Remove Key.prototype.encrypt()
and Key.prototype.decrypt()
(#1285)
To encrypt/decrypt a key, the top-level functions `openpgp.encryptKey` and `openpgp.decryptKey` should be used instead: these don't mutate the key; instead, they either return a new encrypted/decrypted key object or throw an error. With `Key.prototype.encrypt` and `decrypt`, which mutated the key, it was possible to end up in an inconsistent state if some (sub)keys could be decrypted but others couldn't, they would both mutate the key and throw an error, which is unexpected. Note that the `keyID` parameter is not supported by `encryptKey`/`decryptKey`, since partial key decryption is not recommended. If you still need to decrypt a single subkey or primary key `k`, you can call `k.keyPacket.decrypt(...)`, followed by `k.keyPacket.validate(...)`. Similarly, for encryption, call `k.keyPacket.encrypt(...)`. Additionally, `openpgp.generateKey` now requires `options.userIDs` again, since otherwise the key is basically unusable. This was a regression from v4, since we now allow parsing keys without user IDs (but still not using them).
This commit is contained in:
parent
39aa742c7a
commit
0654bbe505
42
README.md
42
README.md
|
@ -212,8 +212,10 @@ const openpgp = require('openpgp'); // use as CommonJS, AMD, ES6 module or via w
|
||||||
|
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
||||||
|
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: 'Hello, World!' }), // input as Message object
|
message: await openpgp.createMessage({ text: 'Hello, World!' }), // input as Message object
|
||||||
|
@ -255,8 +257,10 @@ Encrypt to multiple public keys:
|
||||||
|
|
||||||
const publicKeys = await Promise.all(publicKeysArmored.map(armoredKey => openpgp.readKey({ armoredKey })));
|
const publicKeys = await Promise.all(publicKeysArmored.map(armoredKey => openpgp.readKey({ armoredKey })));
|
||||||
|
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase)
|
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const message = await openpgp.createMessage({ text: message });
|
const message = await openpgp.createMessage({ text: message });
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
|
@ -282,8 +286,10 @@ If you expect an encrypted message to be signed with one of the public keys you
|
||||||
|
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
||||||
|
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encryptedAndSignedMessage = `-----BEGIN PGP MESSAGE-----
|
const encryptedAndSignedMessage = `-----BEGIN PGP MESSAGE-----
|
||||||
...
|
...
|
||||||
|
@ -386,8 +392,10 @@ its [Reader class](https://openpgpjs.org/web-stream-tools/Reader.html).
|
||||||
|
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
||||||
|
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const readableStream = new openpgp.stream.ReadableStream({
|
const readableStream = new openpgp.stream.ReadableStream({
|
||||||
start(controller) {
|
start(controller) {
|
||||||
|
@ -490,8 +498,10 @@ Using the private key:
|
||||||
|
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
||||||
|
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const unsignedMessage = await openpgp.createCleartextMessage({ text: 'Hello, World!' });
|
const unsignedMessage = await openpgp.createCleartextMessage({ text: 'Hello, World!' });
|
||||||
const cleartextMessage = await openpgp.sign({
|
const cleartextMessage = await openpgp.sign({
|
||||||
|
@ -530,8 +540,10 @@ Using the private key:
|
||||||
|
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
||||||
|
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const cleartextMessage = await openpgp.createCleartextMessage({ text: 'Hello, World!' });
|
const cleartextMessage = await openpgp.createCleartextMessage({ text: 'Hello, World!' });
|
||||||
const detachedSignature = await openpgp.sign({
|
const detachedSignature = await openpgp.sign({
|
||||||
|
@ -577,8 +589,10 @@ Using the private key:
|
||||||
-----END PGP PRIVATE KEY BLOCK-----`; // encrypted private key
|
-----END PGP PRIVATE KEY BLOCK-----`; // encrypted private key
|
||||||
const passphrase = `yourPassphrase`; // what the private key is encrypted with
|
const passphrase = `yourPassphrase`; // what the private key is encrypted with
|
||||||
|
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const message = await openpgp.createMessage({ binary: readableStream }); // or createMessage({ text: ReadableStream<String> })
|
const message = await openpgp.createMessage({ binary: readableStream }); // or createMessage({ text: ReadableStream<String> })
|
||||||
const signatureArmored = await openpgp.sign({
|
const signatureArmored = await openpgp.sign({
|
||||||
|
|
2
openpgp.d.ts
vendored
2
openpgp.d.ts
vendored
|
@ -28,8 +28,6 @@ export class Key {
|
||||||
private keyPacket: PublicKeyPacket | SecretKeyPacket;
|
private keyPacket: PublicKeyPacket | SecretKeyPacket;
|
||||||
public write(): Uint8Array;
|
public write(): Uint8Array;
|
||||||
public armor(config?: Config): string;
|
public armor(config?: Config): string;
|
||||||
public decrypt(passphrase: string | string[], keyID?: KeyID, config?: Config): Promise<void>; // throws on error
|
|
||||||
public encrypt(passphrase: string | string[], keyID?: KeyID, config?: Config): Promise<void>; // throws on error
|
|
||||||
public getExpirationTime(capability?: 'encrypt' | 'encrypt_sign' | 'sign', keyID?: KeyID, userID?: UserID, config?: Config): Promise<Date | typeof Infinity | null>; // Returns null if `capabilities` is passed and the key does not have the specified capabilities or is revoked or invalid.
|
public getExpirationTime(capability?: 'encrypt' | 'encrypt_sign' | 'sign', keyID?: KeyID, userID?: UserID, config?: Config): Promise<Date | typeof Infinity | null>; // Returns null if `capabilities` is passed and the key does not have the specified capabilities or is revoked or invalid.
|
||||||
public getKeyIDs(): KeyID[];
|
public getKeyIDs(): KeyID[];
|
||||||
public getPrimaryUser(date?: Date, userID?: UserID, config?: Config): Promise<PrimaryUser>; // throws on error
|
public getPrimaryUser(date?: Date, userID?: UserID, config?: Config): Promise<PrimaryUser>; // throws on error
|
||||||
|
|
|
@ -159,11 +159,29 @@ class Key {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Clones the key object
|
* Clones the key object
|
||||||
* @returns {Promise<Key>} Shallow clone of the key.
|
* @param {Boolean} [deep=false] Whether to return a deep clone
|
||||||
|
* @returns {Promise<Key>} Clone of the key.
|
||||||
* @async
|
* @async
|
||||||
*/
|
*/
|
||||||
async clone() {
|
async clone(deep = false) {
|
||||||
return new Key(this.toPacketlist());
|
const key = new Key(this.toPacketlist());
|
||||||
|
if (deep) {
|
||||||
|
key.getKeys().forEach(k => {
|
||||||
|
// shallow clone the key packets
|
||||||
|
k.keyPacket = Object.create(
|
||||||
|
Object.getPrototypeOf(k.keyPacket),
|
||||||
|
Object.getOwnPropertyDescriptors(k.keyPacket)
|
||||||
|
);
|
||||||
|
if (!k.keyPacket.isDecrypted()) return;
|
||||||
|
// deep clone the private params, which are cleared during encryption
|
||||||
|
const privateParams = {};
|
||||||
|
Object.keys(k.keyPacket.privateParams).forEach(name => {
|
||||||
|
privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);
|
||||||
|
});
|
||||||
|
k.keyPacket.privateParams = privateParams;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
return key;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -413,70 +431,6 @@ class Key {
|
||||||
return keys;
|
return keys;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Encrypts all secret key and subkey packets matching keyID
|
|
||||||
* @param {String|Array<String>} passphrases - If multiple passphrases, then should be in same order as packets each should encrypt
|
|
||||||
* @param {module:type/keyid~KeyID} keyID
|
|
||||||
* @param {Object} [config] - Full configuration, defaults to openpgp.config
|
|
||||||
* @throws {Error} if encryption failed for any key or subkey
|
|
||||||
* @async
|
|
||||||
*/
|
|
||||||
async encrypt(passphrases, keyID = null, config = defaultConfig) {
|
|
||||||
if (!this.isPrivate()) {
|
|
||||||
throw new Error("Nothing to encrypt in a public key");
|
|
||||||
}
|
|
||||||
|
|
||||||
const keys = this.getKeys(keyID);
|
|
||||||
passphrases = util.isArray(passphrases) ? passphrases : new Array(keys.length).fill(passphrases);
|
|
||||||
if (passphrases.length !== keys.length) {
|
|
||||||
throw new Error("Invalid number of passphrases for key");
|
|
||||||
}
|
|
||||||
|
|
||||||
await Promise.all(keys.map(async function(key, i) {
|
|
||||||
const { keyPacket } = key;
|
|
||||||
await keyPacket.encrypt(passphrases[i], config);
|
|
||||||
keyPacket.clearPrivateParams();
|
|
||||||
}));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Decrypts all secret key and subkey packets matching keyID
|
|
||||||
* @param {String|Array<String>} passphrases
|
|
||||||
* @param {module:type/keyid~KeyID} keyID
|
|
||||||
* @param {Object} [config] - Full configuration, defaults to openpgp.config
|
|
||||||
* @throws {Error} if any matching key or subkey packets did not decrypt successfully
|
|
||||||
* @async
|
|
||||||
*/
|
|
||||||
async decrypt(passphrases, keyID = null, config = defaultConfig) {
|
|
||||||
if (!this.isPrivate()) {
|
|
||||||
throw new Error("Nothing to decrypt in a public key");
|
|
||||||
}
|
|
||||||
passphrases = util.isArray(passphrases) ? passphrases : [passphrases];
|
|
||||||
|
|
||||||
await Promise.all(this.getKeys(keyID).map(async function(key) {
|
|
||||||
let decrypted = false;
|
|
||||||
let error = null;
|
|
||||||
await Promise.all(passphrases.map(async function(passphrase) {
|
|
||||||
try {
|
|
||||||
await key.keyPacket.decrypt(passphrase);
|
|
||||||
// If we are decrypting a single key packet, we also validate it directly
|
|
||||||
if (keyID) await key.keyPacket.validate();
|
|
||||||
decrypted = true;
|
|
||||||
} catch (e) {
|
|
||||||
error = e;
|
|
||||||
}
|
|
||||||
}));
|
|
||||||
if (!decrypted) {
|
|
||||||
throw error;
|
|
||||||
}
|
|
||||||
}));
|
|
||||||
|
|
||||||
if (!keyID) {
|
|
||||||
// The full key should be decrypted and we can validate it all
|
|
||||||
await this.validate(config);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns true if the primary key or any subkey is decrypted.
|
* Returns true if the primary key or any subkey is decrypted.
|
||||||
* A dummy key is considered encrypted.
|
* A dummy key is considered encrypted.
|
||||||
|
|
|
@ -33,8 +33,8 @@ import util from './util';
|
||||||
/**
|
/**
|
||||||
* Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type.
|
* Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type.
