diff --git a/README.md b/README.md index acc3b3e0..1af609cc 100644 --- a/README.md +++ b/README.md @@ -212,8 +212,10 @@ const openpgp = require('openpgp'); // use as CommonJS, AMD, ES6 module or via w const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored }); - const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }), + passphrase + }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: 'Hello, World!' }), // input as Message object @@ -255,8 +257,10 @@ Encrypt to multiple public keys: const publicKeys = await Promise.all(publicKeysArmored.map(armoredKey => openpgp.readKey({ armoredKey }))); - const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored }); - await privateKey.decrypt(passphrase) + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }), + passphrase + }); const message = await openpgp.createMessage({ text: message }); const encrypted = await openpgp.encrypt({ @@ -282,8 +286,10 @@ If you expect an encrypted message to be signed with one of the public keys you const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored }); - const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }), + passphrase + }); const encryptedAndSignedMessage = `-----BEGIN PGP MESSAGE----- ... @@ -386,8 +392,10 @@ its [Reader class](https://openpgpjs.org/web-stream-tools/Reader.html). const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored }); - const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }), + passphrase + }); const readableStream = new openpgp.stream.ReadableStream({ start(controller) { @@ -490,8 +498,10 @@ Using the private key: const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored }); - const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }), + passphrase + }); const unsignedMessage = await openpgp.createCleartextMessage({ text: 'Hello, World!' }); const cleartextMessage = await openpgp.sign({ @@ -530,8 +540,10 @@ Using the private key: const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored }); - const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }), + passphrase + }); const cleartextMessage = await openpgp.createCleartextMessage({ text: 'Hello, World!' }); const detachedSignature = await openpgp.sign({ @@ -577,8 +589,10 @@ Using the private key: -----END PGP PRIVATE KEY BLOCK-----`; // encrypted private key const passphrase = `yourPassphrase`; // what the private key is encrypted with - const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }), + passphrase + }); const message = await openpgp.createMessage({ binary: readableStream }); // or createMessage({ text: ReadableStream }) const signatureArmored = await openpgp.sign({ diff --git a/openpgp.d.ts b/openpgp.d.ts index 34429fc6..68451cae 100644 --- a/openpgp.d.ts +++ b/openpgp.d.ts @@ -28,8 +28,6 @@ export class Key { private keyPacket: PublicKeyPacket | SecretKeyPacket; public write(): Uint8Array; public armor(config?: Config): string; - public decrypt(passphrase: string | string[], keyID?: KeyID, config?: Config): Promise; // throws on error - public encrypt(passphrase: string | string[], keyID?: KeyID, config?: Config): Promise; // throws on error public getExpirationTime(capability?: 'encrypt' | 'encrypt_sign' | 'sign', keyID?: KeyID, userID?: UserID, config?: Config): Promise; // Returns null if `capabilities` is passed and the key does not have the specified capabilities or is revoked or invalid. public getKeyIDs(): KeyID[]; public getPrimaryUser(date?: Date, userID?: UserID, config?: Config): Promise; // throws on error diff --git a/src/key/key.js b/src/key/key.js index 44240da4..657bf064 100644 --- a/src/key/key.js +++ b/src/key/key.js @@ -159,11 +159,29 @@ class Key { /** * Clones the key object - * @returns {Promise} Shallow clone of the key. + * @param {Boolean} [deep=false] Whether to return a deep clone + * @returns {Promise} Clone of the key. * @async */ - async clone() { - return new Key(this.toPacketlist()); + async clone(deep = false) { + const key = new Key(this.toPacketlist()); + if (deep) { + key.getKeys().forEach(k => { + // shallow clone the key packets + k.keyPacket = Object.create( + Object.getPrototypeOf(k.keyPacket), + Object.getOwnPropertyDescriptors(k.keyPacket) + ); + if (!k.keyPacket.isDecrypted()) return; + // deep clone the private params, which are cleared during encryption + const privateParams = {}; + Object.keys(k.keyPacket.privateParams).forEach(name => { + privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]); + }); + k.keyPacket.privateParams = privateParams; + }); + } + return key; } /** @@ -413,70 +431,6 @@ class Key { return keys; } - /** - * Encrypts all secret key and subkey packets matching keyID - * @param {String|Array} passphrases - If multiple passphrases, then should be in same order as packets each should encrypt - * @param {module:type/keyid~KeyID} keyID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if encryption failed for any key or subkey - * @async - */ - async encrypt(passphrases, keyID = null, config = defaultConfig) { - if (!this.isPrivate()) { - throw new Error("Nothing to encrypt in a public key"); - } - - const keys = this.getKeys(keyID); - passphrases = util.isArray(passphrases) ? passphrases : new Array(keys.length).fill(passphrases); - if (passphrases.length !== keys.length) { - throw new Error("Invalid number of passphrases for key"); - } - - await Promise.all(keys.map(async function(key, i) { - const { keyPacket } = key; - await keyPacket.encrypt(passphrases[i], config); - keyPacket.clearPrivateParams(); - })); - } - - /** - * Decrypts all secret key and subkey packets matching keyID - * @param {String|Array} passphrases - * @param {module:type/keyid~KeyID} keyID - * @param {Object} [config] - Full configuration, defaults to openpgp.config - * @throws {Error} if any matching key or subkey packets did not decrypt successfully - * @async - */ - async decrypt(passphrases, keyID = null, config = defaultConfig) { - if (!this.isPrivate()) { - throw new Error("Nothing to decrypt in a public key"); - } - passphrases = util.isArray(passphrases) ? passphrases : [passphrases]; - - await Promise.all(this.getKeys(keyID).map(async function(key) { - let decrypted = false; - let error = null; - await Promise.all(passphrases.map(async function(passphrase) { - try { - await key.keyPacket.decrypt(passphrase); - // If we are decrypting a single key packet, we also validate it directly - if (keyID) await key.keyPacket.validate(); - decrypted = true; - } catch (e) { - error = e; - } - })); - if (!decrypted) { - throw error; - } - })); - - if (!keyID) { - // The full key should be decrypted and we can validate it all - await this.validate(config); - } - } - /** * Returns true if the primary key or any subkey is decrypted. * A dummy key is considered encrypted. diff --git a/src/openpgp.js b/src/openpgp.js index c35ead57..30219f65 100644 --- a/src/openpgp.js +++ b/src/openpgp.js @@ -33,8 +33,8 @@ import util from './util'; /** * Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type. * @param {Object} options - * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA * @param {Object|Array} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }` + * @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA * @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key * @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys * @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys: @@ -53,10 +53,13 @@ import util from './util'; export function generateKey({ userIDs = [], passphrase = "", type = "ecc", rsaBits = 4096, curve = "curve25519", keyExpirationTime = 0, date = new Date(), subkeys = [{}], config }) { config = { ...defaultConfig, ...config }; userIDs = toArray(userIDs); - const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys }; + if (userIDs.length === 0) { + throw new Error('UserIDs are required for key generation'); + } if (type === "rsa" && rsaBits < config.minRSABits) { throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`); } + const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys }; return generate(options, config).then(async key => { const revocationCertificate = await key.getRevocationCertificate(date, config); @@ -159,19 +162,22 @@ export function revokeKey({ key, revocationCertificate, reasonForRevocation, con */ export async function decryptKey({ privateKey, passphrase, config }) { config = { ...defaultConfig, ...config }; - const key = await privateKey.clone(); - // shallow clone is enough since the encrypted material is not changed in place by decryption - key.getKeys().forEach(k => { - k.keyPacket = Object.create( - Object.getPrototypeOf(k.keyPacket), - Object.getOwnPropertyDescriptors(k.keyPacket) - ); - }); + if (!privateKey.isPrivate()) { + throw new Error("Cannot decrypt a public key"); + } + const clonedPrivateKey = await privateKey.clone(true); + try { - await key.decrypt(passphrase, undefined, config); - return key; + const passphrases = util.isArray(passphrase) ? passphrase : [passphrase]; + await Promise.all(clonedPrivateKey.getKeys().map(key => ( + // try to decrypt each key with any of the given passphrases + util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase))) + ))); + + await clonedPrivateKey.validate(config); + return clonedPrivateKey; } catch (err) { - key.clearPrivateParams(); + clonedPrivateKey.clearPrivateParams(); return onError('Error decrypting private key', err); } } @@ -188,26 +194,26 @@ export async function decryptKey({ privateKey, passphrase, config }) { */ export async function encryptKey({ privateKey, passphrase, config }) { config = { ...defaultConfig, ...config }; - const key = await privateKey.clone(); - key.getKeys().forEach(k => { - // shallow clone the key packets - k.keyPacket = Object.create( - Object.getPrototypeOf(k.keyPacket), - Object.getOwnPropertyDescriptors(k.keyPacket) - ); - if (!k.keyPacket.isDecrypted()) return; - // deep clone the private params, which are cleared during encryption - const privateParams = {}; - Object.keys(k.keyPacket.privateParams).forEach(name => { - privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]); - }); - k.keyPacket.privateParams = privateParams; - }); + if (!privateKey.isPrivate()) { + throw new Error("Cannot encrypt a public key"); + } + const clonedPrivateKey = await privateKey.clone(true); + try { - await key.encrypt(passphrase, undefined, config); - return key; + const keys = clonedPrivateKey.getKeys(); + const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase); + if (passphrases.length !== keys.length) { + throw new Error("Invalid number of passphrases for key"); + } + + await Promise.all(keys.map(async (key, i) => { + const { keyPacket } = key; + await keyPacket.encrypt(passphrases[i], config); + keyPacket.clearPrivateParams(); + })); + return clonedPrivateKey; } catch (err) { - key.clearPrivateParams(); + clonedPrivateKey.clearPrivateParams(); return onError('Error encrypting private key', err); } } diff --git a/src/packet/secret_key.js b/src/packet/secret_key.js index c8e5b929..49ecf0b6 100644 --- a/src/packet/secret_key.js +++ b/src/packet/secret_key.js @@ -312,10 +312,11 @@ class SecretKeyPacket extends PublicKeyPacket { /** * Decrypts the private key params which are needed to use the key. + * Successful decryption does not imply key integrity, call validate() to confirm that. * {@link SecretKeyPacket.isDecrypted} should be false, as * otherwise calls to this function will throw an error. * @param {String} passphrase - The passphrase for this private key as string - * @throws {Error} if decryption was not successful + * @throws {Error} if the key is already decrypted, or if decryption was not successful * @async */ async decrypt(passphrase) { diff --git a/test/general/brainpool.js b/test/general/brainpool.js index ed14d12a..e55e3666 100644 --- a/test/general/brainpool.js +++ b/test/general/brainpool.js @@ -182,10 +182,12 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g= if (data[name].priv_key) { return data[name].priv_key; } - const pk = await openpgp.readKey({ armoredKey: data[name].priv }); + const pk = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: data[name].priv }), + passphrase: data[name].pass + }); expect(pk).to.exist; expect(pk.getKeyID().toHex()).to.equal(data[name].id); - await pk.decrypt(data[name].pass); data[name].priv_key = pk; return pk; } diff --git a/test/general/ecc_secp256k1.js b/test/general/ecc_secp256k1.js index 38dd82b1..2eb6342b 100644 --- a/test/general/ecc_secp256k1.js +++ b/test/general/ecc_secp256k1.js @@ -150,10 +150,12 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve if (data[name].priv_key) { return data[name].priv_key; } - const pk = await openpgp.readKey({ armoredKey: data[name].priv }); + const pk = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: data[name].priv }), + passphrase: data[name].pass + }); expect(pk).to.exist; expect(pk.getKeyID().toHex()).to.equal(data[name].id); - await pk.decrypt(data[name].pass); data[name].priv_key = pk; return pk; } diff --git a/test/general/key.js b/test/general/key.js index 779622b3..3d296c74 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -2340,9 +2340,8 @@ function versionSpecificTests() { it('Reformat key - one signing subkey', function() { const userID = { name: 'test', email: 'a@b.com' }; - const opt = { userIDs: [userID], passphrase: '123', subkeys:[{}, { sign: true }] }; + const opt = { userIDs: [userID], subkeys:[{}, { sign: true }] }; return openpgp.generateKey(opt).then(async function({ key }) { - await key.decrypt('123'); return openpgp.reformatKey({ privateKey: key, userIDs: [userID] }); }).then(async function({ privateKeyArmored }) { const key = await openpgp.readKey({ armoredKey: privateKeyArmored }); @@ -2379,20 +2378,27 @@ function versionSpecificTests() { it('Encrypt key with new passphrase', async function() { const userID = { name: 'test', email: 'a@b.com' }; - const opt = { userIDs: userID, passphrase: 'passphrase' }; - const key = (await openpgp.generateKey(opt)).key; - const armor1 = key.armor(); - const armor2 = key.armor(); + const passphrase = 'passphrase'; + const newPassphrase = 'new_passphrase'; + const privateKey = (await openpgp.generateKey({ userIDs: userID, passphrase })).key; + const armor1 = privateKey.armor(); + const armor2 = privateKey.armor(); expect(armor1).to.equal(armor2); - await key.decrypt('passphrase'); - expect(key.isDecrypted()).to.be.true; - await key.encrypt('new_passphrase'); - expect(key.isDecrypted()).to.be.false; - await expect(key.decrypt('passphrase')).to.be.rejectedWith('Incorrect key passphrase'); - expect(key.isDecrypted()).to.be.false; - await key.decrypt('new_passphrase'); - expect(key.isDecrypted()).to.be.true; - const armor3 = key.armor(); + + const decryptedKey = await openpgp.decryptKey({ privateKey, passphrase }); + expect(decryptedKey.isDecrypted()).to.be.true; + + const newEncryptedKey = await openpgp.encryptKey({ + privateKey: decryptedKey, passphrase: newPassphrase + }); + expect(newEncryptedKey.isDecrypted()).to.be.false; + await expect(openpgp.decryptKey({ + privateKey: newEncryptedKey, passphrase + })).to.be.rejectedWith('Incorrect key passphrase'); + expect(newEncryptedKey.isDecrypted()).to.be.false; + const newDecryptedKey = await openpgp.decryptKey({ privateKey: newEncryptedKey, passphrase: newPassphrase }); + expect(newDecryptedKey.isDecrypted()).to.be.true; + const armor3 = newDecryptedKey.armor(); expect(armor3).to.not.equal(armor1); }); @@ -2419,8 +2425,10 @@ function versionSpecificTests() { it('Sign and verify key - primary user', async function() { let publicKey = await openpgp.readKey({ armoredKey: pub_sig_test }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const { minRSABits } = openpgp.config; openpgp.config.minRSABits = 1024; @@ -2441,9 +2449,11 @@ function versionSpecificTests() { it('Sign key and verify with wrong key - primary user', async function() { let publicKey = await openpgp.readKey({ armoredKey: pub_sig_test }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); const wrongKey = await openpgp.readKey({ armoredKey: wrong_key }); - await privateKey.decrypt('hello world'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const { minRSABits } = openpgp.config; openpgp.config.minRSABits = 1024; @@ -2464,8 +2474,10 @@ function versionSpecificTests() { it('Sign and verify key - all users', async function() { let publicKey = await openpgp.readKey({ armoredKey: multi_uid_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const { minRSABits } = openpgp.config; openpgp.config.minRSABits = 1024; @@ -2494,9 +2506,11 @@ function versionSpecificTests() { it('Sign key and verify with wrong key - all users', async function() { let publicKey = await openpgp.readKey({ armoredKey: multi_uid_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const wrongKey = await openpgp.readKey({ armoredKey: wrong_key }); - await privateKey.decrypt('hello world'); const { minRSABits } = openpgp.config; openpgp.config.minRSABits = 1024; @@ -2604,18 +2618,15 @@ function versionSpecificTests() { const userID2 = { name: 'test2', email: 'b@c.com' }; const userID3 = { name: 'test3', email: 'c@d.com' }; const opt = { userIDs: userID1 }; - return openpgp.generateKey(opt).then(function(key) { - key = key.key; - opt.privateKey = key; - opt.userIDs = [userID2, userID3]; - opt.passphrase = '123'; - return openpgp.reformatKey(opt).then(async function(newKey) { - newKey = newKey.key; - expect(newKey.users.length).to.equal(2); - expect(newKey.users[0].userID.userID).to.equal('test2 '); - expect(newKey.isDecrypted()).to.be.false; - await newKey.decrypt('123'); - expect(newKey.isDecrypted()).to.be.true; + return openpgp.generateKey(opt).then(function ({ key }) { + const passphrase = '123'; + const reformatOpt = { privateKey: key, userIDs: [userID2, userID3], passphrase }; + return openpgp.reformatKey(reformatOpt).then(async ({ key: refKey }) => { + expect(refKey.users.length).to.equal(2); + expect(refKey.users[0].userID.userID).to.equal('test2 '); + expect(refKey.isDecrypted()).to.be.false; + const decryptedKey = await openpgp.decryptKey({ privateKey: refKey, passphrase }); + expect(decryptedKey.isDecrypted()).to.be.true; }); }); }); @@ -2664,9 +2675,8 @@ function versionSpecificTests() { }); it('Revoke generated key with private key', function() { - const opt = { userIDs: { name: 'test', email: 'a@b.com' }, passphrase: '1234' }; + const opt = { userIDs: { name: 'test', email: 'a@b.com' } }; return openpgp.generateKey(opt).then(async function(original) { - await original.key.decrypt('1234'); return openpgp.revokeKey({ key: original.key, reasonForRevocation: { string: 'Testing key revocation' } }).then(async function(revKey) { revKey = revKey.publicKey; expect(revKey.revocationSignatures[0].reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.noReason); @@ -2926,15 +2936,9 @@ module.exports = () => describe('Key', function() { expect(encryptExpirationTime).to.equal(Infinity); }); - it("decrypt() - throw if key parameters don't correspond", async function() { - const key = await openpgp.readKey({ armoredKey: mismatchingKeyParams }); - await expect(key.decrypt('userpass')).to.be.rejectedWith('Key is invalid'); - }); - - it("decrypt(keyID) - throw if key parameters don't correspond", async function() { - const key = await openpgp.readKey({ armoredKey: mismatchingKeyParams }); - const subKeyID = key.subKeys[0].getKeyID(); - await expect(key.decrypt('userpass', subKeyID)).to.be.rejectedWith('Key is invalid'); + it("decryptKey() - throw if key parameters don't correspond", async function() { + const privateKey = await openpgp.readKey({ armoredKey: mismatchingKeyParams }); + await expect(openpgp.decryptKey({ privateKey, passphrase: 'userpass' })).to.be.rejectedWith('Key is invalid'); }); it("validate() - don't throw if key parameters correspond", async function() { @@ -2966,15 +2970,15 @@ module.exports = () => describe('Key', function() { const passphrase = '12345678'; const { key } = await openpgp.generateKey({ userIDs: {}, curve: 'ed25519', passphrase }); expect(key.isDecrypted()).to.be.false; - await key.decrypt(passphrase, key.subKeys[0].getKeyID()); + await key.subKeys[0].keyPacket.decrypt(passphrase); expect(key.isDecrypted()).to.be.true; }); it("isDecrypted() - gnu-dummy primary key", async function() { const key = await openpgp.readKey({ armoredKey: gnuDummyKeySigningSubkey }); expect(key.isDecrypted()).to.be.true; - await key.encrypt('12345678'); - expect(key.isDecrypted()).to.be.false; + const encryptedKey = await openpgp.encryptKey({ privateKey: key, passphrase: '12345678' }); + expect(encryptedKey.isDecrypted()).to.be.false; }); it("isDecrypted() - all-gnu-dummy key", async function() { @@ -2994,15 +2998,17 @@ module.exports = () => describe('Key', function() { const passphrase = 'passphrase'; key.primaryKey.makeDummy(); expect(key.isDecrypted()).to.be.true; - await key.encrypt(passphrase); - expect(key.isDecrypted()).to.be.false; - await key.decrypt(passphrase); - expect(key.isDecrypted()).to.be.true; + const encryptedKey = await openpgp.encryptKey({ privateKey: key, passphrase }); + expect(encryptedKey.isDecrypted()).to.be.false; + const decryptedKey = await openpgp.decryptKey({ privateKey: encryptedKey, passphrase }); + expect(decryptedKey.isDecrypted()).to.be.true; }); it('makeDummy() - the converted key is valid but can no longer sign', async function() { - const key = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await key.decrypt('hello world'); + const key = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); expect(key.primaryKey.isDummy()).to.be.false; key.primaryKey.makeDummy(); expect(key.primaryKey.isDummy()).to.be.true; @@ -3011,8 +3017,10 @@ module.exports = () => describe('Key', function() { }); it('makeDummy() - subkeys of the converted key can still sign', async function() { - const key = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await key.decrypt('hello world'); + const key = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); expect(key.primaryKey.isDummy()).to.be.false; key.primaryKey.makeDummy(); expect(key.primaryKey.isDummy()).to.be.true; @@ -3020,33 +3028,39 @@ module.exports = () => describe('Key', function() { }); it('makeDummy() - should work for encrypted keys', async function() { + const passphrase = 'hello world'; const key = await openpgp.readKey({ armoredKey: priv_key_rsa }); expect(key.primaryKey.isDummy()).to.be.false; expect(key.primaryKey.makeDummy()).to.not.throw; expect(key.primaryKey.isDummy()).to.be.true; // dummy primary key should always be marked as not decrypted - await expect(key.decrypt('hello world')).to.be.fulfilled; - expect(key.primaryKey.isDummy()).to.be.true; - expect(key.primaryKey.isEncrypted === null); - expect(key.primaryKey.isDecrypted()).to.be.false; - await expect(key.encrypt('hello world')).to.be.fulfilled; - expect(key.primaryKey.isDummy()).to.be.true; - expect(key.primaryKey.isEncrypted === null); - expect(key.primaryKey.isDecrypted()).to.be.false; - // confirm that the converted key can be parsed - await openpgp.readKey({ armoredKey: key.armor() }); + const decryptedKey = await openpgp.decryptKey({ privateKey: key, passphrase }); + expect(decryptedKey.primaryKey.isDummy()).to.be.true; + expect(decryptedKey.primaryKey.isEncrypted === null); + expect(decryptedKey.primaryKey.isDecrypted()).to.be.false; + const encryptedKey = await openpgp.encryptKey({ privateKey: decryptedKey, passphrase }); + expect(encryptedKey.primaryKey.isDummy()).to.be.true; + expect(encryptedKey.primaryKey.isEncrypted === null); + expect(encryptedKey.primaryKey.isDecrypted()).to.be.false; + // confirm that the converted keys can be parsed + await openpgp.readKey({ armoredKey: encryptedKey.armor() }); + await openpgp.readKey({ armoredKey: decryptedKey.armor() }); }); it('clearPrivateParams() - check that private key can no longer be used', async function() { - const key = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await key.decrypt('hello world'); + const key = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); await key.clearPrivateParams(); await expect(key.validate()).to.be.rejectedWith('Key is not decrypted'); }); it('clearPrivateParams() - detect that private key parameters were removed', async function() { - const key = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await key.decrypt('hello world'); + const key = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const signingKeyPacket = key.subKeys[0].keyPacket; const privateParams = signingKeyPacket.privateParams; await key.clearPrivateParams(); @@ -3058,8 +3072,10 @@ module.exports = () => describe('Key', function() { }); it('clearPrivateParams() - detect that private key parameters were zeroed out', async function() { - const key = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await key.decrypt('hello world'); + const key = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const signingKeyPacket = key.subKeys[0].keyPacket; const privateParams = {}; Object.entries(signingKeyPacket.privateParams).forEach(([name, value]) => { @@ -3219,8 +3235,10 @@ module.exports = () => describe('Key', function() { }); it('revoke() - primary key', async function() { - const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 }); - await privKey.decrypt('hello world'); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); await privKey.revoke({ flag: openpgp.enums.reasonForRevocation.keyRetired, @@ -3238,8 +3256,10 @@ module.exports = () => describe('Key', function() { it('revoke() - subkey', async function() { const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); - const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 }); - await privKey.decrypt('hello world'); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); const subKey = pubKey.subKeys[0]; await subKey.revoke(privKey.primaryKey, { @@ -3391,8 +3411,6 @@ VYGdb3eNlV8CfoEC it('Generate session key - latest created user', async function() { const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); // Set second user to prefer aes128. We should select this user by default, since it was created later. publicKey.users[1].selfCertifications[0].preferredSymmetricAlgorithms = [openpgp.enums.symmetric.aes128]; const sessionKey = await openpgp.generateSessionKey({ publicKeys: publicKey }); @@ -3401,8 +3419,6 @@ VYGdb3eNlV8CfoEC it('Generate session key - primary user', async function() { const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); // Set first user to primary. We should select this