await openpgp.encryptKey({ privateKey: key, passphrase: '12345678' });
expect(encryptedKey.isDecrypted()).to.be.false;
});
it("isDecrypted() - all-gnu-dummy key", async function() {
@ -2994,15 +2998,17 @@ module.exports = () => describe('Key', function() {
const passphrase = 'passphrase';
key.primaryKey.makeDummy();
expect(key.isDecrypted()).to.be.true;
await key.encrypt(passphrase);
expect(key.isDecrypted()).to.be.false;
await key.decrypt(passphrase);
expect(key.isDecrypted()).to.be.true;
const encryptedKey = await openpgp.encryptKey({ privateKey: key, passphrase });
expect(encryptedKey.isDecrypted()).to.be.false;
const decryptedKey = await openpgp.decryptKey({ privateKey: encryptedKey, passphrase });
expect(decryptedKey.isDecrypted()).to.be.true;
});
it('makeDummy() - the converted key is valid but can no longer sign', async function() {
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
await key.decrypt('hello world');
const key = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
expect(key.primaryKey.isDummy()).to.be.false;
key.primaryKey.makeDummy();
expect(key.primaryKey.isDummy()).to.be.true;
@ -3011,8 +3017,10 @@ module.exports = () => describe('Key', function() {
});
it('makeDummy() - subkeys of the converted key can still sign', async function() {
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
await key.decrypt('hello world');
const key = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
expect(key.primaryKey.isDummy()).to.be.false;
key.primaryKey.makeDummy();
expect(key.primaryKey.isDummy()).to.be.true;
@ -3020,33 +3028,39 @@ module.exports = () => describe('Key', function() {
});
it('makeDummy() - should work for encrypted keys', async function() {
const passphrase = 'hello world';
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
expect(key.primaryKey.isDummy()).to.be.false;
expect(key.primaryKey.makeDummy()).to.not.throw;
expect(key.primaryKey.isDummy()).to.be.true;
// dummy primary key should always be marked as not decrypted
await expect(key.decrypt('hello world')).to.be.fulfilled;
expect(key.primaryKey.isDummy()).to.be.true;
expect(key.primaryKey.isEncrypted === null);
expect(key.primaryKey.isDecrypted()).to.be.false;
await expect(key.encrypt('hello world')).to.be.fulfilled;
expect(key.primaryKey.isDummy()).to.be.true;
expect(key.primaryKey.isEncrypted === null);
expect(key.primaryKey.isDecrypted()).to.be.false;
// confirm that the converted key can be parsed
await openpgp.readKey({ armoredKey: key.armor() });
const decryptedKey = await openpgp.decryptKey({ privateKey: key, passphrase });
expect(decryptedKey.primaryKey.isDummy()).to.be.true;
expect(decryptedKey.primaryKey.isEncrypted === null);
expect(decryptedKey.primaryKey.isDecrypted()).to.be.false;
const encryptedKey = await openpgp.encryptKey({ privateKey: decryptedKey, passphrase });
expect(encryptedKey.primaryKey.isDummy()).to.be.true;
expect(encryptedKey.primaryKey.isEncrypted === null);
expect(encryptedKey.primaryKey.isDecrypted()).to.be.false;
// confirm that the converted keys can be parsed
await openpgp.readKey({ armoredKey: encryptedKey.armor() });
await openpgp.readKey({ armoredKey: decryptedKey.armor() });
});
it('clearPrivateParams() - check that private key can no longer be used', async function() {
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
await key.decrypt('hello world');
const key = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
await key.clearPrivateParams();
await expect(key.validate()).to.be.rejectedWith('Key is not decrypted');
});
it('clearPrivateParams() - detect that private key parameters were removed', async function() {
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
await key.decrypt('hello world');
const key = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const signingKeyPacket = key.subKeys[0].keyPacket;
const privateParams = signingKeyPacket.privateParams;
await key.clearPrivateParams();
@ -3058,8 +3072,10 @@ module.exports = () => describe('Key', function() {
});
it('clearPrivateParams() - detect that private key parameters were zeroed out', async function() {
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
await key.decrypt('hello world');
const key = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const signingKeyPacket = key.subKeys[0].keyPacket;
const privateParams = {};
Object.entries(signingKeyPacket.privateParams).forEach(([name, value]) => {
@ -3219,8 +3235,10 @@ module.exports = () => describe('Key', function() {
});
it('revoke() - primary key', async function() {
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
await privKey.decrypt('hello world');
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
await privKey.revoke({
flag: openpgp.enums.reasonForRevocation.keyRetired,
@ -3238,8 +3256,10 @@ module.exports = () => describe('Key', function() {
it('revoke() - subkey', async function() {
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
await privKey.decrypt('hello world');
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
const subKey = pubKey.subKeys[0];
await subKey.revoke(privKey.primaryKey, {
@ -3391,8 +3411,6 @@ VYGdb3eNlV8CfoEC
it('Generate session key - latest created user', async function() {
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
// Set second user to prefer aes128. We should select this user by default, since it was created later.
publicKey.users[1].selfCertifications[0].preferredSymmetricAlgorithms = [openpgp.enums.symmetric.aes128];
const sessionKey = await openpgp.generateSessionKey({ publicKeys: publicKey });
@ -3401,8 +3419,6 @@ VYGdb3eNlV8CfoEC
it('Generate session key - primary user', async function() {
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
// Set first user to primary. We should select this user by default.
publicKey.users[0].selfCertifications[0].isPrimaryUserID = true;
// Set first user to prefer aes128.