|
||||||
* @param {Object} options
|
* @param {Object} options
|
||||||
* @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA
|
|
||||||
* @param {Object|Array<Object>} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`
|
* @param {Object|Array<Object>} options.userIDs - User IDs as objects: `{ name: 'Jo Doe', email: 'info@jo.com' }`
|
||||||
|
* @param {'ecc'|'rsa'} [options.type='ecc'] - The primary key algorithm type: ECC (default) or RSA
|
||||||
* @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key
|
* @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key
|
||||||
* @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys
|
* @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys
|
||||||
* @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys:
|
* @param {String} [options.curve='curve25519'] - Elliptic curve for ECC keys:
|
||||||
|
@ -53,10 +53,13 @@ import util from './util';
|
||||||
export function generateKey({ userIDs = [], passphrase = "", type = "ecc", rsaBits = 4096, curve = "curve25519", keyExpirationTime = 0, date = new Date(), subkeys = [{}], config }) {
|
export function generateKey({ userIDs = [], passphrase = "", type = "ecc", rsaBits = 4096, curve = "curve25519", keyExpirationTime = 0, date = new Date(), subkeys = [{}], config }) {
|
||||||
config = { ...defaultConfig, ...config };
|
config = { ...defaultConfig, ...config };
|
||||||
userIDs = toArray(userIDs);
|
userIDs = toArray(userIDs);
|
||||||
const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };
|
if (userIDs.length === 0) {
|
||||||
|
throw new Error('UserIDs are required for key generation');
|
||||||
|
}
|
||||||
if (type === "rsa" && rsaBits < config.minRSABits) {
|
if (type === "rsa" && rsaBits < config.minRSABits) {
|
||||||
throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);
|
throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${rsaBits}`);
|
||||||
}
|
}
|
||||||
|
const options = { userIDs, passphrase, type, rsaBits, curve, keyExpirationTime, date, subkeys };
|
||||||
|
|
||||||
return generate(options, config).then(async key => {
|
return generate(options, config).then(async key => {
|
||||||
const revocationCertificate = await key.getRevocationCertificate(date, config);
|
const revocationCertificate = await key.getRevocationCertificate(date, config);
|
||||||
|
@ -159,19 +162,22 @@ export function revokeKey({ key, revocationCertificate, reasonForRevocation, con
|
||||||
*/
|
*/
|
||||||
export async function decryptKey({ privateKey, passphrase, config }) {
|
export async function decryptKey({ privateKey, passphrase, config }) {
|
||||||
config = { ...defaultConfig, ...config };
|
config = { ...defaultConfig, ...config };
|
||||||
const key = await privateKey.clone();
|
if (!privateKey.isPrivate()) {
|
||||||
// shallow clone is enough since the encrypted material is not changed in place by decryption
|
throw new Error("Cannot decrypt a public key");
|
||||||
key.getKeys().forEach(k => {
|
}
|
||||||
k.keyPacket = Object.create(
|
const clonedPrivateKey = await privateKey.clone(true);
|
||||||
Object.getPrototypeOf(k.keyPacket),
|
|
||||||
Object.getOwnPropertyDescriptors(k.keyPacket)
|
|
||||||
);
|
|
||||||
});
|
|
||||||
try {
|
try {
|
||||||
await key.decrypt(passphrase, undefined, config);
|
const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];
|
||||||
return key;
|
await Promise.all(clonedPrivateKey.getKeys().map(key => (
|
||||||
|
// try to decrypt each key with any of the given passphrases
|
||||||
|
util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))
|
||||||
|
)));
|
||||||
|
|
||||||
|
await clonedPrivateKey.validate(config);
|
||||||
|
return clonedPrivateKey;
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
key.clearPrivateParams();
|
clonedPrivateKey.clearPrivateParams();
|
||||||
return onError('Error decrypting private key', err);
|
return onError('Error decrypting private key', err);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -188,26 +194,26 @@ export async function decryptKey({ privateKey, passphrase, config }) {
|
||||||
*/
|
*/
|
||||||
export async function encryptKey({ privateKey, passphrase, config }) {
|
export async function encryptKey({ privateKey, passphrase, config }) {
|
||||||
config = { ...defaultConfig, ...config };
|
config = { ...defaultConfig, ...config };
|
||||||
const key = await privateKey.clone();
|
if (!privateKey.isPrivate()) {
|
||||||
key.getKeys().forEach(k => {
|
throw new Error("Cannot encrypt a public key");
|
||||||
// shallow clone the key packets
|
}
|
||||||
k.keyPacket = Object.create(
|
const clonedPrivateKey = await privateKey.clone(true);
|
||||||
Object.getPrototypeOf(k.keyPacket),
|
|
||||||
Object.getOwnPropertyDescriptors(k.keyPacket)
|
|
||||||
);
|
|
||||||
if (!k.keyPacket.isDecrypted()) return;
|
|
||||||
// deep clone the private params, which are cleared during encryption
|
|
||||||
const privateParams = {};
|
|
||||||
Object.keys(k.keyPacket.privateParams).forEach(name => {
|
|
||||||
privateParams[name] = new Uint8Array(k.keyPacket.privateParams[name]);
|
|
||||||
});
|
|
||||||
k.keyPacket.privateParams = privateParams;
|
|
||||||
});
|
|
||||||
try {
|
try {
|
||||||
await key.encrypt(passphrase, undefined, config);
|
const keys = clonedPrivateKey.getKeys();
|
||||||
return key;
|
const passphrases = util.isArray(passphrase) ? passphrase : new Array(keys.length).fill(passphrase);
|
||||||
|
if (passphrases.length !== keys.length) {
|
||||||
|
throw new Error("Invalid number of passphrases for key");
|
||||||
|
}
|
||||||
|
|
||||||
|
await Promise.all(keys.map(async (key, i) => {
|
||||||
|
const { keyPacket } = key;
|
||||||
|
await keyPacket.encrypt(passphrases[i], config);
|
||||||
|
keyPacket.clearPrivateParams();
|
||||||
|
}));
|
||||||
|
return clonedPrivateKey;
|
||||||
} catch (err) {
|
} catch (err) {
|
||||||
key.clearPrivateParams();
|
clonedPrivateKey.clearPrivateParams();
|
||||||
return onError('Error encrypting private key', err);
|
return onError('Error encrypting private key', err);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -312,10 +312,11 @@ class SecretKeyPacket extends PublicKeyPacket {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Decrypts the private key params which are needed to use the key.
|
* Decrypts the private key params which are needed to use the key.
|
||||||
|
* Successful decryption does not imply key integrity, call validate() to confirm that.
|
||||||
* {@link SecretKeyPacket.isDecrypted} should be false, as
|
* {@link SecretKeyPacket.isDecrypted} should be false, as
|
||||||
* otherwise calls to this function will throw an error.
|
* otherwise calls to this function will throw an error.
|
||||||
* @param {String} passphrase - The passphrase for this private key as string
|
* @param {String} passphrase - The passphrase for this private key as string
|
||||||
* @throws {Error} if decryption was not successful
|
* @throws {Error} if the key is already decrypted, or if decryption was not successful
|
||||||
* @async
|
* @async
|
||||||
*/
|
*/
|
||||||
async decrypt(passphrase) {
|
async decrypt(passphrase) {
|
||||||
|
|
|
@ -182,10 +182,12 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
|
||||||
if (data[name].priv_key) {
|
if (data[name].priv_key) {
|
||||||
return data[name].priv_key;
|
return data[name].priv_key;
|
||||||
}
|
}
|
||||||
const pk = await openpgp.readKey({ armoredKey: data[name].priv });
|
const pk = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: data[name].priv }),
|
||||||
|
passphrase: data[name].pass
|
||||||
|
});
|
||||||
expect(pk).to.exist;
|
expect(pk).to.exist;
|
||||||
expect(pk.getKeyID().toHex()).to.equal(data[name].id);
|
expect(pk.getKeyID().toHex()).to.equal(data[name].id);
|
||||||
await pk.decrypt(data[name].pass);
|
|
||||||
data[name].priv_key = pk;
|
data[name].priv_key = pk;
|
||||||
return pk;
|
return pk;
|
||||||
}
|
}
|
||||||
|
|
|
@ -150,10 +150,12 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve
|
||||||
if (data[name].priv_key) {
|
if (data[name].priv_key) {
|
||||||
return data[name].priv_key;
|
return data[name].priv_key;
|
||||||
}
|
}
|
||||||
const pk = await openpgp.readKey({ armoredKey: data[name].priv });
|
const pk = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: data[name].priv }),
|
||||||
|
passphrase: data[name].pass
|
||||||
|
});
|
||||||
expect(pk).to.exist;
|
expect(pk).to.exist;
|
||||||
expect(pk.getKeyID().toHex()).to.equal(data[name].id);
|
expect(pk.getKeyID().toHex()).to.equal(data[name].id);
|
||||||
await pk.decrypt(data[name].pass);
|
|
||||||
data[name].priv_key = pk;
|
data[name].priv_key = pk;
|
||||||
return pk;
|
return pk;
|
||||||
}
|
}
|
||||||
|
|
|
@ -2340,9 +2340,8 @@ function versionSpecificTests() {
|
||||||
|
|
||||||
it('Reformat key - one signing subkey', function() {
|
it('Reformat key - one signing subkey', function() {
|
||||||
const userID = { name: 'test', email: 'a@b.com' };
|
const userID = { name: 'test', email: 'a@b.com' };
|
||||||
const opt = { userIDs: [userID], passphrase: '123', subkeys:[{}, { sign: true }] };
|
const opt = { userIDs: [userID], subkeys:[{}, { sign: true }] };
|
||||||
return openpgp.generateKey(opt).then(async function({ key }) {
|
return openpgp.generateKey(opt).then(async function({ key }) {
|
||||||
await key.decrypt('123');
|
|
||||||
return openpgp.reformatKey({ privateKey: key, userIDs: [userID] });
|
return openpgp.reformatKey({ privateKey: key, userIDs: [userID] });
|
||||||
}).then(async function({ privateKeyArmored }) {
|
}).then(async function({ privateKeyArmored }) {
|
||||||
const key = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
const key = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
||||||
|
@ -2379,20 +2378,27 @@ function versionSpecificTests() {
|
||||||
|
|
||||||
it('Encrypt key with new passphrase', async function() {
|