user by default. publicKey.users[0].selfCertifications[0].isPrimaryUserID = true; // Set first user to prefer aes128. @@ -3413,8 +3429,10 @@ VYGdb3eNlV8CfoEC it('Generate session key - specific user', async function() { const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); // Set first user to primary. We won't select this user, this is to test that. publicKey.users[0].selfCertifications[0].isPrimaryUserID = true; // Set second user to prefer aes128. We will select this user. @@ -3433,15 +3451,19 @@ VYGdb3eNlV8CfoEC it('Fails to encrypt to User ID-less key', async function() { const publicKey = await openpgp.readKey({ armoredKey: uidlessKey }); expect(publicKey.users.length).to.equal(0); - const privateKey = await openpgp.readKey({ armoredKey: uidlessKey }); - await privateKey.decrypt('correct horse battery staple'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: uidlessKey }), + passphrase: 'correct horse battery staple' + }); await expect(openpgp.encrypt({ message: await openpgp.createMessage({ text: 'hello' }), publicKeys: publicKey, privateKeys: privateKey, armor: false })).to.be.rejectedWith('Could not find primary user'); }); it('Sign - specific user', async function() { const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const privateKeyClone = await openpgp.readKey({ armoredKey: priv_key_rsa }); // Duplicate user privateKey.users.push(privateKeyClone.users[0]); @@ -3541,13 +3563,12 @@ VYGdb3eNlV8CfoEC }); it("Should throw when trying to encrypt a key that's already encrypted", async function() { - await expect((async function() { - const { privateKeyArmored } = await openpgp.generateKey({ userIDs: [{ email: 'hello@user.com' }], passphrase: 'pass' }); - const k = await openpgp.readKey({ armoredKey: privateKeyArmored }); - await k.decrypt('pass'); - await k.encrypt('pass'); - await k.encrypt('pass'); - })()).to.be.rejectedWith('Key packet is already encrypted'); + const passphrase = 'pass'; + const { privateKeyArmored } = await openpgp.generateKey({ userIDs: [{ email: 'hello@user.com' }], passphrase }); + const key = await openpgp.readKey({ armoredKey: privateKeyArmored }); + const decryptedKey = await openpgp.decryptKey({ privateKey: key, passphrase }); + const encryptedKey = await openpgp.encryptKey({ privateKey: decryptedKey, passphrase }); + await expect(openpgp.encryptKey({ privateKey: encryptedKey, passphrase })).to.be.eventually.rejectedWith(/Key packet is already encrypted/); }); describe('addSubkey functionality testing', function() { @@ -3563,8 +3584,10 @@ VYGdb3eNlV8CfoEC }); it('create and add a new rsa subkey to stored rsa key', async function() { - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const total = privateKey.subKeys.length; let newPrivateKey = await privateKey.addSubkey(rsaOpt); const armoredKey = newPrivateKey.armor(); @@ -3609,22 +3632,31 @@ VYGdb3eNlV8CfoEC }); it('should throw when trying to encrypt a subkey separately from key', async function() { - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const opt = { rsaBits: rsaBits, passphrase: 'subkey passphrase' }; await expect(privateKey.addSubkey(opt)).to.be.rejectedWith('Subkey could not be encrypted here, please encrypt whole key'); }); it('encrypt and decrypt key with added subkey', async function() { - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const total = privateKey.subKeys.length; - let newPrivateKey = await privateKey.addSubkey(rsaOpt); - newPrivateKey = await openpgp.readKey({ armoredKey: newPrivateKey.armor() }); - await newPrivateKey.encrypt('12345678'); - const armoredKey = newPrivateKey.armor(); - const importedPrivateKey = await openpgp.readKey({ armoredKey: armoredKey }); - await importedPrivateKey.decrypt('12345678'); + + const passphrase = '12345678'; + const newPrivateKey = await privateKey.addSubkey(rsaOpt); + const encNewPrivateKey = await openpgp.encryptKey({ privateKey: newPrivateKey, passphrase }); + expect(encNewPrivateKey.subKeys.length).to.be.equal(total + 1); + + const armoredKey = encNewPrivateKey.armor(); + const importedPrivateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey }), + passphrase + }); const subKey = importedPrivateKey.subKeys[total]; expect(subKey).to.exist; expect(importedPrivateKey.subKeys.length).to.be.equal(total + 1); @@ -3632,6 +3664,7 @@ VYGdb3eNlV8CfoEC }); it('create and add a new ec subkey to a ec key', async function() { + const passphrase = '12345678'; const userID = { name: 'test', email: 'a@b.com' }; const opt = { curve: 'curve25519', userIDs: [userID], subkeys:[] }; const privateKey = (await openpgp.generateKey(opt)).key; @@ -3639,20 +3672,21 @@ VYGdb3eNlV8CfoEC const opt2 = { curve: 'curve25519', userIDs: [userID], sign: true }; let newPrivateKey = await privateKey.addSubkey(opt2); const subKey1 = newPrivateKey.subKeys[total]; - await newPrivateKey.encrypt('12345678'); - const armoredKey = newPrivateKey.armor(); - newPrivateKey = await openpgp.readKey({ armoredKey: armoredKey }); - await newPrivateKey.decrypt('12345678'); - const subKey = newPrivateKey.subKeys[total]; - expect(subKey.isDecrypted()).to.be.true; - expect(subKey1.getKeyID().toHex()).to.be.equal(subKey.getKeyID().toHex()); - expect(subKey).to.exist; + const encNewPrivateKey = await openpgp.encryptKey({ privateKey: newPrivateKey, passphrase }); + newPrivateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: encNewPrivateKey.armor() }), + passphrase + }); + const subKey2 = newPrivateKey.subKeys[total]; + expect(subKey2.isDecrypted()).to.be.true; + expect(subKey1.getKeyID().toHex()).to.be.equal(subKey2.getKeyID().toHex()); + expect(subKey2).to.exist; expect(newPrivateKey.subKeys.length).to.be.equal(total + 1); - const subkeyOid = subKey.keyPacket.publicParams.oid; + const subkeyOid = subKey2.keyPacket.publicParams.oid; const pkOid = privateKey.primaryKey.publicParams.oid; expect(subkeyOid.getName()).to.be.equal(pkOid.getName()); - expect(subKey.getAlgorithmInfo().algorithm).to.be.equal('eddsa'); - await subKey.verify(privateKey.primaryKey); + expect(subKey2.getAlgorithmInfo().algorithm).to.be.equal('eddsa'); + await subKey2.verify(privateKey.primaryKey); }); it('create and add a new ecdsa subkey to a eddsa key', async function() { @@ -3674,8 +3708,10 @@ VYGdb3eNlV8CfoEC }); it('create and add a new ecc subkey to a rsa key', async function() { - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const total = privateKey.subKeys.length; const opt2 = { type: 'ecc', curve: 'curve25519' }; let newPrivateKey = await privateKey.addSubkey(opt2); @@ -3769,8 +3805,10 @@ VYGdb3eNlV8CfoEC }); it('sign/verify data with the new subkey correctly using rsa', async function() { - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const total = privateKey.subKeys.length; const opt2 = { sign: true, rsaBits: rsaBits }; let newPrivateKey = await privateKey.addSubkey(opt2); @@ -3790,8 +3828,10 @@ VYGdb3eNlV8CfoEC }); it('encrypt/decrypt data with the new subkey correctly using rsa', async function() { - const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); - await privateKey.decrypt('hello world'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), + passphrase: 'hello world' + }); const total = privateKey.subKeys.length; let newPrivateKey = await privateKey.addSubkey(rsaOpt); const armoredKey = newPrivateKey.armor(); diff --git a/test/general/openpgp.js b/test/general/openpgp.js index 060d696c..58998227 100644 --- a/test/general/openpgp.js +++ b/test/general/openpgp.js @@ -363,7 +363,7 @@ bpOWdMhJ6Hy+JzGNY1qNXcHJPw== =99Fs -----END PGP MESSAGE-----`; -const ecdh_dec_key_2 = `-----BEGIN PGP PRIVATE KEY BLOCK----- +const ecdh_dec_key2 = `-----BEGIN PGP PRIVATE KEY BLOCK----- Version: OpenPGP.js v4.4.9 Comment: https://openpgpjs.org @@ -795,6 +795,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { expect(newKey.publicKeyArmored).to.exist; }); }); + + it('should throw if missing userIDs', async function() { + expect(() => openpgp.generateKey({})).to.throw(/UserIDs are required/); + }); }); describe('generateKey - integration tests', function() { @@ -831,6 +835,25 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { }); }); + it('should work with multiple passphrases', async function() { + const privateKey = await openpgp.readKey({ armoredKey: priv_key }); + const originalKey = await openpgp.readKey({ armoredKey: privateKey.armor() }); + return openpgp.decryptKey({ + privateKey: privateKey, + passphrase: ['rubbish', passphrase] + }).then(function(unlocked){ + expect(unlocked.getKeyID().toHex()).to.equal(privateKey.getKeyID().toHex()); + expect(unlocked.subKeys[0].getKeyID().toHex()).to.equal(privateKey.subKeys[0].getKeyID().toHex()); + expect(unlocked.isDecrypted()).to.be.true; + expect(unlocked.keyPacket.privateParams).to.not.be.null; + // original key should be unchanged + expect(privateKey.isDecrypted()).to.be.false; + expect(privateKey.keyPacket.privateParams).to.be.null; + originalKey.subKeys[0].getKeyID(); // fill in keyID + expect(privateKey).to.deep.equal(originalKey); + }); + }); + it('should fail for incorrect passphrase', async function() { const privateKey = await openpgp.readKey({ armoredKey: priv_key }); const originalKey = await openpgp.readKey({ armoredKey: privateKey.armor() }); @@ -953,8 +976,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('decrypt/verify should succeed with valid signature (expectSigned=true)', async function () { const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: plaintext }), @@ -973,8 +998,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('decrypt/verify should throw on missing public keys (expectSigned=true)', async function () { const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: plaintext }), @@ -990,8 +1017,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('decrypt/verify should throw on missing signature (expectSigned=true)', async function () { const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: plaintext }), @@ -1007,9 +1036,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('decrypt/verify should throw on invalid signature (expectSigned=true)', async function () { const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic(); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: plaintext }), @@ -1026,8 +1057,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('decrypt/verify should succeed with valid signature (expectSigned=true, with streaming)', async function () { const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: plaintext }), @@ -1047,8 +1080,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('decrypt/verify should throw on missing public keys (expectSigned=true, with streaming)', async function () { const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: plaintext }), @@ -1064,8 +1099,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('decrypt/verify should throw on missing signature (expectSigned=true, with streaming)', async function () { const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: plaintext }), @@ -1081,9 +1118,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('decrypt/verify should throw on invalid signature (expectSigned=true, with streaming)', async function () { const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic(); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: plaintext }), @@ -1133,8 +1172,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('verify should succeed with valid signature (expectSigned=true)', async function () { const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const signed = await openpgp.sign({ message: await createMessage({ text }), @@ -1151,8 +1192,6 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('verify should throw on missing signature (expectSigned=true)', async function () { const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); - await privateKey.decrypt(passphrase); await expect(openpgp.verify({ message: await createMessage({ text }), @@ -1162,9 +1201,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { }); it('verify should throw on invalid signature (expectSigned=true)', async function () { - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic(); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const signed = await openpgp.sign({ message: await createMessage({ text }), @@ -1181,8 +1222,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const signed = await openpgp.sign({ message: await createMessage({ text }), @@ -1202,8 +1245,6 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this const publicKey = await openpgp.readKey({ armoredKey: pub_key }); - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); - await privateKey.decrypt(passphrase); await expect(openpgp.verify({ message: await createMessage({ text: openpgp.stream.toStream(text) }), @@ -1215,9 +1256,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('verify should throw on invalid signature (expectSigned=true, with streaming)', async function () { if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this - const privateKey = await openpgp.readKey({ armoredKey: priv_key }); const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic(); - await privateKey.decrypt(passphrase); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase + }); const signed = await openpgp.sign({ message: await createMessage({ text }), @@ -1304,14 +1347,17 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { } }); - it('Decrypting key with wrong passphrase rejected', async function () { - await expect(privateKey.decrypt('wrong passphrase')).to.eventually.be.rejectedWith('Incorrect key passphrase'); + it('Decrypting key with wrong passphrase should be rejected', async function () { + await expect(openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase: 'wrong passphrase' + })).to.eventually.be.rejectedWith('Incorrect key passphrase'); }); it('Can decrypt key with correct passphrase', async function () { expect(privateKey.isDecrypted()).to.be.false; - await privateKey.decrypt(passphrase); - expect(privateKey.isDecrypted()).to.be.true; + const decryptedKey = await openpgp.decryptKey({ privateKey, passphrase }); + expect(decryptedKey.isDecrypted()).to.be.true; }); it('Calling decrypt with not decrypted key leads to exception', async function() { @@ -1378,11 +1424,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { describe('encryptSessionKey, decryptSessionKeys', function() { const sk = new Uint8Array([0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01]); - let decryptedPrivateKey; + let decryptedPrivateKey; // to avoid decrypting key before each test beforeEach(async function() { if (!decryptedPrivateKey) { - await privateKey.decrypt(passphrase); - decryptedPrivateKey = privateKey; + decryptedPrivateKey = await openpgp.decryptKey({ privateKey, passphrase }); } privateKey = decryptedPrivateKey; }); @@ -1538,11 +1583,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { '=6XMW\r\n' + '-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n'; - let decryptedPrivateKey; + let decryptedPrivateKey; // to avoid decrypting key before each test beforeEach(async function() { if (!decryptedPrivateKey) { - await privateKey.decrypt(passphrase); - decryptedPrivateKey = privateKey; + decryptedPrivateKey = await openpgp.decryptKey({ privateKey, passphrase }); } privateKey = decryptedPrivateKey; }); @@ -1567,8 +1611,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { }); it('should encrypt then decrypt with multiple private keys', async function () { - const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de }); - await privKeyDE.decrypt(passphrase); + const privKeyDE = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_de }), + passphrase + }); const encOpt = { message: await openpgp.createMessage({ text: plaintext }), @@ -1609,8 +1655,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { }); it('should encrypt then decrypt with wildcard with multiple private keys', async function () { - const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de }); - await privKeyDE.decrypt(passphrase); + const privKeyDE = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_de }), + passphrase + }); const encOpt = { message: await openpgp.createMessage({ text: plaintext }), @@ -1880,8 +1928,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { const plaintext = "  \t┍ͤ޵၂༫዇◧˘˻ᙑ᎚⏴ំந⛑nٓኵΉⅶ⋋ŵ⋲΂ͽᣏ₅ᄶɼ┋⌔û᬴Ƚᔡᧅ≃ṱἆ⃷݂૿ӌ᰹෇ٹჵ⛇໶⛌  \t\n한국어/조선말"; - const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de }); - await privKeyDE.decrypt(passphrase); + const privKeyDE = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_de }), + passphrase + }); const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de }); @@ -2055,8 +2105,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { try { openpgp.config.rejectPublicKeyAlgorithms = new Set(); - const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de }); - await privKeyDE.decrypt(passphrase); + const privKeyDE = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_de }), + passphrase + }); const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de }); @@ -2163,8 +2215,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { openpgp.config.rejectPublicKeyAlgorithms = new Set(); const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de }); - const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de }); - await privKeyDE.decrypt(passphrase); + const privKeyDE = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_de }), + passphrase + }); pubKeyDE.users[0].selfCertifications[0].features = [7]; // Monkey-patch AEAD feature flag await openpgp.encrypt({ publicKeys: pubKeyDE, @@ -2245,8 +2299,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { ].join('\n'); it('Decrypt message', async