@ -3413,8 +3429,10 @@ VYGdb3eNlV8CfoEC
it('Generate session key - specific user', async function() {
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
// Set first user to primary. We won't select this user, this is to test that.
publicKey.users[0].selfCertifications[0].isPrimaryUserID = true;
// Set second user to prefer aes128. We will select this user.
@ -3433,15 +3451,19 @@ VYGdb3eNlV8CfoEC
it('Fails to encrypt to User ID-less key', async function() {
const publicKey = await openpgp.readKey({ armoredKey: uidlessKey });
expect(publicKey.users.length).to.equal(0);
const privateKey = await openpgp.readKey({ armoredKey: uidlessKey });
await privateKey.decrypt('correct horse battery staple');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: uidlessKey }),
passphrase: 'correct horse battery staple'
});
await expect(openpgp.encrypt({ message: await openpgp.createMessage({ text: 'hello' }), publicKeys: publicKey, privateKeys: privateKey, armor: false })).to.be.rejectedWith('Could not find primary user');
});
it('Sign - specific user', async function() {
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const privateKeyClone = await openpgp.readKey({ armoredKey: priv_key_rsa });
// Duplicate user
privateKey.users.push(privateKeyClone.users[0]);
@ -3541,13 +3563,12 @@ VYGdb3eNlV8CfoEC
});
it("Should throw when trying to encrypt a key that's already encrypted", async function() {
await expect((async function() {
const { privateKeyArmored } = await openpgp.generateKey({ userIDs: [{ email: 'hello@user.com' }], passphrase: 'pass' });
const k = await openpgp.readKey({ armoredKey: privateKeyArmored });
await k.decrypt('pass');
await k.encrypt('pass');
await k.encrypt('pass');
})()).to.be.rejectedWith('Key packet is already encrypted');
const passphrase = 'pass';
const { privateKeyArmored } = await openpgp.generateKey({ userIDs: [{ email: 'hello@user.com' }], passphrase });
const key = await openpgp.readKey({ armoredKey: privateKeyArmored });
const decryptedKey = await openpgp.decryptKey({ privateKey: key, passphrase });
const encryptedKey = await openpgp.encryptKey({ privateKey: decryptedKey, passphrase });
await expect(openpgp.encryptKey({ privateKey: encryptedKey, passphrase })).to.be.eventually.rejectedWith(/Key packet is already encrypted/);
});
describe('addSubkey functionality testing', function() {
@ -3563,8 +3584,10 @@ VYGdb3eNlV8CfoEC
});
it('create and add a new rsa subkey to stored rsa key', async function() {
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const total = privateKey.subKeys.length;
let newPrivateKey = await privateKey.addSubkey(rsaOpt);
const armoredKey = newPrivateKey.armor();
@ -3609,22 +3632,31 @@ VYGdb3eNlV8CfoEC
});
it('should throw when trying to encrypt a subkey separately from key', async function() {
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const opt = { rsaBits: rsaBits, passphrase: 'subkey passphrase' };
await expect(privateKey.addSubkey(opt)).to.be.rejectedWith('Subkey could not be encrypted here, please encrypt whole key');
});
it('encrypt and decrypt key with added subkey', async function() {
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const total = privateKey.subKeys.length;
let newPrivateKey = await privateKey.addSubkey(rsaOpt);
newPrivateKey = await openpgp.readKey({ armoredKey: newPrivateKey.armor() });
await newPrivateKey.encrypt('12345678');
const armoredKey = newPrivateKey.armor();
const importedPrivateKey = await openpgp.readKey({ armoredKey: armoredKey });
await importedPrivateKey.decrypt('12345678');
const passphrase = '12345678';
const newPrivateKey = await privateKey.addSubkey(rsaOpt);
const encNewPrivateKey = await openpgp.encryptKey({ privateKey: newPrivateKey, passphrase });
expect(encNewPrivateKey.subKeys.length).to.be.equal(total + 1);
const armoredKey = encNewPrivateKey.armor();
const importedPrivateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey }),
passphrase
});
const subKey = importedPrivateKey.subKeys[total];
expect(subKey).to.exist;
expect(importedPrivateKey.subKeys.length).to.be.equal(total + 1);
@ -3632,6 +3664,7 @@ VYGdb3eNlV8CfoEC
});
it('create and add a new ec subkey to a ec key', async function() {
const passphrase = '12345678';
const userID = { name: 'test', email: 'a@b.com' };
const opt = { curve: 'curve25519', userIDs: [userID], subkeys:[] };
const privateKey = (await openpgp.generateKey(opt)).key;
@ -3639,20 +3672,21 @@ VYGdb3eNlV8CfoEC
const opt2 = { curve: 'curve25519', userIDs: [userID], sign: true };
let newPrivateKey = await privateKey.addSubkey(opt2);
const subKey1 = newPrivateKey.subKeys[total];
await newPrivateKey.encrypt('12345678');
const armoredKey = newPrivateKey.armor();
newPrivateKey = await openpgp.readKey({ armoredKey: armoredKey });
await newPrivateKey.decrypt('12345678');
const subKey = newPrivateKey.subKeys[total];
expect(subKey.isDecrypted()).to.be.true;
expect(subKey1.getKeyID().toHex()).to.be.equal(subKey.getKeyID().toHex());
expect(subKey).to.exist;
const encNewPrivateKey = await openpgp.encryptKey({ privateKey: newPrivateKey, passphrase });
newPrivateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: encNewPrivateKey.armor() }),
passphrase
});
const subKey2 = newPrivateKey.subKeys[total];
expect(subKey2.isDecrypted()).to.be.true;
expect(subKey1.getKeyID().toHex()).to.be.equal(subKey2.getKeyID().toHex());
expect(subKey2).to.exist;
expect(newPrivateKey.subKeys.length).to.be.equal(total + 1);
const subkeyOid = subKey.keyPacket.publicParams.oid;
const subkeyOid = subKey2.keyPacket.publicParams.oid;
const pkOid = privateKey.primaryKey.publicParams.oid;
expect(subkeyOid.getName()).to.be.equal(pkOid.getName());
expect(subKey.getAlgorithmInfo().algorithm).to.be.equal('eddsa');
await subKey.verify(privateKey.primaryKey);