it('Encrypt key with new passphrase', async function() {
|
||||||
const userID = { name: 'test', email: 'a@b.com' };
|
const userID = { name: 'test', email: 'a@b.com' };
|
||||||
const opt = { userIDs: userID, passphrase: 'passphrase' };
|
const passphrase = 'passphrase';
|
||||||
const key = (await openpgp.generateKey(opt)).key;
|
const newPassphrase = 'new_passphrase';
|
||||||
const armor1 = key.armor();
|
const privateKey = (await openpgp.generateKey({ userIDs: userID, passphrase })).key;
|
||||||
const armor2 = key.armor();
|
const armor1 = privateKey.armor();
|
||||||
|
const armor2 = privateKey.armor();
|
||||||
expect(armor1).to.equal(armor2);
|
expect(armor1).to.equal(armor2);
|
||||||
await key.decrypt('passphrase');
|
|
||||||
expect(key.isDecrypted()).to.be.true;
|
const decryptedKey = await openpgp.decryptKey({ privateKey, passphrase });
|
||||||
await key.encrypt('new_passphrase');
|
expect(decryptedKey.isDecrypted()).to.be.true;
|
||||||
expect(key.isDecrypted()).to.be.false;
|
|
||||||
await expect(key.decrypt('passphrase')).to.be.rejectedWith('Incorrect key passphrase');
|
const newEncryptedKey = await openpgp.encryptKey({
|
||||||
expect(key.isDecrypted()).to.be.false;
|
privateKey: decryptedKey, passphrase: newPassphrase
|
||||||
await key.decrypt('new_passphrase');
|
});
|
||||||
expect(key.isDecrypted()).to.be.true;
|
expect(newEncryptedKey.isDecrypted()).to.be.false;
|
||||||
const armor3 = key.armor();
|
await expect(openpgp.decryptKey({
|
||||||
|
privateKey: newEncryptedKey, passphrase
|
||||||
|
})).to.be.rejectedWith('Incorrect key passphrase');
|
||||||
|
expect(newEncryptedKey.isDecrypted()).to.be.false;
|
||||||
|
const newDecryptedKey = await openpgp.decryptKey({ privateKey: newEncryptedKey, passphrase: newPassphrase });
|
||||||
|
expect(newDecryptedKey.isDecrypted()).to.be.true;
|
||||||
|
const armor3 = newDecryptedKey.armor();
|
||||||
expect(armor3).to.not.equal(armor1);
|
expect(armor3).to.not.equal(armor1);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -2419,8 +2425,10 @@ function versionSpecificTests() {
|
||||||
|
|
||||||
it('Sign and verify key - primary user', async function() {
|
it('Sign and verify key - primary user', async function() {
|
||||||
let publicKey = await openpgp.readKey({ armoredKey: pub_sig_test });
|
let publicKey = await openpgp.readKey({ armoredKey: pub_sig_test });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const { minRSABits } = openpgp.config;
|
const { minRSABits } = openpgp.config;
|
||||||
openpgp.config.minRSABits = 1024;
|
openpgp.config.minRSABits = 1024;
|
||||||
|
@ -2441,9 +2449,11 @@ function versionSpecificTests() {
|
||||||
|
|
||||||
it('Sign key and verify with wrong key - primary user', async function() {
|
it('Sign key and verify with wrong key - primary user', async function() {
|
||||||
let publicKey = await openpgp.readKey({ armoredKey: pub_sig_test });
|
let publicKey = await openpgp.readKey({ armoredKey: pub_sig_test });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
|
||||||
const wrongKey = await openpgp.readKey({ armoredKey: wrong_key });
|
const wrongKey = await openpgp.readKey({ armoredKey: wrong_key });
|
||||||
await privateKey.decrypt('hello world');
|
const privateKey = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const { minRSABits } = openpgp.config;
|
const { minRSABits } = openpgp.config;
|
||||||
openpgp.config.minRSABits = 1024;
|
openpgp.config.minRSABits = 1024;
|
||||||
|
@ -2464,8 +2474,10 @@ function versionSpecificTests() {
|
||||||
|
|
||||||
it('Sign and verify key - all users', async function() {
|
it('Sign and verify key - all users', async function() {
|
||||||
let publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
let publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const { minRSABits } = openpgp.config;
|
const { minRSABits } = openpgp.config;
|
||||||
openpgp.config.minRSABits = 1024;
|
openpgp.config.minRSABits = 1024;
|
||||||
|
@ -2494,9 +2506,11 @@ function versionSpecificTests() {
|
||||||
|
|
||||||
it('Sign key and verify with wrong key - all users', async function() {
|
it('Sign key and verify with wrong key - all users', async function() {
|
||||||
let publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
let publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKey = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
const wrongKey = await openpgp.readKey({ armoredKey: wrong_key });
|
const wrongKey = await openpgp.readKey({ armoredKey: wrong_key });
|
||||||
await privateKey.decrypt('hello world');
|
|
||||||
|
|
||||||
const { minRSABits } = openpgp.config;
|
const { minRSABits } = openpgp.config;
|
||||||
openpgp.config.minRSABits = 1024;
|
openpgp.config.minRSABits = 1024;
|
||||||
|
@ -2604,18 +2618,15 @@ function versionSpecificTests() {
|
||||||
const userID2 = { name: 'test2', email: 'b@c.com' };
|
const userID2 = { name: 'test2', email: 'b@c.com' };
|
||||||
const userID3 = { name: 'test3', email: 'c@d.com' };
|
const userID3 = { name: 'test3', email: 'c@d.com' };
|
||||||
const opt = { userIDs: userID1 };
|
const opt = { userIDs: userID1 };
|
||||||
return openpgp.generateKey(opt).then(function(key) {
|
return openpgp.generateKey(opt).then(function ({ key }) {
|
||||||
key = key.key;
|
const passphrase = '123';
|
||||||
opt.privateKey = key;
|
const reformatOpt = { privateKey: key, userIDs: [userID2, userID3], passphrase };
|
||||||
opt.userIDs = [userID2, userID3];
|
return openpgp.reformatKey(reformatOpt).then(async ({ key: refKey }) => {
|
||||||
opt.passphrase = '123';
|
expect(refKey.users.length).to.equal(2);
|
||||||
return openpgp.reformatKey(opt).then(async function(newKey) {
|
expect(refKey.users[0].userID.userID).to.equal('test2 <b@c.com>');
|
||||||
newKey = newKey.key;
|
expect(refKey.isDecrypted()).to.be.false;
|
||||||
expect(newKey.users.length).to.equal(2);
|
const decryptedKey = await openpgp.decryptKey({ privateKey: refKey, passphrase });
|
||||||
expect(newKey.users[0].userID.userID).to.equal('test2 <b@c.com>');
|
expect(decryptedKey.isDecrypted()).to.be.true;
|
||||||
expect(newKey.isDecrypted()).to.be.false;
|
|
||||||
await newKey.decrypt('123');
|
|
||||||
expect(newKey.isDecrypted()).to.be.true;
|
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
@ -2664,9 +2675,8 @@ function versionSpecificTests() {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Revoke generated key with private key', function() {
|
it('Revoke generated key with private key', function() {
|
||||||
const opt = { userIDs: { name: 'test', email: 'a@b.com' }, passphrase: '1234' };
|
const opt = { userIDs: { name: 'test', email: 'a@b.com' } };
|
||||||
return openpgp.generateKey(opt).then(async function(original) {
|
return openpgp.generateKey(opt).then(async function(original) {
|
||||||
await original.key.decrypt('1234');
|
|
||||||
return openpgp.revokeKey({ key: original.key, reasonForRevocation: { string: 'Testing key revocation' } }).then(async function(revKey) {
|
return openpgp.revokeKey({ key: original.key, reasonForRevocation: { string: 'Testing key revocation' } }).then(async function(revKey) {
|
||||||
revKey = revKey.publicKey;
|
revKey = revKey.publicKey;
|
||||||
expect(revKey.revocationSignatures[0].reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.noReason);
|
expect(revKey.revocationSignatures[0].reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.noReason);
|
||||||
|
@ -2926,15 +2936,9 @@ module.exports = () => describe('Key', function() {
|
||||||
expect(encryptExpirationTime).to.equal(Infinity);
|
expect(encryptExpirationTime).to.equal(Infinity);
|
||||||
});
|
});
|
||||||
|
|
||||||
it("decrypt() - throw if key parameters don't correspond", async function() {
|
it("decryptKey() - throw if key parameters don't correspond", async function() {
|
||||||
const key = await openpgp.readKey({ armoredKey: mismatchingKeyParams });
|
const privateKey = await openpgp.readKey({ armoredKey: mismatchingKeyParams });
|
||||||
await expect(key.decrypt('userpass')).to.be.rejectedWith('Key is invalid');
|
await expect(openpgp.decryptKey({ privateKey, passphrase: 'userpass' })).to.be.rejectedWith('Key is invalid');
|
||||||
});
|
|
||||||
|
|
||||||
it("decrypt(keyID) - throw if key parameters don't correspond", async function() {
|
|
||||||
const key = await openpgp.readKey({ armoredKey: mismatchingKeyParams });
|
|
||||||
const subKeyID = key.subKeys[0].getKeyID();
|
|
||||||
await expect(key.decrypt('userpass', subKeyID)).to.be.rejectedWith('Key is invalid');
|
|
||||||
});
|
});
|
||||||
|
|
||||||
it("validate() - don't throw if key parameters correspond", async function() {
|
it("validate() - don't throw if key parameters correspond", async function() {
|
||||||
|
@ -2966,15 +2970,15 @@ module.exports = () => describe('Key', function() {
|
||||||
const passphrase = '12345678';
|
const passphrase = '12345678';
|
||||||
const { key } = await openpgp.generateKey({ userIDs: {}, curve: 'ed25519', passphrase });
|
const { key } = await openpgp.generateKey({ userIDs: {}, curve: 'ed25519', passphrase });
|
||||||
expect(key.isDecrypted()).to.be.false;
|
expect(key.isDecrypted()).to.be.false;
|
||||||
await key.decrypt(passphrase, key.subKeys[0].getKeyID());
|
await key.subKeys[0].keyPacket.decrypt(passphrase);
|
||||||
expect(key.isDecrypted()).to.be.true;
|
expect(key.isDecrypted()).to.be.true;
|
||||||
});
|
});
|
||||||
|
|
||||||
it("isDecrypted() - gnu-dummy primary key", async function() {
|
it("isDecrypted() - gnu-dummy primary key", async function() {
|
||||||
const key = await openpgp.readKey({ armoredKey: gnuDummyKeySigningSubkey });
|
const key = await openpgp.readKey({ armoredKey: gnuDummyKeySigningSubkey });
|
||||||
expect(key.isDecrypted()).to.be.true;
|
expect(key.isDecrypted()).to.be.true;
|
||||||
await key.encrypt('12345678');
|
const encryptedKey = await openpgp.encryptKey({ privateKey: key, passphrase: '12345678' });