function() { - const privKey = await openpgp.readKey({ armoredKey: priv_key }); - await privKey.decrypt('1234'); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase: '1234' + }); const message = await openpgp.readMessage({ armoredMessage: pgp_msg }); return openpgp.decrypt({ privateKeys:privKey, message:message }).then(function(decrypted) { @@ -2399,11 +2455,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { '=6XMW\r\n' + '-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n'; - let decryptedPrivateKey; + let decryptedPrivateKey; // to avoid decrypting key before each test beforeEach(async function() { if (!decryptedPrivateKey) { - await privateKey.decrypt(passphrase); - decryptedPrivateKey = privateKey; + decryptedPrivateKey = await openpgp.decryptKey({ privateKey, passphrase }); } privateKey = decryptedPrivateKey; }); @@ -2435,8 +2490,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { try { openpgp.config.rejectPublicKeyAlgorithms = new Set(); - const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de }); - await privKeyDE.decrypt(passphrase); + const privKeyDE = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_de }), + passphrase + }); const message = await openpgp.createCleartextMessage({ text: plaintext }); const signOpt = { @@ -2868,8 +2925,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('should fail to encrypt with revoked subkey', async function() { const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de }); - const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de }); - await privKeyDE.decrypt(passphrase); + const privKeyDE = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_de }), + passphrase + }); return privKeyDE.subKeys[0].revoke(privKeyDE.primaryKey).then(async function(revSubKey) { pubKeyDE.subKeys[0] = revSubKey; return openpgp.encrypt({ @@ -2886,8 +2945,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { it('should decrypt with revoked subkey', async function() { const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de }); - const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de }); - await privKeyDE.decrypt(passphrase); + const privKeyDE = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_de }), + passphrase + }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: plaintext }), publicKeys: pubKeyDE, @@ -2908,8 +2969,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de }); // corrupt the public key params privKeyDE.subKeys[0].keyPacket.publicParams.p[0]++; - // validation will not check the decryption subkey and will succeed - await privKeyDE.decrypt(passphrase); + // validation will check the primary key -- not the decryption subkey -- and will succeed (for now) + const decryptedKeyDE = await openpgp.decryptKey({ + privateKey: privKeyDE, + passphrase + }); const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: plaintext }), publicKeys: pubKeyDE, @@ -2917,7 +2981,7 @@ module.exports = () => describe('OpenPGP.js public api tests', function() { }); const decOpt = { message: await openpgp.readMessage({ armoredMessage: encrypted }), - privateKeys: privKeyDE + privateKeys: decryptedKeyDE }; // binding signature is invalid await expect(openpgp.decrypt(decOpt)).to.be.rejectedWith(/Session key decryption failed/); @@ -2989,18 +3053,22 @@ J9I8AcH94nE77JUtCm7s1kOlo0EIshZsAqJwGveDGdAuabfViVwVxG4I24M6 }); it('should decrypt broken ECC message from old OpenPGP.js', async function() { - const key = await openpgp.readKey({ armoredKey: ecdh_dec_key }); + const key = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: ecdh_dec_key }), + passphrase: '12345' + }); const message = await openpgp.readMessage({ armoredMessage: ecdh_msg_bad }); - await key.decrypt('12345'); - const decrypted = await openpgp.decrypt({ message, privateKeys: [key] }); + const decrypted = await openpgp.decrypt({ message, privateKeys: key }); expect(decrypted.data).to.equal('\n'); }); it('should decrypt broken ECC message from old go crypto', async function() { - const key = await openpgp.readKey({ armoredKey: ecdh_dec_key_2 }); + const key = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: ecdh_dec_key2 }), + passphrase: '12345' + }); const message = await openpgp.readMessage({ armoredMessage: ecdh_msg_bad_2 }); - await key.decrypt('12345'); - const decrypted = await openpgp.decrypt({ message, privateKeys: [key] }); + const decrypted = await openpgp.decrypt({ message, privateKeys: key }); expect(decrypted.data).to.equal('Tesssst


Sent from ProtonMail mobile


'); }); diff --git a/test/general/packet.js b/test/general/packet.js index e9f261bb..6f3cdd16 100644 --- a/test/general/packet.js +++ b/test/general/packet.js @@ -684,15 +684,15 @@ module.exports = () => describe("Packet", function() { '=pR+C\n' + '-----END PGP MESSAGE-----'; - let key = new openpgp.PacketList(); - await key.read((await openpgp.unarmor(armored_key)).data, allAllowedPackets); - key = key[3]; - await key.decrypt('test'); + const keyPackets = new openpgp.PacketList(); + await keyPackets.read((await openpgp.unarmor(armored_key)).data, allAllowedPackets); + const keyPacket = keyPackets[3]; + await keyPacket.decrypt('test'); const msg = new openpgp.PacketList(); await msg.read((await openpgp.unarmor(armored_msg)).data, allAllowedPackets); - return msg[0].decrypt(key).then(async () => { + return msg[0].decrypt(keyPacket).then(async () => { await msg[1].decrypt(msg[0].sessionKeyAlgorithm, msg[0].sessionKey); const text = await stringify(msg[1].packets[0].packets[0].data); diff --git a/test/general/signature.js b/test/general/signature.js index 42c15397..f5b6ca57 100644 --- a/test/general/signature.js +++ b/test/general/signature.js @@ -847,58 +847,65 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw== `; it('Testing signature checking on CAST5-enciphered message', async function() { - const priv_key = await openpgp.readKey({ armoredKey: priv_key_arm1 }); - const pub_key = await openpgp.readKey({ armoredKey: pub_key_arm1 }); - const msg = await openpgp.readMessage({ armoredMessage: msg_arm1 }); - await priv_key.decrypt("abcd"); + const publicKey = await openpgp.readKey({ armoredKey: pub_key_arm1 }); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm1 }), + passphrase: 'abcd' + }); + const message = await openpgp.readMessage({ armoredMessage: msg_arm1 }); const config = { rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]), rejectPublicKeyAlgorithms: new Set() }; - const decrypted = await openpgp.decrypt({ privateKeys: priv_key, publicKeys:[pub_key], message:msg, config }); + const decrypted = await openpgp.decrypt({ privateKeys: privateKey, publicKeys: publicKey, message, config }); expect(decrypted.data).to.exist; expect(decrypted.signatures[0].valid).to.be.true; expect(decrypted.signatures[0].signature.packets.length).to.equal(1); }); - it('Supports decrypting with GnuPG stripped-key extension', async function() { + it('Supports decrypting with GnuPG dummy key', async function() { const { rejectMessageHashAlgorithms } = openpgp.config; Object.assign(openpgp.config, { rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]) }); try { + const passphrase = 'abcd'; // exercises the GnuPG s2k type 1001 extension: // the secrets on the primary key have been stripped. - const priv_key_gnupg_ext = await openpgp.readKey({ armoredKey: priv_key_arm1_stripped }); - const priv_key_gnupg_ext_2 = await openpgp.readKey({ armoredKey: priv_key_arm1_stripped }); - const pub_key = await openpgp.readKey({ armoredKey: pub_key_arm1 }); + const dummyKey = await openpgp.readKey({ armoredKey: priv_key_arm1_stripped }); + const publicKey = await openpgp.readKey({ armoredKey: pub_key_arm1 }); const message = await openpgp.readMessage({ armoredMessage: msg_arm1 }); - const primaryKey_packet = priv_key_gnupg_ext.primaryKey.write(); - expect(priv_key_gnupg_ext.isDecrypted()).to.be.false; - await priv_key_gnupg_ext.decrypt("abcd"); - await priv_key_gnupg_ext_2.decrypt("abcd"); - expect(priv_key_gnupg_ext.isDecrypted()).to.be.true; - const msg = await openpgp.decrypt({ message, privateKeys: [priv_key_gnupg_ext], publicKeys: [pub_key], config: { rejectPublicKeyAlgorithms: new Set() } }); + const primaryKeyPacket = dummyKey.primaryKey.write(); + expect(dummyKey.isDecrypted()).to.be.false; + const decryptedDummyKey = await openpgp.decryptKey({ privateKey: dummyKey, passphrase }); + expect(decryptedDummyKey.isDecrypted()).to.be.true; + // decrypting with a secret subkey works + const msg = await openpgp.decrypt({ message, privateKeys: decryptedDummyKey, publicKeys: publicKey, config: { rejectPublicKeyAlgorithms: new Set() } }); expect(msg.signatures).to.exist; expect(msg.signatures).to.have.length(1); expect(msg.signatures[0].valid).to.be.true; expect(msg.signatures[0].signature.packets.length).to.equal(1); + // secret key operations involving the primary key should fail await expect(openpgp.sign({ - message: await openpgp.createMessage({ text: 'test' }), privateKeys: [priv_key_gnupg_ext], config: { rejectPublicKeyAlgorithms: new Set() } + message: await openpgp.createMessage({ text: 'test' }), privateKeys: decryptedDummyKey, config: { rejectPublicKeyAlgorithms: new Set() } })).to.eventually.be.rejectedWith(/Cannot sign with a gnu-dummy key/); - await expect(openpgp.reformatKey({ userIDs: { name: 'test' }, privateKey: priv_key_gnupg_ext })).to.eventually.