expect(subKey2.getAlgorithmInfo().algorithm).to.be.equal('eddsa');
await subKey2.verify(privateKey.primaryKey);
});
it('create and add a new ecdsa subkey to a eddsa key', async function() {
@ -3674,8 +3708,10 @@ VYGdb3eNlV8CfoEC
});
it('create and add a new ecc subkey to a rsa key', async function() {
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const total = privateKey.subKeys.length;
const opt2 = { type: 'ecc', curve: 'curve25519' };
let newPrivateKey = await privateKey.addSubkey(opt2);
@ -3769,8 +3805,10 @@ VYGdb3eNlV8CfoEC
});
it('sign/verify data with the new subkey correctly using rsa', async function() {
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const total = privateKey.subKeys.length;
const opt2 = { sign: true, rsaBits: rsaBits };
let newPrivateKey = await privateKey.addSubkey(opt2);
@ -3790,8 +3828,10 @@ VYGdb3eNlV8CfoEC
});
it('encrypt/decrypt data with the new subkey correctly using rsa', async function() {
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
await privateKey.decrypt('hello world');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
passphrase: 'hello world'
});
const total = privateKey.subKeys.length;
let newPrivateKey = await privateKey.addSubkey(rsaOpt);
const armoredKey = newPrivateKey.armor();

206
test/general/openpgp.js
View File

@ -363,7 +363,7 @@ bpOWdMhJ6Hy+JzGNY1qNXcHJPw==
=99Fs
-----END PGP MESSAGE-----`;
const ecdh_dec_key_2 = `-----BEGIN PGP PRIVATE KEY BLOCK-----
const ecdh_dec_key2 = `-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: OpenPGP.js v4.4.9
Comment: https://openpgpjs.org
@ -795,6 +795,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
expect(newKey.publicKeyArmored).to.exist;
});
});
it('should throw if missing userIDs', async function() {
expect(() => openpgp.generateKey({})).to.throw(/UserIDs are required/);
});
});
describe('generateKey - integration tests', function() {
@ -831,6 +835,25 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
});
});
it('should work with multiple passphrases', async function() {
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
const originalKey = await openpgp.readKey({ armoredKey: privateKey.armor() });
return openpgp.decryptKey({
privateKey: privateKey,
passphrase: ['rubbish', passphrase]
}).then(function(unlocked){
expect(unlocked.getKeyID().toHex()).to.equal(privateKey.getKeyID().toHex());
expect(unlocked.subKeys[0].getKeyID().toHex()).to.equal(privateKey.subKeys[0].getKeyID().toHex());
expect(unlocked.isDecrypted()).to.be.true;
expect(unlocked.keyPacket.privateParams).to.not.be.null;
// original key should be unchanged
expect(privateKey.isDecrypted()).to.be.false;
expect(privateKey.keyPacket.privateParams).to.be.null;
originalKey.subKeys[0].getKeyID(); // fill in keyID
expect(privateKey).to.deep.equal(originalKey);
});
});
it('should fail for incorrect passphrase', async function() {
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
const originalKey = await openpgp.readKey({ armoredKey: privateKey.armor() });
@ -953,8 +976,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('decrypt/verify should succeed with valid signature (expectSigned=true)', async function () {
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: plaintext }),
@ -973,8 +998,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('decrypt/verify should throw on missing public keys (expectSigned=true)', async function () {
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: plaintext }),
@ -990,8 +1017,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('decrypt/verify should throw on missing signature (expectSigned=true)', async function () {
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: plaintext }),
@ -1007,9 +1036,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('decrypt/verify should throw on invalid signature (expectSigned=true)', async function () {
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: plaintext }),
@ -1026,8 +1057,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('decrypt/verify should succeed with valid signature (expectSigned=true, with streaming)', async function () {
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: plaintext }),
@ -1047,8 +1080,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('decrypt/verify should throw on missing public keys (expectSigned=true, with streaming)', async function () {
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: plaintext }),
@ -1064,8 +1099,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('decrypt/verify should throw on missing signature (expectSigned=true, with streaming)', async function () {
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: plaintext }),
@ -1081,9 +1118,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('decrypt/verify should throw on invalid signature (expectSigned=true, with streaming)', async function () {
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: plaintext }),
@ -1133,8 +1172,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('verify should succeed with valid signature (expectSigned=true)', async function () {
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const signed = await openpgp.sign({
message: await createMessage({ text }),
@ -1151,8 +1192,6 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('verify should throw on missing signature (expectSigned=true)', async function () {
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
await privateKey.decrypt(passphrase);
await expect(openpgp.verify({
message: await createMessage({ text }),
@ -1162,9 +1201,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
});
it('verify should throw on invalid signature (expectSigned=true)', async function () {
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const signed = await openpgp.sign({