|
||||||
expect(key.isDecrypted()).to.be.false;
|
expect(encryptedKey.isDecrypted()).to.be.false;
|
||||||
});
|
});
|
||||||
|
|
||||||
it("isDecrypted() - all-gnu-dummy key", async function() {
|
it("isDecrypted() - all-gnu-dummy key", async function() {
|
||||||
|
@ -2994,15 +2998,17 @@ module.exports = () => describe('Key', function() {
|
||||||
const passphrase = 'passphrase';
|
const passphrase = 'passphrase';
|
||||||
key.primaryKey.makeDummy();
|
key.primaryKey.makeDummy();
|
||||||
expect(key.isDecrypted()).to.be.true;
|
expect(key.isDecrypted()).to.be.true;
|
||||||
await key.encrypt(passphrase);
|
const encryptedKey = await openpgp.encryptKey({ privateKey: key, passphrase });
|
||||||
expect(key.isDecrypted()).to.be.false;
|
expect(encryptedKey.isDecrypted()).to.be.false;
|
||||||
await key.decrypt(passphrase);
|
const decryptedKey = await openpgp.decryptKey({ privateKey: encryptedKey, passphrase });
|
||||||
expect(key.isDecrypted()).to.be.true;
|
expect(decryptedKey.isDecrypted()).to.be.true;
|
||||||
});
|
});
|
||||||
|
|
||||||
it('makeDummy() - the converted key is valid but can no longer sign', async function() {
|
it('makeDummy() - the converted key is valid but can no longer sign', async function() {
|
||||||
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const key = await openpgp.decryptKey({
|
||||||
await key.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
expect(key.primaryKey.isDummy()).to.be.false;
|
expect(key.primaryKey.isDummy()).to.be.false;
|
||||||
key.primaryKey.makeDummy();
|
key.primaryKey.makeDummy();
|
||||||
expect(key.primaryKey.isDummy()).to.be.true;
|
expect(key.primaryKey.isDummy()).to.be.true;
|
||||||
|
@ -3011,8 +3017,10 @@ module.exports = () => describe('Key', function() {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('makeDummy() - subkeys of the converted key can still sign', async function() {
|
it('makeDummy() - subkeys of the converted key can still sign', async function() {
|
||||||
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const key = await openpgp.decryptKey({
|
||||||
await key.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
expect(key.primaryKey.isDummy()).to.be.false;
|
expect(key.primaryKey.isDummy()).to.be.false;
|
||||||
key.primaryKey.makeDummy();
|
key.primaryKey.makeDummy();
|
||||||
expect(key.primaryKey.isDummy()).to.be.true;
|
expect(key.primaryKey.isDummy()).to.be.true;
|
||||||
|
@ -3020,33 +3028,39 @@ module.exports = () => describe('Key', function() {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('makeDummy() - should work for encrypted keys', async function() {
|
it('makeDummy() - should work for encrypted keys', async function() {
|
||||||
|
const passphrase = 'hello world';
|
||||||
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
||||||
expect(key.primaryKey.isDummy()).to.be.false;
|
expect(key.primaryKey.isDummy()).to.be.false;
|
||||||
expect(key.primaryKey.makeDummy()).to.not.throw;
|
expect(key.primaryKey.makeDummy()).to.not.throw;
|
||||||
expect(key.primaryKey.isDummy()).to.be.true;
|
expect(key.primaryKey.isDummy()).to.be.true;
|
||||||
// dummy primary key should always be marked as not decrypted
|
// dummy primary key should always be marked as not decrypted
|
||||||
await expect(key.decrypt('hello world')).to.be.fulfilled;
|
const decryptedKey = await openpgp.decryptKey({ privateKey: key, passphrase });
|
||||||
expect(key.primaryKey.isDummy()).to.be.true;
|
expect(decryptedKey.primaryKey.isDummy()).to.be.true;
|
||||||
expect(key.primaryKey.isEncrypted === null);
|
expect(decryptedKey.primaryKey.isEncrypted === null);
|
||||||
expect(key.primaryKey.isDecrypted()).to.be.false;
|
expect(decryptedKey.primaryKey.isDecrypted()).to.be.false;
|
||||||
await expect(key.encrypt('hello world')).to.be.fulfilled;
|
const encryptedKey = await openpgp.encryptKey({ privateKey: decryptedKey, passphrase });
|
||||||
expect(key.primaryKey.isDummy()).to.be.true;
|
expect(encryptedKey.primaryKey.isDummy()).to.be.true;
|
||||||
expect(key.primaryKey.isEncrypted === null);
|
expect(encryptedKey.primaryKey.isEncrypted === null);
|
||||||
expect(key.primaryKey.isDecrypted()).to.be.false;
|
expect(encryptedKey.primaryKey.isDecrypted()).to.be.false;
|
||||||
// confirm that the converted key can be parsed
|
// confirm that the converted keys can be parsed
|
||||||
await openpgp.readKey({ armoredKey: key.armor() });
|
await openpgp.readKey({ armoredKey: encryptedKey.armor() });
|
||||||
|
await openpgp.readKey({ armoredKey: decryptedKey.armor() });
|
||||||
});
|
});
|
||||||
|
|
||||||
it('clearPrivateParams() - check that private key can no longer be used', async function() {
|
it('clearPrivateParams() - check that private key can no longer be used', async function() {
|
||||||
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const key = await openpgp.decryptKey({
|
||||||
await key.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
await key.clearPrivateParams();
|
await key.clearPrivateParams();
|
||||||
await expect(key.validate()).to.be.rejectedWith('Key is not decrypted');
|
await expect(key.validate()).to.be.rejectedWith('Key is not decrypted');
|
||||||
});
|
});
|
||||||
|
|
||||||
it('clearPrivateParams() - detect that private key parameters were removed', async function() {
|
it('clearPrivateParams() - detect that private key parameters were removed', async function() {
|
||||||
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const key = await openpgp.decryptKey({
|
||||||
await key.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
const signingKeyPacket = key.subKeys[0].keyPacket;
|
const signingKeyPacket = key.subKeys[0].keyPacket;
|
||||||
const privateParams = signingKeyPacket.privateParams;
|
const privateParams = signingKeyPacket.privateParams;
|
||||||
await key.clearPrivateParams();
|
await key.clearPrivateParams();
|
||||||
|
@ -3058,8 +3072,10 @@ module.exports = () => describe('Key', function() {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('clearPrivateParams() - detect that private key parameters were zeroed out', async function() {
|
it('clearPrivateParams() - detect that private key parameters were zeroed out', async function() {
|
||||||
const key = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const key = await openpgp.decryptKey({
|
||||||
await key.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
const signingKeyPacket = key.subKeys[0].keyPacket;
|
const signingKeyPacket = key.subKeys[0].keyPacket;
|
||||||
const privateParams = {};
|
const privateParams = {};
|
||||||
Object.entries(signingKeyPacket.privateParams).forEach(([name, value]) => {
|
Object.entries(signingKeyPacket.privateParams).forEach(([name, value]) => {
|
||||||
|
@ -3219,8 +3235,10 @@ module.exports = () => describe('Key', function() {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('revoke() - primary key', async function() {
|
it('revoke() - primary key', async function() {
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
await privKey.revoke({
|
await privKey.revoke({
|
||||||
flag: openpgp.enums.reasonForRevocation.keyRetired,
|
flag: openpgp.enums.reasonForRevocation.keyRetired,
|
||||||
|
@ -3238,8 +3256,10 @@ module.exports = () => describe('Key', function() {
|
||||||
|
|
||||||
it('revoke() - subkey', async function() {
|
it('revoke() - subkey', async function() {
|
||||||
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const subKey = pubKey.subKeys[0];
|
const subKey = pubKey.subKeys[0];
|
||||||
await subKey.revoke(privKey.primaryKey, {
|
await subKey.revoke(privKey.primaryKey, {
|
||||||
|
@ -3391,8 +3411,6 @@ VYGdb3eNlV8CfoEC
|
||||||
|
|
||||||
it('Generate session key - latest created user', async function() {
|
it('Generate session key - latest created user', async function() {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
|
||||||
await privateKey.decrypt('hello world');
|
|
||||||
// Set second user to prefer aes128. We should select this user by default, since it was created later.
|
// Set second user to prefer aes128. We should select this user by default, since it was created later.
|
||||||
publicKey.users[1].selfCertifications[0].preferredSymmetricAlgorithms = [openpgp.enums.symmetric.aes128];
|
publicKey.users[1].selfCertifications[0].preferredSymmetricAlgorithms = [openpgp.enums.symmetric.aes128];
|
||||||
const sessionKey = await openpgp.generateSessionKey({ publicKeys: publicKey });
|
const sessionKey = await openpgp.generateSessionKey({ publicKeys: publicKey });
|
||||||
|
@ -3401,8 +3419,6 @@ VYGdb3eNlV8CfoEC
|
||||||
|
|
||||||
it('Generate session key - primary user', async function() {
|
it('Generate session key - primary user', async function() {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
|
||||||
await privateKey.decrypt('hello world');
|
|
||||||
// Set first user to primary. We should select this user by default.
|
// Set first user to primary. We should select this user by default.
|
||||||
publicKey.users[0].selfCertifications[0].isPrimaryUserID = true;
|
publicKey.users[0].selfCertifications[0].isPrimaryUserID = true;
|
||||||
// Set first user to prefer aes128.
|
// Set first user to prefer aes128.
|
||||||
|
@ -3413,8 +3429,10 @@ VYGdb3eNlV8CfoEC
|
||||||
|
|
||||||
it('Generate session key - specific user', async function() {
|
it('Generate session key - specific user', async function() {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
// Set first user to primary. We won't select this user, this is to test that.
|
// Set first user to primary. We won't select this user, this is to test that.
|
||||||
publicKey.users[0].selfCertifications[0].isPrimaryUserID = true;
|
publicKey.users[0].selfCertifications[0].isPrimaryUserID = true;
|
||||||
// Set second user to prefer aes128. We will select this user.
|
// Set second user to prefer aes128. We will select this user.