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/); - await expect(openpgp.reformatKey({ userIDs: { name: 'test' }, privateKey: priv_key_gnupg_ext_2, passphrase: 'test' })).to.eventually.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/); - await priv_key_gnupg_ext.encrypt("abcd"); - expect(priv_key_gnupg_ext.isDecrypted()).to.be.false; - const primaryKey_packet2 = priv_key_gnupg_ext.primaryKey.write(); - expect(primaryKey_packet).to.deep.equal(primaryKey_packet2); + await expect( + openpgp.reformatKey({ userIDs: { name: 'test' }, privateKey: decryptedDummyKey }) + ).to.eventually.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/); + + const encryptedDummyKey = await openpgp.encryptKey({ privateKey: decryptedDummyKey, passphrase }); + expect(encryptedDummyKey.isDecrypted()).to.be.false; + const primaryKeyPacket2 = encryptedDummyKey.primaryKey.write(); + expect(primaryKeyPacket).to.deep.equal(primaryKeyPacket2); } finally { Object.assign(openpgp.config, { rejectMessageHashAlgorithms }); } }); - it('Supports signing with GnuPG stripped-key extension', async function() { - const priv_key_gnupg_ext = await openpgp.readKey({ armoredKey: flowcrypt_stripped_key }); - await priv_key_gnupg_ext.decrypt('FlowCrypt'); - const sig = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), privateKeys: [priv_key_gnupg_ext], date: new Date('2018-12-17T03:24:00') }); + it('Supports signing with GnuPG dummy key', async function() { + const dummyKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: flowcrypt_stripped_key }), + passphrase: 'FlowCrypt' + }); + const sig = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), privateKeys: dummyKey, date: new Date('2018-12-17T03:24:00') }); expect(sig).to.match(/-----END PGP MESSAGE-----\n$/); }); @@ -967,13 +974,16 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw== '-----END PGP MESSAGE-----'].join('\n'); const plaintext = 'short message\nnext line\n한국어/조선말'; - const esMsg = await openpgp.readMessage({ armoredMessage: msg_armor }); + const message = await openpgp.readMessage({ armoredMessage: msg_armor }); const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); - const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 }); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); - await Promise.all(esMsg.getEncryptionKeyIDs().map(keyID => privKey.decrypt('hello world', keyID))); - - return openpgp.decrypt({ privateKeys: privKey, publicKeys:[pubKey], message:esMsg, config: { minRSABits: 1024 } }).then(function(decrypted) { + return openpgp.decrypt({ + privateKeys: privKey, publicKeys: pubKey , message, config: { minRSABits: 1024 } + }).then(decrypted => { expect(decrypted.data).to.exist; expect(decrypted.data).to.equal(plaintext); expect(decrypted.signatures).to.have.length(1); @@ -1318,11 +1328,13 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures', async function() { const plaintext = 'short message\nnext line \n한국어/조선말'; const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); - const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 }); - await privKey.decrypt('hello world'); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); const config = { minRSABits: 1024 }; - return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async function(signed) { + return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => { const message = await openpgp.readCleartextMessage({ cleartextMessage: signed }); return openpgp.verify({ publicKeys:[pubKey], message, config }); @@ -1338,14 +1350,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures -- escape armored message', async function() { const plaintext = pub_key_arm2; const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); - const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 }); - await privKey.decrypt('hello world'); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); const config = { minRSABits: 1024 }; - return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async function(signed) { + return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => { const message = await openpgp.readCleartextMessage({ cleartextMessage: signed }); - return openpgp.verify({ publicKeys:[pubKey], message, config }); + return openpgp.verify({ publicKeys: pubKey, message, config }); }).then(function({ data, signatures }) { expect(data).to.equal(plaintext); @@ -1358,14 +1372,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures -- trailing spaces', async function() { const plaintext = 'space: \nspace and tab: \t\nno trailing space\n \ntab:\t\ntab and space:\t '; const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); - const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 }); - await privKey.decrypt('hello world'); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); const config = { minRSABits: 1024 }; - return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async function(signed) { + return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => { const message = await openpgp.readCleartextMessage({ cleartextMessage: signed }); - return openpgp.verify({ publicKeys:[pubKey], message, config }); + return openpgp.verify({ publicKeys: pubKey, message, config }); }).then(function({ data, signatures }) { expect(data).to.equal(plaintext.replace(/[ \t]+$/mg, '')); @@ -1378,14 +1394,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA it('Sign text with openpgp.sign and verify with openpgp.verify leads to same bytes cleartext and valid signatures - armored', async function() { const plaintext = util.stringToUint8Array('short message\nnext line \n한국어/조선말'); const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); - const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 }); - await privKey.decrypt('hello world'); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); const config = { minRSABits: 1024 }; - return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ binary: plaintext }), config }).then(async function(signed) { + return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ binary: plaintext }), config }).then(async signed => { const message = await openpgp.readMessage({ armoredMessage: signed }); - return openpgp.verify({ publicKeys:[pubKey], message, format: 'binary', config }); + return openpgp.verify({ publicKeys: pubKey, message, format: 'binary', config }); }).then(function({ data, signatures }) { expect(data).to.deep.equal(plaintext); @@ -1398,14 +1416,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA it('Sign text with openpgp.sign and verify with openpgp.verify leads to same bytes cleartext and valid signatures - not armored', async function() { const plaintext = util.stringToUint8Array('short message\nnext line \n한국어/조선말'); const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); - const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 }); - await privKey.decrypt('hello world'); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); const config = { minRSABits: 1024 }; - return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ binary: plaintext }), armor:false, config }).then(async function(signed) { + return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ binary: plaintext }), armor: false, config }).then(async signed => { const message = await openpgp.readMessage({ binaryMessage: signed }); - return openpgp.verify({ publicKeys:[pubKey], message, format: 'binary', config }); + return openpgp.verify({ publicKeys: pubKey, message, format: 'binary', config }); }).then(function({ data, signatures }) { expect(data).to.deep.equal(plaintext); @@ -1418,13 +1438,15 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA it('Should verify cleartext message correctly when using a detached cleartext signature and binary literal data', async function () { const plaintext = 'short message\nnext line \n한국어/조선말'; const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); - const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 }); - await privKey.decrypt('hello world'); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); const config = { minRSABits: 1024 }; - return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async function(armoredSignature) { + return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => { const signature = await openpgp.readSignature({ armoredSignature }); - return