message: await createMessage({ text }),
@ -1181,8 +1222,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const signed = await openpgp.sign({
message: await createMessage({ text }),
@ -1202,8 +1245,6 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
await privateKey.decrypt(passphrase);
await expect(openpgp.verify({
message: await createMessage({ text: openpgp.stream.toStream(text) }),
@ -1215,9 +1256,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('verify should throw on invalid signature (expectSigned=true, with streaming)', async function () {
if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
await privateKey.decrypt(passphrase);
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase
});
const signed = await openpgp.sign({
message: await createMessage({ text }),
@ -1304,14 +1347,17 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
}
});
it('Decrypting key with wrong passphrase rejected', async function () {
await expect(privateKey.decrypt('wrong passphrase')).to.eventually.be.rejectedWith('Incorrect key passphrase');
it('Decrypting key with wrong passphrase should be rejected', async function () {
await expect(openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase: 'wrong passphrase'
})).to.eventually.be.rejectedWith('Incorrect key passphrase');
});
it('Can decrypt key with correct passphrase', async function () {
expect(privateKey.isDecrypted()).to.be.false;
await privateKey.decrypt(passphrase);
expect(privateKey.isDecrypted()).to.be.true;
const decryptedKey = await openpgp.decryptKey({ privateKey, passphrase });
expect(decryptedKey.isDecrypted()).to.be.true;
});
it('Calling decrypt with not decrypted key leads to exception', async function() {
@ -1378,11 +1424,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
describe('encryptSessionKey, decryptSessionKeys', function() {
const sk = new Uint8Array([0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01]);
let decryptedPrivateKey;
let decryptedPrivateKey; // to avoid decrypting key before each test
beforeEach(async function() {
if (!decryptedPrivateKey) {
await privateKey.decrypt(passphrase);
decryptedPrivateKey = privateKey;
decryptedPrivateKey = await openpgp.decryptKey({ privateKey, passphrase });
}
privateKey = decryptedPrivateKey;
});
@ -1538,11 +1583,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
'=6XMW\r\n' +
'-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n';
let decryptedPrivateKey;
let decryptedPrivateKey; // to avoid decrypting key before each test
beforeEach(async function() {
if (!decryptedPrivateKey) {
await privateKey.decrypt(passphrase);
decryptedPrivateKey = privateKey;
decryptedPrivateKey = await openpgp.decryptKey({ privateKey, passphrase });
}
privateKey = decryptedPrivateKey;
});
@ -1567,8 +1611,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
});
it('should encrypt then decrypt with multiple private keys', async function () {
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
await privKeyDE.decrypt(passphrase);
const privKeyDE = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
passphrase
});
const encOpt = {
message: await openpgp.createMessage({ text: plaintext }),
@ -1609,8 +1655,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
});
it('should encrypt then decrypt with wildcard with multiple private keys', async function () {
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
await privKeyDE.decrypt(passphrase);
const privKeyDE = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
passphrase
});
const encOpt = {
message: await openpgp.createMessage({ text: plaintext }),
@ -1880,8 +1928,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
const plaintext = " \t┍ͤ޵၂༫዇◧˘˻ᙑ᎚⏴ំந⛑nٓኵΉⅶ⋋ŵ⋲΂ͽᣏ₅ᄶɼ┋⌔û᬴Ƚᔡᧅ≃ṱἆ⃷݂૿ӌ᰹෇ٹჵ⛇໶⛌ \t\n한국어/조선말";
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
await privKeyDE.decrypt(passphrase);
const privKeyDE = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
passphrase
});
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
@ -2055,8 +2105,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
try {
openpgp.config.rejectPublicKeyAlgorithms = new Set();
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
await privKeyDE.decrypt(passphrase);
const privKeyDE = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
passphrase
});
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
@ -2163,8 +2215,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
openpgp.config.rejectPublicKeyAlgorithms = new Set();
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
await privKeyDE.decrypt(passphrase);
const privKeyDE = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
passphrase
});
pubKeyDE.users[0].selfCertifications[0].features = [7]; // Monkey-patch AEAD feature flag
await openpgp.encrypt({
publicKeys: pubKeyDE,
@ -2245,8 +2299,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
].join('\n');
it('Decrypt message', async function() {
const privKey = await openpgp.readKey({ armoredKey: priv_key });
await privKey.decrypt('1234');
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase: '1234'
});
const message = await openpgp.readMessage({ armoredMessage: pgp_msg });
return openpgp.decrypt({ privateKeys:privKey, message:message }).then(function(decrypted) {
@ -2399,11 +2455,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
'=6XMW\r\n' +
'-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n';
let decryptedPrivateKey;
let decryptedPrivateKey; // to avoid decrypting key before each test
beforeEach(async function() {
if (!decryptedPrivateKey) {
await privateKey.decrypt(passphrase);
decryptedPrivateKey = privateKey;
decryptedPrivateKey = await openpgp.decryptKey({ privateKey, passphrase });
}
privateKey = decryptedPrivateKey;
});
@ -2435,8 +2490,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