|
||||||
|
@ -3433,15 +3451,19 @@ VYGdb3eNlV8CfoEC
|
||||||
it('Fails to encrypt to User ID-less key', async function() {
|
it('Fails to encrypt to User ID-less key', async function() {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: uidlessKey });
|
const publicKey = await openpgp.readKey({ armoredKey: uidlessKey });
|
||||||
expect(publicKey.users.length).to.equal(0);
|
expect(publicKey.users.length).to.equal(0);
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: uidlessKey });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('correct horse battery staple');
|
privateKey: await openpgp.readKey({ armoredKey: uidlessKey }),
|
||||||
|
passphrase: 'correct horse battery staple'
|
||||||
|
});
|
||||||
await expect(openpgp.encrypt({ message: await openpgp.createMessage({ text: 'hello' }), publicKeys: publicKey, privateKeys: privateKey, armor: false })).to.be.rejectedWith('Could not find primary user');
|
await expect(openpgp.encrypt({ message: await openpgp.createMessage({ text: 'hello' }), publicKeys: publicKey, privateKeys: privateKey, armor: false })).to.be.rejectedWith('Could not find primary user');
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Sign - specific user', async function() {
|
it('Sign - specific user', async function() {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
const privateKeyClone = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKeyClone = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
||||||
// Duplicate user
|
// Duplicate user
|
||||||
privateKey.users.push(privateKeyClone.users[0]);
|
privateKey.users.push(privateKeyClone.users[0]);
|
||||||
|
@ -3541,13 +3563,12 @@ VYGdb3eNlV8CfoEC
|
||||||
});
|
});
|
||||||
|
|
||||||
it("Should throw when trying to encrypt a key that's already encrypted", async function() {
|
it("Should throw when trying to encrypt a key that's already encrypted", async function() {
|
||||||
await expect((async function() {
|
const passphrase = 'pass';
|
||||||
const { privateKeyArmored } = await openpgp.generateKey({ userIDs: [{ email: 'hello@user.com' }], passphrase: 'pass' });
|
const { privateKeyArmored } = await openpgp.generateKey({ userIDs: [{ email: 'hello@user.com' }], passphrase });
|
||||||
const k = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
const key = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
||||||
await k.decrypt('pass');
|
const decryptedKey = await openpgp.decryptKey({ privateKey: key, passphrase });
|
||||||
await k.encrypt('pass');
|
const encryptedKey = await openpgp.encryptKey({ privateKey: decryptedKey, passphrase });
|
||||||
await k.encrypt('pass');
|
await expect(openpgp.encryptKey({ privateKey: encryptedKey, passphrase })).to.be.eventually.rejectedWith(/Key packet is already encrypted/);
|
||||||
})()).to.be.rejectedWith('Key packet is already encrypted');
|
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('addSubkey functionality testing', function() {
|
describe('addSubkey functionality testing', function() {
|
||||||
|
@ -3563,8 +3584,10 @@ VYGdb3eNlV8CfoEC
|
||||||
});
|
});
|
||||||
|
|
||||||
it('create and add a new rsa subkey to stored rsa key', async function() {
|
it('create and add a new rsa subkey to stored rsa key', async function() {
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
const total = privateKey.subKeys.length;
|
const total = privateKey.subKeys.length;
|
||||||
let newPrivateKey = await privateKey.addSubkey(rsaOpt);
|
let newPrivateKey = await privateKey.addSubkey(rsaOpt);
|
||||||
const armoredKey = newPrivateKey.armor();
|
const armoredKey = newPrivateKey.armor();
|
||||||
|
@ -3609,22 +3632,31 @@ VYGdb3eNlV8CfoEC
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should throw when trying to encrypt a subkey separately from key', async function() {
|
it('should throw when trying to encrypt a subkey separately from key', async function() {
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
const opt = { rsaBits: rsaBits, passphrase: 'subkey passphrase' };
|
const opt = { rsaBits: rsaBits, passphrase: 'subkey passphrase' };
|
||||||
await expect(privateKey.addSubkey(opt)).to.be.rejectedWith('Subkey could not be encrypted here, please encrypt whole key');
|
await expect(privateKey.addSubkey(opt)).to.be.rejectedWith('Subkey could not be encrypted here, please encrypt whole key');
|
||||||
});
|
});
|
||||||
|
|
||||||
it('encrypt and decrypt key with added subkey', async function() {
|
it('encrypt and decrypt key with added subkey', async function() {
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
const total = privateKey.subKeys.length;
|
const total = privateKey.subKeys.length;
|
||||||
let newPrivateKey = await privateKey.addSubkey(rsaOpt);
|
|
||||||
newPrivateKey = await openpgp.readKey({ armoredKey: newPrivateKey.armor() });
|
const passphrase = '12345678';
|
||||||
await newPrivateKey.encrypt('12345678');
|
const newPrivateKey = await privateKey.addSubkey(rsaOpt);
|
||||||
const armoredKey = newPrivateKey.armor();
|
const encNewPrivateKey = await openpgp.encryptKey({ privateKey: newPrivateKey, passphrase });
|
||||||
const importedPrivateKey = await openpgp.readKey({ armoredKey: armoredKey });
|
expect(encNewPrivateKey.subKeys.length).to.be.equal(total + 1);
|
||||||
await importedPrivateKey.decrypt('12345678');
|
|
||||||
|
const armoredKey = encNewPrivateKey.armor();
|
||||||
|
const importedPrivateKey = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
const subKey = importedPrivateKey.subKeys[total];
|
const subKey = importedPrivateKey.subKeys[total];
|
||||||
expect(subKey).to.exist;
|
expect(subKey).to.exist;
|
||||||
expect(importedPrivateKey.subKeys.length).to.be.equal(total + 1);
|
expect(importedPrivateKey.subKeys.length).to.be.equal(total + 1);
|
||||||
|
@ -3632,6 +3664,7 @@ VYGdb3eNlV8CfoEC
|
||||||
});
|
});
|
||||||
|
|
||||||
it('create and add a new ec subkey to a ec key', async function() {
|
it('create and add a new ec subkey to a ec key', async function() {
|
||||||
|
const passphrase = '12345678';
|
||||||
const userID = { name: 'test', email: 'a@b.com' };
|
const userID = { name: 'test', email: 'a@b.com' };
|
||||||
const opt = { curve: 'curve25519', userIDs: [userID], subkeys:[] };
|
const opt = { curve: 'curve25519', userIDs: [userID], subkeys:[] };
|
||||||
const privateKey = (await openpgp.generateKey(opt)).key;
|
const privateKey = (await openpgp.generateKey(opt)).key;
|
||||||
|
@ -3639,20 +3672,21 @@ VYGdb3eNlV8CfoEC
|
||||||
const opt2 = { curve: 'curve25519', userIDs: [userID], sign: true };
|
const opt2 = { curve: 'curve25519', userIDs: [userID], sign: true };
|
||||||
let newPrivateKey = await privateKey.addSubkey(opt2);
|
let newPrivateKey = await privateKey.addSubkey(opt2);
|
||||||
const subKey1 = newPrivateKey.subKeys[total];
|
const subKey1 = newPrivateKey.subKeys[total];
|
||||||
await newPrivateKey.encrypt('12345678');
|
const encNewPrivateKey = await openpgp.encryptKey({ privateKey: newPrivateKey, passphrase });
|
||||||
const armoredKey = newPrivateKey.armor();
|
newPrivateKey = await openpgp.decryptKey({
|
||||||
newPrivateKey = await openpgp.readKey({ armoredKey: armoredKey });
|
privateKey: await openpgp.readKey({ armoredKey: encNewPrivateKey.armor() }),
|
||||||
await newPrivateKey.decrypt('12345678');
|
passphrase
|
||||||
const subKey = newPrivateKey.subKeys[total];
|
});
|
||||||
expect(subKey.isDecrypted()).to.be.true;
|
const subKey2 = newPrivateKey.subKeys[total];
|
||||||
expect(subKey1.getKeyID().toHex()).to.be.equal(subKey.getKeyID().toHex());
|
expect(subKey2.isDecrypted()).to.be.true;
|
||||||
expect(subKey).to.exist;
|
expect(subKey1.getKeyID().toHex()).to.be.equal(subKey2.getKeyID().toHex());
|
||||||
|
expect(subKey2).to.exist;
|
||||||
expect(newPrivateKey.subKeys.length).to.be.equal(total + 1);
|
expect(newPrivateKey.subKeys.length).to.be.equal(total + 1);
|
||||||
const subkeyOid = subKey.keyPacket.publicParams.oid;
|
const subkeyOid = subKey2.keyPacket.publicParams.oid;
|
||||||
const pkOid = privateKey.primaryKey.publicParams.oid;
|
const pkOid = privateKey.primaryKey.publicParams.oid;
|
||||||
expect(subkeyOid.getName()).to.be.equal(pkOid.getName());
|
expect(subkeyOid.getName()).to.be.equal(pkOid.getName());
|
||||||
expect(subKey.getAlgorithmInfo().algorithm).to.be.equal('eddsa');
|
expect(subKey2.getAlgorithmInfo().algorithm).to.be.equal('eddsa');
|
||||||
await subKey.verify(privateKey.primaryKey);
|
await subKey2.verify(privateKey.primaryKey);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('create and add a new ecdsa subkey to a eddsa key', async function() {
|
it('create and add a new ecdsa subkey to a eddsa key', async function() {
|
||||||
|
@ -3674,8 +3708,10 @@ VYGdb3eNlV8CfoEC
|
||||||
});
|
});
|
||||||
|
|
||||||
it('create and add a new ecc subkey to a rsa key', async function() {
|
it('create and add a new ecc subkey to a rsa key', async function() {
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
const total = privateKey.subKeys.length;
|
const total = privateKey.subKeys.length;
|
||||||
const opt2 = { type: 'ecc', curve: 'curve25519' };
|
const opt2 = { type: 'ecc', curve: 'curve25519' };
|
||||||
let newPrivateKey = await privateKey.addSubkey(opt2);
|
let newPrivateKey = await privateKey.addSubkey(opt2);
|
||||||
|
@ -3769,8 +3805,10 @@ VYGdb3eNlV8CfoEC
|
||||||
});
|
});
|
||||||
|
|
||||||
it('sign/verify data with the new subkey correctly using rsa', async function() {
|
it('sign/verify data with the new subkey correctly using rsa', async function() {
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
const total = privateKey.subKeys.length;
|
const total = privateKey.subKeys.length;
|
||||||
const opt2 = { sign: true, rsaBits: rsaBits };
|
const opt2 = { sign: true, rsaBits: rsaBits };
|
||||||
let newPrivateKey = await privateKey.addSubkey(opt2);
|
let newPrivateKey = await privateKey.addSubkey(opt2);
|
||||||
|
@ -3790,8 +3828,10 @@ VYGdb3eNlV8CfoEC
|
||||||
});
|
});
|
||||||
|
|
||||||
it('encrypt/decrypt data with the new subkey correctly using rsa', async function() {
|
it('encrypt/decrypt data with the new subkey correctly using rsa', async function() {
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
const total = privateKey.subKeys.length;
|
const total = privateKey.subKeys.length;
|
||||||
let newPrivateKey = await privateKey.addSubkey(rsaOpt);
|
let newPrivateKey = await privateKey.addSubkey(rsaOpt);
|
||||||
const armoredKey = newPrivateKey.armor();
|
const armoredKey = newPrivateKey.armor();
|
||||||
|
|
|
@ -363,7 +363,7 @@ bpOWdMhJ6Hy+JzGNY1qNXcHJPw==
|
||||||
=99Fs
|
=99Fs
|
||||||
-----END PGP MESSAGE-----`;
|
-----END PGP MESSAGE-----`;
|
||||||
|
|
||||||
const ecdh_dec_key_2 = `-----BEGIN PGP PRIVATE KEY BLOCK-----
|
const ecdh_dec_key2 = `-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||||
Version: OpenPGP.js v4.4.9
|
Version: OpenPGP.js v4.4.9
|
||||||
Comment: https://openpgpjs.org
|
Comment: https://openpgpjs.org
|
||||||
|
|
||||||
|
@ -795,6 +795,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
expect(newKey.publicKeyArmored).to.exist;
|
expect(newKey.publicKeyArmored).to.exist;
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should throw if missing userIDs', async function() {
|
||||||
|
expect(() => openpgp.generateKey({})).to.throw(/UserIDs are required/);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('generateKey - integration tests', function() {
|
describe('generateKey - integration tests', function() {
|
||||||
|
@ -831,6 +835,25 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should work with multiple passphrases', async function() {
|
||||||
|
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
||||||
|
const originalKey = await openpgp.readKey({ armoredKey: privateKey.armor() });
|
||||||
|
return openpgp.decryptKey({
|
||||||
|
privateKey: privateKey,
|
||||||
|
passphrase: ['rubbish', passphrase]
|
||||||
|
}).then(function(unlocked){
|
||||||
|
expect(unlocked.getKeyID().toHex()).to.equal(privateKey.getKeyID().toHex());
|
||||||
|