openpgp.verify({ publicKeys:[pubKey], message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), signature, config }); + return openpgp.verify({ publicKeys: pubKey, message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), signature, config }); }).then(function({ data, signatures }) { expect(data).to.equal(plaintext); expect(signatures).to.have.length(1); @@ -1437,13 +1459,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA const plaintext = 'short message\nnext line \n한국어/조선말'; const binaryPlaintext = util.encodeUTF8(plaintext); const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); - const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 }); - await privKey.decrypt('hello world'); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); const config = { minRSABits: 1024 }; - return openpgp.sign({ privateKeys:[privKey], message:await openpgp.createMessage({ binary: binaryPlaintext }), detached: true, config }).then(async function(armoredSignature) { + return openpgp.sign({ privateKeys: privKey, message:await openpgp.createMessage({ binary: binaryPlaintext }), detached: true, config }).then(async armoredSignature => { const signature = await openpgp.readSignature({ armoredSignature }); - return openpgp.verify({ publicKeys:[pubKey], message: await openpgp.createMessage({ text: plaintext }), signature, config }); + return openpgp.verify({ publicKeys: pubKey, message: await openpgp.createMessage({ text: plaintext }), signature, config }); + }).then(function({ data, signatures }) { expect(data).to.equal(plaintext); expect(signatures).to.have.length(1); @@ -1455,11 +1480,13 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA it('Should verify encrypted cleartext message correctly when encrypting binary literal data with a canonical text signature', async function () { const plaintext = 'short message\nnext line \n한국어/조선말'; const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); - const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 }); - await privKey.decrypt('hello world'); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); const config = { minRSABits: 1024 }; - return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async function(armoredSignature) { + return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => { const signature = await openpgp.readSignature({ armoredSignature }); return openpgp.encrypt({ message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), publicKeys: [pubKey], signature, config }); @@ -1590,15 +1617,17 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA it('Detached signature signing and verification', async function() { const message = await openpgp.createMessage({ text: 'hello' }); - const pubKey2 = await openpgp.readKey({ armoredKey: pub_key_arm2 }); - const privKey2 = await openpgp.readKey({ armoredKey: priv_key_arm2 }); - await privKey2.decrypt('hello world'); + const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 }); + const privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }), + passphrase: 'hello world' + }); const opt = { rsaBits: 2048, userIDs: { name:'test', email:'a@b.com' }, passphrase: null }; const { key: generatedKey } = await openpgp.generateKey(opt); - const armoredSignature = await openpgp.sign({ privateKeys:[generatedKey, privKey2], message, detached: true, config: { minRSABits: 1024 } }); + const armoredSignature = await openpgp.sign({ privateKeys: [generatedKey, privKey], message, detached: true, config: { minRSABits: 1024 } }); const signature = await openpgp.readSignature({ armoredSignature }); - const { data, signatures } = await openpgp.verify({ publicKeys:[generatedKey.toPublic(), pubKey2], message, signature, config: { minRSABits: 1024 } }); + const { data, signatures } = await openpgp.verify({ publicKeys: [generatedKey.toPublic(), pubKey], message, signature, config: { minRSABits: 1024 } }); expect(data).to.equal('hello'); expect(await signatures[0].verified).to.be.true; expect(await signatures[1].verified).to.be.true; diff --git a/test/general/streaming.js b/test/general/streaming.js index 2a8423d2..fa7d3bc1 100644 --- a/test/general/streaming.js +++ b/test/general/streaming.js @@ -84,8 +84,6 @@ const priv_key = [ '-----END PGP PRIVATE KEY BLOCK-----' ].join('\n'); -const passphrase = 'hello world'; - const brainpoolPub = [ '-----BEGIN PGP PUBLIC KEY BLOCK-----', '', @@ -344,9 +342,12 @@ function tests() { it('Encrypt and decrypt larger message roundtrip using curve x25519 (allowUnauthenticatedStream=true)', async function() { const allowUnauthenticatedStreamValue = openpgp.config.allowUnauthenticatedStream; openpgp.config.allowUnauthenticatedStream = true; - const priv = await openpgp.readKey({ armoredKey: xPriv }); const pub = await openpgp.readKey({ armoredKey: xPub }); - await priv.decrypt(xPass); + const priv = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: xPriv }), + passphrase: xPass + }); + try { const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ binary: data }), @@ -376,9 +377,12 @@ function tests() { it('Encrypt and decrypt larger message roundtrip using curve brainpool (allowUnauthenticatedStream=true)', async function() { const allowUnauthenticatedStreamValue = openpgp.config.allowUnauthenticatedStream; openpgp.config.allowUnauthenticatedStream = true; - const priv = await openpgp.readKey({ armoredKey: brainpoolPriv }); const pub = await openpgp.readKey({ armoredKey: brainpoolPub }); - await priv.decrypt(brainpoolPass); + const priv = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: brainpoolPriv }), + passphrase: brainpoolPass + }); + try { const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ binary: data }), @@ -698,9 +702,12 @@ function tests() { this.push(null); } }); - const priv = await openpgp.readKey({ armoredKey: brainpoolPriv }); const pub = await openpgp.readKey({ armoredKey: brainpoolPub }); - await priv.decrypt(brainpoolPass); + const priv = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: brainpoolPriv }), + passphrase: brainpoolPass + }); + const signed = await openpgp.sign({ message: await openpgp.createMessage({ binary: data }), privateKeys: priv, @@ -734,9 +741,12 @@ function tests() { this.push(null); } }); - const priv = await openpgp.readKey({ armoredKey: xPriv }); const pub = await openpgp.readKey({ armoredKey: xPub }); - await priv.decrypt(xPass); + const priv = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: xPriv }), + passphrase: xPass + }); + const signed = await openpgp.sign({ message: await openpgp.createMessage({ binary: data }), privateKeys: priv, @@ -937,8 +947,10 @@ module.exports = () => describe('Streaming', function() { before(async function() { pubKey = await openpgp.readKey({ armoredKey: pub_key }); - privKey = await openpgp.readKey({ armoredKey: priv_key }); - await privKey.decrypt(passphrase); + privKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: priv_key }), + passphrase: 'hello world' + }); }); beforeEach(function() { diff --git a/test/general/x25519.js b/test/general/x25519.js index cebc98e1..139de3e9 100644 --- a/test/general/x25519.js +++ b/test/general/x25519.js @@ -137,10 +137,12 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr if (data[name].priv_key) { return data[name].priv_key; } - const pk = await openpgp.readKey({ armoredKey: data[name].priv }); + const pk = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: data[name].priv }), + passphrase: data[name].pass + }); expect(pk).to.exist; expect(pk.getKeyID().toHex()).to.equal(data[name].id); - await pk.decrypt(data[name].pass); data[name].priv_key = pk; return pk; } diff --git a/test/worker/worker_example.js b/test/worker/worker_example.js index 7b91fe7b..f41eec6c 100644 --- a/test/worker/worker_example.js +++ b/test/worker/worker_example.js @@ -45,8 +45,10 @@ onmessage = async function({ data: { action, message }, ports: [port] }) { switch (action) { case 'encrypt': { const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored }); - const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored }); - await privateKey.decrypt('test'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }), + passphrase: 'test' + }); const data = await openpgp.encrypt({ message: await openpgp.createMessage({ text: message }), publicKeys: publicKey, @@ -57,8 +59,10 @@ onmessage = async function({ data: { action, message }, ports: [port] }) { } case 'decrypt': { const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored }); - const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored }); - await privateKey.decrypt('test'); + const privateKey = await openpgp.decryptKey({ + privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }), + passphrase: 'test' + }); const { data, signatures } = await openpgp.decrypt({ message: await openpgp.readMessage({ armoredMessage: message }), publicKeys: publicKey,