try {
openpgp.config.rejectPublicKeyAlgorithms = new Set();
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
await privKeyDE.decrypt(passphrase);
const privKeyDE = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
passphrase
});
const message = await openpgp.createCleartextMessage({ text: plaintext });
const signOpt = {
@ -2868,8 +2925,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('should fail to encrypt with revoked subkey', async function() {
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
await privKeyDE.decrypt(passphrase);
const privKeyDE = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
passphrase
});
return privKeyDE.subKeys[0].revoke(privKeyDE.primaryKey).then(async function(revSubKey) {
pubKeyDE.subKeys[0] = revSubKey;
return openpgp.encrypt({
@ -2886,8 +2945,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
it('should decrypt with revoked subkey', async function() {
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
await privKeyDE.decrypt(passphrase);
const privKeyDE = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
passphrase
});
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: plaintext }),
publicKeys: pubKeyDE,
@ -2908,8 +2969,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
// corrupt the public key params
privKeyDE.subKeys[0].keyPacket.publicParams.p[0]++;
// validation will not check the decryption subkey and will succeed
await privKeyDE.decrypt(passphrase);
// validation will check the primary key -- not the decryption subkey -- and will succeed (for now)
const decryptedKeyDE = await openpgp.decryptKey({
privateKey: privKeyDE,
passphrase
});
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: plaintext }),
publicKeys: pubKeyDE,
@ -2917,7 +2981,7 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
});
const decOpt = {
message: await openpgp.readMessage({ armoredMessage: encrypted }),
privateKeys: privKeyDE
privateKeys: decryptedKeyDE
};
// binding signature is invalid
await expect(openpgp.decrypt(decOpt)).to.be.rejectedWith(/Session key decryption failed/);
@ -2989,18 +3053,22 @@ J9I8AcH94nE77JUtCm7s1kOlo0EIshZsAqJwGveDGdAuabfViVwVxG4I24M6
});
it('should decrypt broken ECC message from old OpenPGP.js', async function() {
const key = await openpgp.readKey({ armoredKey: ecdh_dec_key });
const key = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: ecdh_dec_key }),
passphrase: '12345'
});
const message = await openpgp.readMessage({ armoredMessage: ecdh_msg_bad });
await key.decrypt('12345');
const decrypted = await openpgp.decrypt({ message, privateKeys: [key] });
const decrypted = await openpgp.decrypt({ message, privateKeys: key });
expect(decrypted.data).to.equal('\n');
});
it('should decrypt broken ECC message from old go crypto', async function() {
const key = await openpgp.readKey({ armoredKey: ecdh_dec_key_2 });
const key = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: ecdh_dec_key2 }),
passphrase: '12345'
});
const message = await openpgp.readMessage({ armoredMessage: ecdh_msg_bad_2 });
await key.decrypt('12345');
const decrypted = await openpgp.decrypt({ message, privateKeys: [key] });
const decrypted = await openpgp.decrypt({ message, privateKeys: key });
expect(decrypted.data).to.equal('Tesssst<br><br><br>Sent from ProtonMail mobile<br><br><br>');
});

10
test/general/packet.js
View File

@ -684,15 +684,15 @@ module.exports = () => describe("Packet", function() {
'=pR+C\n' +
'-----END PGP MESSAGE-----';
let key = new openpgp.PacketList();
await key.read((await openpgp.unarmor(armored_key)).data, allAllowedPackets);
key = key[3];
await key.decrypt('test');
const keyPackets = new openpgp.PacketList();
await keyPackets.read((await openpgp.unarmor(armored_key)).data, allAllowedPackets);
const keyPacket = keyPackets[3];
await keyPacket.decrypt('test');
const msg = new openpgp.PacketList();
await msg.read((await openpgp.unarmor(armored_msg)).data, allAllowedPackets);
return msg[0].decrypt(key).then(async () => {
return msg[0].decrypt(keyPacket).then(async () => {
await msg[1].decrypt(msg[0].sessionKeyAlgorithm, msg[0].sessionKey);
const text = await stringify(msg[1].packets[0].packets[0].data);

161
test/general/signature.js
View File

@ -847,58 +847,65 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
`;
it('Testing signature checking on CAST5-enciphered message', async function() {
const priv_key = await openpgp.readKey({ armoredKey: priv_key_arm1 });
const pub_key = await openpgp.readKey({ armoredKey: pub_key_arm1 });
const msg = await openpgp.readMessage({ armoredMessage: msg_arm1 });
await priv_key.decrypt("abcd");
const publicKey = await openpgp.readKey({ armoredKey: pub_key_arm1 });
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm1 }),
passphrase: 'abcd'
});
const message = await openpgp.readMessage({ armoredMessage: msg_arm1 });
const config = {
rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]),
rejectPublicKeyAlgorithms: new Set()
};
const decrypted = await openpgp.decrypt({ privateKeys: priv_key, publicKeys:[pub_key], message:msg, config });
const decrypted = await openpgp.decrypt({ privateKeys: privateKey, publicKeys: publicKey, message, config });
expect(decrypted.data).to.exist;
expect(decrypted.signatures[0].valid).to.be.true;
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
});
it('Supports decrypting with GnuPG stripped-key extension', async function() {
it('Supports decrypting with GnuPG dummy key', async function() {
const { rejectMessageHashAlgorithms } = openpgp.config;
Object.assign(openpgp.config, { rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]) });
try {
const passphrase = 'abcd';
// exercises the GnuPG s2k type 1001 extension:
// the secrets on the primary key have been stripped.