expect(unlocked.subKeys[0].getKeyID().toHex()).to.equal(privateKey.subKeys[0].getKeyID().toHex());
|
||||||
|
expect(unlocked.isDecrypted()).to.be.true;
|
||||||
|
expect(unlocked.keyPacket.privateParams).to.not.be.null;
|
||||||
|
// original key should be unchanged
|
||||||
|
expect(privateKey.isDecrypted()).to.be.false;
|
||||||
|
expect(privateKey.keyPacket.privateParams).to.be.null;
|
||||||
|
originalKey.subKeys[0].getKeyID(); // fill in keyID
|
||||||
|
expect(privateKey).to.deep.equal(originalKey);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
it('should fail for incorrect passphrase', async function() {
|
it('should fail for incorrect passphrase', async function() {
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
||||||
const originalKey = await openpgp.readKey({ armoredKey: privateKey.armor() });
|
const originalKey = await openpgp.readKey({ armoredKey: privateKey.armor() });
|
||||||
|
@ -953,8 +976,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('decrypt/verify should succeed with valid signature (expectSigned=true)', async function () {
|
it('decrypt/verify should succeed with valid signature (expectSigned=true)', async function () {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
|
@ -973,8 +998,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('decrypt/verify should throw on missing public keys (expectSigned=true)', async function () {
|
it('decrypt/verify should throw on missing public keys (expectSigned=true)', async function () {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
|
@ -990,8 +1017,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('decrypt/verify should throw on missing signature (expectSigned=true)', async function () {
|
it('decrypt/verify should throw on missing signature (expectSigned=true)', async function () {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
|
@ -1007,9 +1036,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('decrypt/verify should throw on invalid signature (expectSigned=true)', async function () {
|
it('decrypt/verify should throw on invalid signature (expectSigned=true)', async function () {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
|
||||||
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
|
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
|
||||||
await privateKey.decrypt(passphrase);
|
const privateKey = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
|
@ -1026,8 +1057,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('decrypt/verify should succeed with valid signature (expectSigned=true, with streaming)', async function () {
|
it('decrypt/verify should succeed with valid signature (expectSigned=true, with streaming)', async function () {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
|
@ -1047,8 +1080,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('decrypt/verify should throw on missing public keys (expectSigned=true, with streaming)', async function () {
|
it('decrypt/verify should throw on missing public keys (expectSigned=true, with streaming)', async function () {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
|
@ -1064,8 +1099,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('decrypt/verify should throw on missing signature (expectSigned=true, with streaming)', async function () {
|
it('decrypt/verify should throw on missing signature (expectSigned=true, with streaming)', async function () {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
|
@ -1081,9 +1118,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('decrypt/verify should throw on invalid signature (expectSigned=true, with streaming)', async function () {
|
it('decrypt/verify should throw on invalid signature (expectSigned=true, with streaming)', async function () {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
|
||||||
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
|
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
|
||||||
await privateKey.decrypt(passphrase);
|
const privateKey = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
|
@ -1133,8 +1172,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('verify should succeed with valid signature (expectSigned=true)', async function () {
|
it('verify should succeed with valid signature (expectSigned=true)', async function () {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const signed = await openpgp.sign({
|
const signed = await openpgp.sign({
|
||||||
message: await createMessage({ text }),
|
message: await createMessage({ text }),
|
||||||
|
@ -1151,8 +1192,6 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('verify should throw on missing signature (expectSigned=true)', async function () {
|
it('verify should throw on missing signature (expectSigned=true)', async function () {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
|
||||||
await privateKey.decrypt(passphrase);
|
|
||||||
|
|
||||||
await expect(openpgp.verify({
|
await expect(openpgp.verify({
|
||||||
message: await createMessage({ text }),
|
message: await createMessage({ text }),
|
||||||
|
@ -1162,9 +1201,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('verify should throw on invalid signature (expectSigned=true)', async function () {
|
it('verify should throw on invalid signature (expectSigned=true)', async function () {
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
|
||||||
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
|
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
|
||||||
await privateKey.decrypt(passphrase);
|
const privateKey = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const signed = await openpgp.sign({
|
const signed = await openpgp.sign({
|
||||||
message: await createMessage({ text }),
|
message: await createMessage({ text }),
|
||||||
|
@ -1181,8 +1222,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this
|
if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this
|
||||||
|
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const signed = await openpgp.sign({
|
const signed = await openpgp.sign({
|
||||||
message: await createMessage({ text }),
|
message: await createMessage({ text }),
|
||||||
|
@ -1202,8 +1245,6 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this
|
if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this
|
||||||
|
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
|
||||||
await privateKey.decrypt(passphrase);
|
|
||||||
|
|
||||||
await expect(openpgp.verify({
|
await expect(openpgp.verify({
|
||||||
message: await createMessage({ text: openpgp.stream.toStream(text) }),
|
message: await createMessage({ text: openpgp.stream.toStream(text) }),
|
||||||
|
@ -1215,9 +1256,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
it('verify should throw on invalid signature (expectSigned=true, with streaming)', async function () {
|
it('verify should throw on invalid signature (expectSigned=true, with streaming)', async function () {
|
||||||
if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this
|
if (useCleartext) this.skip(); // eslint-disable-line no-invalid-this
|
||||||
|
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: priv_key });
|
|
||||||
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
|
const wrongPublicKey = (await openpgp.readKey({ armoredKey: priv_key_2000_2008 })).toPublic();
|
||||||
await privateKey.decrypt(passphrase);
|
const privateKey = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const signed = await openpgp.sign({
|
const signed = await openpgp.sign({
|
||||||
message: await createMessage({ text }),
|
message: await createMessage({ text }),
|
||||||
|
@ -1304,14 +1347,17 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Decrypting key with wrong passphrase rejected', async function () {
|
it('Decrypting key with wrong passphrase should be rejected', async function () {
|
||||||
await expect(privateKey.decrypt('wrong passphrase')).to.eventually.be.rejectedWith('Incorrect key passphrase');
|
await expect(openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase: 'wrong passphrase'
|
||||||
|
})).to.eventually.be.rejectedWith('Incorrect key passphrase');
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Can decrypt key with correct passphrase', async function () {
|
it('Can decrypt key with correct passphrase', async function () {
|
||||||
expect(privateKey.isDecrypted()).to.be.false;
|
expect(privateKey.isDecrypted()).to.be.false;
|
||||||
await privateKey.decrypt(passphrase);
|
const decryptedKey = await openpgp.decryptKey({ privateKey, passphrase });
|
||||||
expect(privateKey.isDecrypted()).to.be.true;
|
expect(decryptedKey.isDecrypted()).to.be.true;
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Calling decrypt with not decrypted key leads to exception', async function() {
|
it('Calling decrypt with not decrypted key leads to exception', async function() {
|
||||||
|
@ -1378,11 +1424,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
describe('encryptSessionKey, decryptSessionKeys', function() {
|
describe('encryptSessionKey, decryptSessionKeys', function() {
|
||||||
const sk = new Uint8Array([0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01]);
|
const sk = new Uint8Array([0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01]);
|
||||||
|
|
||||||
let decryptedPrivateKey;
|
let decryptedPrivateKey; // to avoid decrypting key before each test
|
||||||
beforeEach(async function() {
|
beforeEach(async function() {
|
||||||
if (!decryptedPrivateKey) {
|
if (!decryptedPrivateKey) {
|
||||||
await privateKey.decrypt(passphrase);
|
decryptedPrivateKey = await openpgp.decryptKey({ privateKey, passphrase });
|
||||||
decryptedPrivateKey = privateKey;
|
|
||||||
}
|
}
|
||||||
privateKey = decryptedPrivateKey;
|
privateKey = decryptedPrivateKey;
|
||||||
});
|
});
|
||||||
|
@ -1538,11 +1583,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
'=6XMW\r\n' +
|
'=6XMW\r\n' +
|
||||||
'-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n';
|
'-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n';
|
||||||
|
|
||||||
let decryptedPrivateKey;
|
let decryptedPrivateKey; // to avoid decrypting key before each test
|
||||||
beforeEach(async function() {
|
beforeEach(async function() {
|
||||||
if (!decryptedPrivateKey) {
|
if (!decryptedPrivateKey) {
|
||||||
await privateKey.decrypt(passphrase);
|
decryptedPrivateKey = await openpgp.decryptKey({ privateKey, passphrase });
|
||||||
decryptedPrivateKey = privateKey;
|
|
||||||
}
|
}
|
||||||
privateKey = decryptedPrivateKey;
|
privateKey = decryptedPrivateKey;
|
||||||
});
|
});
|
||||||
|
@ -1567,8 +1611,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should encrypt then decrypt with multiple private keys', async function () {
|
it('should encrypt then decrypt with multiple private keys', async function () {
|
||||||
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
|
const privKeyDE = await openpgp.decryptKey({
|
||||||
await privKeyDE.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encOpt = {
|
const encOpt = {
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
|
@ -1609,8 +1655,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should encrypt then decrypt with wildcard with multiple private keys', async function () {
|
it('should encrypt then decrypt with wildcard with multiple private keys', async function () {
|
||||||
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
|
const privKeyDE = await openpgp.decryptKey({
|
||||||
await privKeyDE.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const encOpt = {
|
const encOpt = {
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
|
@ -1880,8 +1928,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
const plaintext = " \t┍ͤ၂༫◧˘˻ᙑ⏴ំந⛑nٓኵΉⅶ⋋ŵ⋲ͽᣏ₅ᄶɼ┋⌔û᬴Ƚᔡᧅ≃ṱἆ݂૿ӌٹჵ⛇⛌ \t\n한국어/조선말";
|
const plaintext = " \t┍ͤ၂༫◧˘˻ᙑ⏴ំந⛑nٓኵΉⅶ⋋ŵ⋲ͽᣏ₅ᄶɼ┋⌔û᬴Ƚᔡᧅ≃ṱἆ݂૿ӌٹჵ⛇⛌ \t\n한국어/조선말";
|
||||||
|
|
||||||
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
|
const privKeyDE = await openpgp.decryptKey({
|
||||||
await privKeyDE.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
|
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
|
||||||
|
|