const priv_key_gnupg_ext = await openpgp.readKey({ armoredKey: priv_key_arm1_stripped });
const priv_key_gnupg_ext_2 = await openpgp.readKey({ armoredKey: priv_key_arm1_stripped });
const pub_key = await openpgp.readKey({ armoredKey: pub_key_arm1 });
const dummyKey = await openpgp.readKey({ armoredKey: priv_key_arm1_stripped });
const publicKey = await openpgp.readKey({ armoredKey: pub_key_arm1 });
const message = await openpgp.readMessage({ armoredMessage: msg_arm1 });
const primaryKey_packet = priv_key_gnupg_ext.primaryKey.write();
expect(priv_key_gnupg_ext.isDecrypted()).to.be.false;
await priv_key_gnupg_ext.decrypt("abcd");
await priv_key_gnupg_ext_2.decrypt("abcd");
expect(priv_key_gnupg_ext.isDecrypted()).to.be.true;
const msg = await openpgp.decrypt({ message, privateKeys: [priv_key_gnupg_ext], publicKeys: [pub_key], config: { rejectPublicKeyAlgorithms: new Set() } });
const primaryKeyPacket = dummyKey.primaryKey.write();
expect(dummyKey.isDecrypted()).to.be.false;
const decryptedDummyKey = await openpgp.decryptKey({ privateKey: dummyKey, passphrase });
expect(decryptedDummyKey.isDecrypted()).to.be.true;
// decrypting with a secret subkey works
const msg = await openpgp.decrypt({ message, privateKeys: decryptedDummyKey, publicKeys: publicKey, config: { rejectPublicKeyAlgorithms: new Set() } });
expect(msg.signatures).to.exist;
expect(msg.signatures).to.have.length(1);
expect(msg.signatures[0].valid).to.be.true;
expect(msg.signatures[0].signature.packets.length).to.equal(1);
// secret key operations involving the primary key should fail
await expect(openpgp.sign({
message: await openpgp.createMessage({ text: 'test' }), privateKeys: [priv_key_gnupg_ext], config: { rejectPublicKeyAlgorithms: new Set() }
message: await openpgp.createMessage({ text: 'test' }), privateKeys: decryptedDummyKey, config: { rejectPublicKeyAlgorithms: new Set() }
})).to.eventually.be.rejectedWith(/Cannot sign with a gnu-dummy key/);
await expect(openpgp.reformatKey({ userIDs: { name: 'test' }, privateKey: priv_key_gnupg_ext })).to.eventually.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/);
await expect(openpgp.reformatKey({ userIDs: { name: 'test' }, privateKey: priv_key_gnupg_ext_2, passphrase: 'test' })).to.eventually.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/);
await priv_key_gnupg_ext.encrypt("abcd");
expect(priv_key_gnupg_ext.isDecrypted()).to.be.false;
const primaryKey_packet2 = priv_key_gnupg_ext.primaryKey.write();
expect(primaryKey_packet).to.deep.equal(primaryKey_packet2);
await expect(
openpgp.reformatKey({ userIDs: { name: 'test' }, privateKey: decryptedDummyKey })
).to.eventually.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/);
const encryptedDummyKey = await openpgp.encryptKey({ privateKey: decryptedDummyKey, passphrase });
expect(encryptedDummyKey.isDecrypted()).to.be.false;
const primaryKeyPacket2 = encryptedDummyKey.primaryKey.write();
expect(primaryKeyPacket).to.deep.equal(primaryKeyPacket2);
} finally {
Object.assign(openpgp.config, { rejectMessageHashAlgorithms });
}
});
it('Supports signing with GnuPG stripped-key extension', async function() {
const priv_key_gnupg_ext = await openpgp.readKey({ armoredKey: flowcrypt_stripped_key });
await priv_key_gnupg_ext.decrypt('FlowCrypt');
const sig = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), privateKeys: [priv_key_gnupg_ext], date: new Date('2018-12-17T03:24:00') });
it('Supports signing with GnuPG dummy key', async function() {
const dummyKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: flowcrypt_stripped_key }),
passphrase: 'FlowCrypt'
});
const sig = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), privateKeys: dummyKey, date: new Date('2018-12-17T03:24:00') });
expect(sig).to.match(/-----END PGP MESSAGE-----\n$/);
});
@ -967,13 +974,16 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
'-----END PGP MESSAGE-----'].join('\n');
const plaintext = 'short message\nnext line\n한국어/조선말';
const esMsg = await openpgp.readMessage({ armoredMessage: msg_armor });
const message = await openpgp.readMessage({ armoredMessage: msg_armor });
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
await Promise.all(esMsg.getEncryptionKeyIDs().map(keyID => privKey.decrypt('hello world', keyID)));
return openpgp.decrypt({ privateKeys: privKey, publicKeys:[pubKey], message:esMsg, config: { minRSABits: 1024 } }).then(function(decrypted) {
return openpgp.decrypt({
privateKeys: privKey, publicKeys: pubKey , message, config: { minRSABits: 1024 }
}).then(decrypted => {
expect(decrypted.data).to.exist;
expect(decrypted.data).to.equal(plaintext);
expect(decrypted.signatures).to.have.length(1);
@ -1318,11 +1328,13 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures', async function() {
const plaintext = 'short message\nnext line \n한국어/조선말';
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
await privKey.decrypt('hello world');
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async function(signed) {
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
return openpgp.verify({ publicKeys:[pubKey], message, config });
@ -1338,14 +1350,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures -- escape armored message', async function() {
const plaintext = pub_key_arm2;
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
await privKey.decrypt('hello world');
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async function(signed) {
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
return openpgp.verify({ publicKeys:[pubKey], message, config });
return openpgp.verify({ publicKeys: pubKey, message, config });
}).then(function({ data, signatures }) {
expect(data).to.equal(plaintext);
@ -1358,14 +1372,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures -- trailing spaces', async function() {
const plaintext = 'space: \nspace and tab: \t\nno trailing space\n \ntab:\t\ntab and space:\t ';
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
await privKey.decrypt('hello world');
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async function(signed) {
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
return openpgp.verify({ publicKeys:[pubKey], message, config });
return openpgp.verify({ publicKeys: pubKey, message, config });
}).then(function({ data, signatures }) {
expect(data).to.equal(plaintext.replace(/[ \t]+$/mg, ''));
@ -1378,14 +1394,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same bytes cleartext and valid signatures - armored', async function() {
const plaintext = util.stringToUint8Array('short message\nnext line \n한국어/조선말');
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
await privKey.decrypt('hello world');
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ binary: plaintext }), config }).then(async function(signed) {
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ binary: plaintext }), config }).then(async signed => {
const message = await openpgp.readMessage({ armoredMessage: signed });
return openpgp.verify({ publicKeys:[pubKey], message, format: 'binary', config });
return openpgp.verify({ publicKeys: pubKey, message, format: 'binary', config });
}).then(function({ data, signatures }) {
expect(data).to.deep.equal(plaintext);
@ -1398,14 +1416,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same bytes cleartext and valid signatures - not armored', async function() {
const plaintext = util.stringToUint8Array('short message\nnext line \n한국어/조선말');
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
await privKey.decrypt('hello world');
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ binary: plaintext }), armor:false, config }).then(async function(signed) {
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ binary: plaintext }), armor: false, config }).then(async signed => {
const message = await openpgp.readMessage({ binaryMessage: signed });
return openpgp.verify({ publicKeys:[pubKey], message, format: 'binary', config });
return openpgp.verify({ publicKeys: pubKey, message, format: 'binary', config });
}).then(function({ data, signatures }) {
expect(data).to.deep.equal(plaintext);
@ -1418,13 +1438,15 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
it('Should verify cleartext message correctly when using a detached cleartext signature and binary literal data', async function () {
const plaintext = 'short message\nnext line \n한국어/조선말';
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
await privKey.decrypt('hello world');
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async function(armoredSignature) {
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => {
const signature = await openpgp.readSignature({ armoredSignature });
return openpgp.verify({ publicKeys:[pubKey], message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), signature, config });
return openpgp.verify({ publicKeys: pubKey, message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), signature, config });
}).then(function({ data, signatures }) {
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(1);
@ -1437,13 +1459,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const plaintext = 'short message\nnext line \n한국어/조선말';
const binaryPlaintext = util.encodeUTF8(plaintext);
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
await privKey.decrypt('hello world');
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys:[privKey], message:await openpgp.createMessage({ binary: binaryPlaintext }), detached: true, config }).then(async function(armoredSignature) {
return openpgp.sign({ privateKeys: privKey, message:await openpgp.createMessage({ binary: binaryPlaintext }), detached: true, config }).then(async armoredSignature => {
const signature = await openpgp.readSignature({ armoredSignature });
return openpgp.verify({ publicKeys:[pubKey], message: await openpgp.createMessage({ text: plaintext }), signature, config });
return openpgp.verify({ publicKeys: pubKey, message: await openpgp.createMessage({ text: plaintext }), signature, config });
}).then(function({ data, signatures }) {
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(1);
@ -1455,11 +1480,13 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
it('Should verify encrypted cleartext message correctly when encrypting binary literal data with a canonical text signature', async function () {
const plaintext = 'short message\nnext line \n한국어/조선말';
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
await privKey.decrypt('hello world');
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async function(armoredSignature) {
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => {
const signature = await openpgp.readSignature({ armoredSignature });
return openpgp.encrypt({ message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), publicKeys: [pubKey], signature, config });