||||||
|
@ -2055,8 +2105,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
try {
|
try {
|
||||||
openpgp.config.rejectPublicKeyAlgorithms = new Set();
|
openpgp.config.rejectPublicKeyAlgorithms = new Set();
|
||||||
|
|
||||||
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
|
const privKeyDE = await openpgp.decryptKey({
|
||||||
await privKeyDE.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
|
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
|
||||||
|
|
||||||
|
@ -2163,8 +2215,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
openpgp.config.rejectPublicKeyAlgorithms = new Set();
|
openpgp.config.rejectPublicKeyAlgorithms = new Set();
|
||||||
|
|
||||||
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
|
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
|
||||||
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
|
const privKeyDE = await openpgp.decryptKey({
|
||||||
await privKeyDE.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
pubKeyDE.users[0].selfCertifications[0].features = [7]; // Monkey-patch AEAD feature flag
|
pubKeyDE.users[0].selfCertifications[0].features = [7]; // Monkey-patch AEAD feature flag
|
||||||
await openpgp.encrypt({
|
await openpgp.encrypt({
|
||||||
publicKeys: pubKeyDE,
|
publicKeys: pubKeyDE,
|
||||||
|
@ -2245,8 +2299,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
].join('\n');
|
].join('\n');
|
||||||
|
|
||||||
it('Decrypt message', async function() {
|
it('Decrypt message', async function() {
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt('1234');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase: '1234'
|
||||||
|
});
|
||||||
const message = await openpgp.readMessage({ armoredMessage: pgp_msg });
|
const message = await openpgp.readMessage({ armoredMessage: pgp_msg });
|
||||||
|
|
||||||
return openpgp.decrypt({ privateKeys:privKey, message:message }).then(function(decrypted) {
|
return openpgp.decrypt({ privateKeys:privKey, message:message }).then(function(decrypted) {
|
||||||
|
@ -2399,11 +2455,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
'=6XMW\r\n' +
|
'=6XMW\r\n' +
|
||||||
'-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n';
|
'-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n';
|
||||||
|
|
||||||
let decryptedPrivateKey;
|
let decryptedPrivateKey; // to avoid decrypting key before each test
|
||||||
beforeEach(async function() {
|
beforeEach(async function() {
|
||||||
if (!decryptedPrivateKey) {
|
if (!decryptedPrivateKey) {
|
||||||
await privateKey.decrypt(passphrase);
|
decryptedPrivateKey = await openpgp.decryptKey({ privateKey, passphrase });
|
||||||
decryptedPrivateKey = privateKey;
|
|
||||||
}
|
}
|
||||||
privateKey = decryptedPrivateKey;
|
privateKey = decryptedPrivateKey;
|
||||||
});
|
});
|
||||||
|
@ -2435,8 +2490,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
try {
|
try {
|
||||||
openpgp.config.rejectPublicKeyAlgorithms = new Set();
|
openpgp.config.rejectPublicKeyAlgorithms = new Set();
|
||||||
|
|
||||||
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
|
const privKeyDE = await openpgp.decryptKey({
|
||||||
await privKeyDE.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
|
|
||||||
const message = await openpgp.createCleartextMessage({ text: plaintext });
|
const message = await openpgp.createCleartextMessage({ text: plaintext });
|
||||||
const signOpt = {
|
const signOpt = {
|
||||||
|
@ -2868,8 +2925,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('should fail to encrypt with revoked subkey', async function() {
|
it('should fail to encrypt with revoked subkey', async function() {
|
||||||
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
|
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
|
||||||
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
|
const privKeyDE = await openpgp.decryptKey({
|
||||||
await privKeyDE.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
return privKeyDE.subKeys[0].revoke(privKeyDE.primaryKey).then(async function(revSubKey) {
|
return privKeyDE.subKeys[0].revoke(privKeyDE.primaryKey).then(async function(revSubKey) {
|
||||||
pubKeyDE.subKeys[0] = revSubKey;
|
pubKeyDE.subKeys[0] = revSubKey;
|
||||||
return openpgp.encrypt({
|
return openpgp.encrypt({
|
||||||
|
@ -2886,8 +2945,10 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
|
|
||||||
it('should decrypt with revoked subkey', async function() {
|
it('should decrypt with revoked subkey', async function() {
|
||||||
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
|
const pubKeyDE = await openpgp.readKey({ armoredKey: pub_key_de });
|
||||||
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
|
const privKeyDE = await openpgp.decryptKey({
|
||||||
await privKeyDE.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_de }),
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
publicKeys: pubKeyDE,
|
publicKeys: pubKeyDE,
|
||||||
|
@ -2908,8 +2969,11 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
|
const privKeyDE = await openpgp.readKey({ armoredKey: priv_key_de });
|
||||||
// corrupt the public key params
|
// corrupt the public key params
|
||||||
privKeyDE.subKeys[0].keyPacket.publicParams.p[0]++;
|
privKeyDE.subKeys[0].keyPacket.publicParams.p[0]++;
|
||||||
// validation will not check the decryption subkey and will succeed
|
// validation will check the primary key -- not the decryption subkey -- and will succeed (for now)
|
||||||
await privKeyDE.decrypt(passphrase);
|
const decryptedKeyDE = await openpgp.decryptKey({
|
||||||
|
privateKey: privKeyDE,
|
||||||
|
passphrase
|
||||||
|
});
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: plaintext }),
|
message: await openpgp.createMessage({ text: plaintext }),
|
||||||
publicKeys: pubKeyDE,
|
publicKeys: pubKeyDE,
|
||||||
|
@ -2917,7 +2981,7 @@ module.exports = () => describe('OpenPGP.js public api tests', function() {
|
||||||
});
|
});
|
||||||
const decOpt = {
|
const decOpt = {
|
||||||
message: await openpgp.readMessage({ armoredMessage: encrypted }),
|
message: await openpgp.readMessage({ armoredMessage: encrypted }),
|
||||||
privateKeys: privKeyDE
|
privateKeys: decryptedKeyDE
|
||||||
};
|
};
|
||||||
// binding signature is invalid
|
// binding signature is invalid
|
||||||
await expect(openpgp.decrypt(decOpt)).to.be.rejectedWith(/Session key decryption failed/);
|
await expect(openpgp.decrypt(decOpt)).to.be.rejectedWith(/Session key decryption failed/);
|
||||||
|
@ -2989,18 +3053,22 @@ J9I8AcH94nE77JUtCm7s1kOlo0EIshZsAqJwGveDGdAuabfViVwVxG4I24M6
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should decrypt broken ECC message from old OpenPGP.js', async function() {
|
it('should decrypt broken ECC message from old OpenPGP.js', async function() {
|
||||||
const key = await openpgp.readKey({ armoredKey: ecdh_dec_key });
|
const key = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: ecdh_dec_key }),
|
||||||
|
passphrase: '12345'
|
||||||
|
});
|
||||||
const message = await openpgp.readMessage({ armoredMessage: ecdh_msg_bad });
|
const message = await openpgp.readMessage({ armoredMessage: ecdh_msg_bad });
|
||||||
await key.decrypt('12345');
|
const decrypted = await openpgp.decrypt({ message, privateKeys: key });
|
||||||
const decrypted = await openpgp.decrypt({ message, privateKeys: [key] });
|
|
||||||
expect(decrypted.data).to.equal('\n');
|
expect(decrypted.data).to.equal('\n');
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should decrypt broken ECC message from old go crypto', async function() {
|
it('should decrypt broken ECC message from old go crypto', async function() {
|
||||||
const key = await openpgp.readKey({ armoredKey: ecdh_dec_key_2 });
|
const key = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: ecdh_dec_key2 }),
|
||||||
|
passphrase: '12345'
|
||||||
|
});
|
||||||
const message = await openpgp.readMessage({ armoredMessage: ecdh_msg_bad_2 });
|
const message = await openpgp.readMessage({ armoredMessage: ecdh_msg_bad_2 });
|
||||||
await key.decrypt('12345');
|
const decrypted = await openpgp.decrypt({ message, privateKeys: key });
|
||||||
const decrypted = await openpgp.decrypt({ message, privateKeys: [key] });
|
|
||||||
expect(decrypted.data).to.equal('Tesssst<br><br><br>Sent from ProtonMail mobile<br><br><br>');
|
expect(decrypted.data).to.equal('Tesssst<br><br><br>Sent from ProtonMail mobile<br><br><br>');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -684,15 +684,15 @@ module.exports = () => describe("Packet", function() {
|
||||||
'=pR+C\n' +
|
'=pR+C\n' +
|
||||||
'-----END PGP MESSAGE-----';
|
'-----END PGP MESSAGE-----';
|
||||||
|
|
||||||
let key = new openpgp.PacketList();
|
const keyPackets = new openpgp.PacketList();
|
||||||
await key.read((await openpgp.unarmor(armored_key)).data, allAllowedPackets);
|
await keyPackets.read((await openpgp.unarmor(armored_key)).data, allAllowedPackets);
|
||||||
key = key[3];
|
const keyPacket = keyPackets[3];
|
||||||
await key.decrypt('test');
|
await keyPacket.decrypt('test');
|
||||||
|
|
||||||
const msg = new openpgp.PacketList();
|
const msg = new openpgp.PacketList();
|
||||||
await msg.read((await openpgp.unarmor(armored_msg)).data, allAllowedPackets);
|
await msg.read((await openpgp.unarmor(armored_msg)).data, allAllowedPackets);
|
||||||
|
|
||||||
return msg[0].decrypt(key).then(async () => {
|
return msg[0].decrypt(keyPacket).then(async () => {
|
||||||
await msg[1].decrypt(msg[0].sessionKeyAlgorithm, msg[0].sessionKey);
|
await msg[1].decrypt(msg[0].sessionKeyAlgorithm, msg[0].sessionKey);
|
||||||
|
|
||||||
const text = await stringify(msg[1].packets[0].packets[0].data);
|
const text = await stringify(msg[1].packets[0].packets[0].data);
|
||||||
|
|
|
@ -847,58 +847,65 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
|
||||||
`;
|
`;
|
||||||
|
|
||||||
it('Testing signature checking on CAST5-enciphered message', async function() {
|
it('Testing signature checking on CAST5-enciphered message', async function() {
|
||||||
const priv_key = await openpgp.readKey({ armoredKey: priv_key_arm1 });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key_arm1 });
|
||||||
const pub_key = await openpgp.readKey({ armoredKey: pub_key_arm1 });
|
const privateKey = await openpgp.decryptKey({
|
||||||
const msg = await openpgp.readMessage({ armoredMessage: msg_arm1 });
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm1 }),
|
||||||
await priv_key.decrypt("abcd");
|
passphrase: 'abcd'
|
||||||
|
});
|
||||||
|
const message = await openpgp.readMessage({ armoredMessage: msg_arm1 });
|
||||||
const config = {
|
const config = {
|
||||||
rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]),
|
rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]),
|
||||||
rejectPublicKeyAlgorithms: new Set()
|
rejectPublicKeyAlgorithms: new Set()
|
||||||
};
|
};
|
||||||
const decrypted = await openpgp.decrypt({ privateKeys: priv_key, publicKeys:[pub_key], message:msg, config });
|
const decrypted = await openpgp.decrypt({ privateKeys: privateKey, publicKeys: publicKey, message, config });
|
||||||
expect(decrypted.data).to.exist;
|
expect(decrypted.data).to.exist;
|
||||||
expect(decrypted.signatures[0].valid).to.be.true;
|
expect(decrypted.signatures[0].valid).to.be.true;
|
||||||
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
|
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Supports decrypting with GnuPG stripped-key extension', async function() {
|
it('Supports decrypting with GnuPG dummy key', async function() {
|
||||||
const { rejectMessageHashAlgorithms } = openpgp.config;
|
const { rejectMessageHashAlgorithms } = openpgp.config;
|
||||||
Object.assign(openpgp.config, { rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]) });
|
Object.assign(openpgp.config, { rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]) });
|
||||||
try {
|
try {
|
||||||
|
const passphrase = 'abcd';
|
||||||
// exercises the GnuPG s2k type 1001 extension:
|
// exercises the GnuPG s2k type 1001 extension:
|
||||||
// the secrets on the primary key have been stripped.