@ -1590,15 +1617,17 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
it('Detached signature signing and verification', async function() {
const message = await openpgp.createMessage({ text: 'hello' });
const pubKey2 = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey2 = await openpgp.readKey({ armoredKey: priv_key_arm2 });
await privKey2.decrypt('hello world');
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
passphrase: 'hello world'
});
const opt = { rsaBits: 2048, userIDs: { name:'test', email:'a@b.com' }, passphrase: null };
const { key: generatedKey } = await openpgp.generateKey(opt);
const armoredSignature = await openpgp.sign({ privateKeys:[generatedKey, privKey2], message, detached: true, config: { minRSABits: 1024 } });
const armoredSignature = await openpgp.sign({ privateKeys: [generatedKey, privKey], message, detached: true, config: { minRSABits: 1024 } });
const signature = await openpgp.readSignature({ armoredSignature });
const { data, signatures } = await openpgp.verify({ publicKeys:[generatedKey.toPublic(), pubKey2], message, signature, config: { minRSABits: 1024 } });
const { data, signatures } = await openpgp.verify({ publicKeys: [generatedKey.toPublic(), pubKey], message, signature, config: { minRSABits: 1024 } });
expect(data).to.equal('hello');
expect(await signatures[0].verified).to.be.true;
expect(await signatures[1].verified).to.be.true;

36
test/general/streaming.js
View File

@ -84,8 +84,6 @@ const priv_key = [
'-----END PGP PRIVATE KEY BLOCK-----'
].join('\n');
const passphrase = 'hello world';
const brainpoolPub = [
'-----BEGIN PGP PUBLIC KEY BLOCK-----',
'',
@ -344,9 +342,12 @@ function tests() {
it('Encrypt and decrypt larger message roundtrip using curve x25519 (allowUnauthenticatedStream=true)', async function() {
const allowUnauthenticatedStreamValue = openpgp.config.allowUnauthenticatedStream;
openpgp.config.allowUnauthenticatedStream = true;
const priv = await openpgp.readKey({ armoredKey: xPriv });
const pub = await openpgp.readKey({ armoredKey: xPub });
await priv.decrypt(xPass);
const priv = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: xPriv }),
passphrase: xPass
});
try {
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ binary: data }),
@ -376,9 +377,12 @@ function tests() {
it('Encrypt and decrypt larger message roundtrip using curve brainpool (allowUnauthenticatedStream=true)', async function() {
const allowUnauthenticatedStreamValue = openpgp.config.allowUnauthenticatedStream;
openpgp.config.allowUnauthenticatedStream = true;
const priv = await openpgp.readKey({ armoredKey: brainpoolPriv });
const pub = await openpgp.readKey({ armoredKey: brainpoolPub });
await priv.decrypt(brainpoolPass);
const priv = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: brainpoolPriv }),
passphrase: brainpoolPass
});
try {
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ binary: data }),
@ -698,9 +702,12 @@ function tests() {
this.push(null);
}
});
const priv = await openpgp.readKey({ armoredKey: brainpoolPriv });
const pub = await openpgp.readKey({ armoredKey: brainpoolPub });
await priv.decrypt(brainpoolPass);
const priv = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: brainpoolPriv }),
passphrase: brainpoolPass
});
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: priv,
@ -734,9 +741,12 @@ function tests() {
this.push(null);
}
});
const priv = await openpgp.readKey({ armoredKey: xPriv });
const pub = await openpgp.readKey({ armoredKey: xPub });
await priv.decrypt(xPass);
const priv = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: xPriv }),
passphrase: xPass
});
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: priv,
@ -937,8 +947,10 @@ module.exports = () => describe('Streaming', function() {
before(async function() {
pubKey = await openpgp.readKey({ armoredKey: pub_key });
privKey = await openpgp.readKey({ armoredKey: priv_key });
await privKey.decrypt(passphrase);
privKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
passphrase: 'hello world'
});
});
beforeEach(function() {

6
test/general/x25519.js
View File

@ -137,10 +137,12 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr
if (data[name].priv_key) {
return data[name].priv_key;
}
const pk = await openpgp.readKey({ armoredKey: data[name].priv });
const pk = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: data[name].priv }),
passphrase: data[name].pass
});
expect(pk).to.exist;
expect(pk.getKeyID().toHex()).to.equal(data[name].id);
await pk.decrypt(data[name].pass);
data[name].priv_key = pk;
return pk;
}

12
test/worker/worker_example.js
View File

@ -45,8 +45,10 @@ onmessage = async function({ data: { action, message }, ports: [port] }) {
switch (action) {
case 'encrypt': {
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
await privateKey.decrypt('test');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
passphrase: 'test'
});
const data = await openpgp.encrypt({
message: await openpgp.createMessage({ text: message }),
publicKeys: publicKey,
@ -57,8 +59,10 @@ onmessage = async function({ data: { action, message }, ports: [port] }) {
}
case 'decrypt': {
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
await privateKey.decrypt('test');
const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
passphrase: 'test'
});
const { data, signatures } = await openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage: message }),
publicKeys: publicKey,