|
// the secrets on the primary key have been stripped.
|
||||||
const priv_key_gnupg_ext = await openpgp.readKey({ armoredKey: priv_key_arm1_stripped });
|
const dummyKey = await openpgp.readKey({ armoredKey: priv_key_arm1_stripped });
|
||||||
const priv_key_gnupg_ext_2 = await openpgp.readKey({ armoredKey: priv_key_arm1_stripped });
|
const publicKey = await openpgp.readKey({ armoredKey: pub_key_arm1 });
|
||||||
const pub_key = await openpgp.readKey({ armoredKey: pub_key_arm1 });
|
|
||||||
const message = await openpgp.readMessage({ armoredMessage: msg_arm1 });
|
const message = await openpgp.readMessage({ armoredMessage: msg_arm1 });
|
||||||
const primaryKey_packet = priv_key_gnupg_ext.primaryKey.write();
|
const primaryKeyPacket = dummyKey.primaryKey.write();
|
||||||
expect(priv_key_gnupg_ext.isDecrypted()).to.be.false;
|
expect(dummyKey.isDecrypted()).to.be.false;
|
||||||
await priv_key_gnupg_ext.decrypt("abcd");
|
const decryptedDummyKey = await openpgp.decryptKey({ privateKey: dummyKey, passphrase });
|
||||||
await priv_key_gnupg_ext_2.decrypt("abcd");
|
expect(decryptedDummyKey.isDecrypted()).to.be.true;
|
||||||
expect(priv_key_gnupg_ext.isDecrypted()).to.be.true;
|
// decrypting with a secret subkey works
|
||||||
const msg = await openpgp.decrypt({ message, privateKeys: [priv_key_gnupg_ext], publicKeys: [pub_key], config: { rejectPublicKeyAlgorithms: new Set() } });
|
const msg = await openpgp.decrypt({ message, privateKeys: decryptedDummyKey, publicKeys: publicKey, config: { rejectPublicKeyAlgorithms: new Set() } });
|
||||||
expect(msg.signatures).to.exist;
|
expect(msg.signatures).to.exist;
|
||||||
expect(msg.signatures).to.have.length(1);
|
expect(msg.signatures).to.have.length(1);
|
||||||
expect(msg.signatures[0].valid).to.be.true;
|
expect(msg.signatures[0].valid).to.be.true;
|
||||||
expect(msg.signatures[0].signature.packets.length).to.equal(1);
|
expect(msg.signatures[0].signature.packets.length).to.equal(1);
|
||||||
|
// secret key operations involving the primary key should fail
|
||||||
await expect(openpgp.sign({
|
await expect(openpgp.sign({
|
||||||
message: await openpgp.createMessage({ text: 'test' }), privateKeys: [priv_key_gnupg_ext], config: { rejectPublicKeyAlgorithms: new Set() }
|
message: await openpgp.createMessage({ text: 'test' }), privateKeys: decryptedDummyKey, config: { rejectPublicKeyAlgorithms: new Set() }
|
||||||
})).to.eventually.be.rejectedWith(/Cannot sign with a gnu-dummy key/);
|
})).to.eventually.be.rejectedWith(/Cannot sign with a gnu-dummy key/);
|
||||||
await expect(openpgp.reformatKey({ userIDs: { name: 'test' }, privateKey: priv_key_gnupg_ext })).to.eventually.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/);
|
await expect(
|
||||||
await expect(openpgp.reformatKey({ userIDs: { name: 'test' }, privateKey: priv_key_gnupg_ext_2, passphrase: 'test' })).to.eventually.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/);
|
openpgp.reformatKey({ userIDs: { name: 'test' }, privateKey: decryptedDummyKey })
|
||||||
await priv_key_gnupg_ext.encrypt("abcd");
|
).to.eventually.be.rejectedWith(/Cannot reformat a gnu-dummy primary key/);
|
||||||
expect(priv_key_gnupg_ext.isDecrypted()).to.be.false;
|
|
||||||
const primaryKey_packet2 = priv_key_gnupg_ext.primaryKey.write();
|
const encryptedDummyKey = await openpgp.encryptKey({ privateKey: decryptedDummyKey, passphrase });
|
||||||
expect(primaryKey_packet).to.deep.equal(primaryKey_packet2);
|
expect(encryptedDummyKey.isDecrypted()).to.be.false;
|
||||||
|
const primaryKeyPacket2 = encryptedDummyKey.primaryKey.write();
|
||||||
|
expect(primaryKeyPacket).to.deep.equal(primaryKeyPacket2);
|
||||||
} finally {
|
} finally {
|
||||||
Object.assign(openpgp.config, { rejectMessageHashAlgorithms });
|
Object.assign(openpgp.config, { rejectMessageHashAlgorithms });
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
it('Supports signing with GnuPG stripped-key extension', async function() {
|
it('Supports signing with GnuPG dummy key', async function() {
|
||||||
const priv_key_gnupg_ext = await openpgp.readKey({ armoredKey: flowcrypt_stripped_key });
|
const dummyKey = await openpgp.decryptKey({
|
||||||
await priv_key_gnupg_ext.decrypt('FlowCrypt');
|
privateKey: await openpgp.readKey({ armoredKey: flowcrypt_stripped_key }),
|
||||||
const sig = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), privateKeys: [priv_key_gnupg_ext], date: new Date('2018-12-17T03:24:00') });
|
passphrase: 'FlowCrypt'
|
||||||
|
});
|
||||||
|
const sig = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), privateKeys: dummyKey, date: new Date('2018-12-17T03:24:00') });
|
||||||
expect(sig).to.match(/-----END PGP MESSAGE-----\n$/);
|
expect(sig).to.match(/-----END PGP MESSAGE-----\n$/);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -967,13 +974,16 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
|
||||||
'-----END PGP MESSAGE-----'].join('\n');
|
'-----END PGP MESSAGE-----'].join('\n');
|
||||||
|
|
||||||
const plaintext = 'short message\nnext line\n한국어/조선말';
|
const plaintext = 'short message\nnext line\n한국어/조선말';
|
||||||
const esMsg = await openpgp.readMessage({ armoredMessage: msg_armor });
|
const message = await openpgp.readMessage({ armoredMessage: msg_armor });
|
||||||
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
await Promise.all(esMsg.getEncryptionKeyIDs().map(keyID => privKey.decrypt('hello world', keyID)));
|
return openpgp.decrypt({
|
||||||
|
privateKeys: privKey, publicKeys: pubKey , message, config: { minRSABits: 1024 }
|
||||||
return openpgp.decrypt({ privateKeys: privKey, publicKeys:[pubKey], message:esMsg, config: { minRSABits: 1024 } }).then(function(decrypted) {
|
}).then(decrypted => {
|
||||||
expect(decrypted.data).to.exist;
|
expect(decrypted.data).to.exist;
|
||||||
expect(decrypted.data).to.equal(plaintext);
|
expect(decrypted.data).to.equal(plaintext);
|
||||||
expect(decrypted.signatures).to.have.length(1);
|
expect(decrypted.signatures).to.have.length(1);
|
||||||
|
@ -1318,11 +1328,13 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
|
||||||
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures', async function() {
|
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures', async function() {
|
||||||
const plaintext = 'short message\nnext line \n한국어/조선말';
|
const plaintext = 'short message\nnext line \n한국어/조선말';
|
||||||
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const config = { minRSABits: 1024 };
|
const config = { minRSABits: 1024 };
|
||||||
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async function(signed) {
|
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
|
||||||
|
|
||||||
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
|
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
|
||||||
return openpgp.verify({ publicKeys:[pubKey], message, config });
|
return openpgp.verify({ publicKeys:[pubKey], message, config });
|
||||||
|
@ -1338,14 +1350,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
|
||||||
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures -- escape armored message', async function() {
|
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures -- escape armored message', async function() {
|
||||||
const plaintext = pub_key_arm2;
|
const plaintext = pub_key_arm2;
|
||||||
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const config = { minRSABits: 1024 };
|
const config = { minRSABits: 1024 };
|
||||||
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async function(signed) {
|
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
|
||||||
|
|
||||||
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
|
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
|
||||||
return openpgp.verify({ publicKeys:[pubKey], message, config });
|
return openpgp.verify({ publicKeys: pubKey, message, config });
|
||||||
|
|
||||||
}).then(function({ data, signatures }) {
|
}).then(function({ data, signatures }) {
|
||||||
expect(data).to.equal(plaintext);
|
expect(data).to.equal(plaintext);
|
||||||
|
@ -1358,14 +1372,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
|
||||||
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures -- trailing spaces', async function() {
|
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same string cleartext and valid signatures -- trailing spaces', async function() {
|
||||||
const plaintext = 'space: \nspace and tab: \t\nno trailing space\n \ntab:\t\ntab and space:\t ';
|
const plaintext = 'space: \nspace and tab: \t\nno trailing space\n \ntab:\t\ntab and space:\t ';
|
||||||
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const config = { minRSABits: 1024 };
|
const config = { minRSABits: 1024 };
|
||||||
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async function(signed) {
|
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
|
||||||
|
|
||||||
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
|
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
|
||||||
return openpgp.verify({ publicKeys:[pubKey], message, config });
|
return openpgp.verify({ publicKeys: pubKey, message, config });
|
||||||
|
|
||||||
}).then(function({ data, signatures }) {
|
}).then(function({ data, signatures }) {
|
||||||
expect(data).to.equal(plaintext.replace(/[ \t]+$/mg, ''));
|
expect(data).to.equal(plaintext.replace(/[ \t]+$/mg, ''));
|
||||||
|
@ -1378,14 +1394,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
|
||||||
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same bytes cleartext and valid signatures - armored', async function() {
|
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same bytes cleartext and valid signatures - armored', async function() {
|
||||||
const plaintext = util.stringToUint8Array('short message\nnext line \n한국어/조선말');
|
const plaintext = util.stringToUint8Array('short message\nnext line \n한국어/조선말');
|
||||||
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const config = { minRSABits: 1024 };
|
const config = { minRSABits: 1024 };
|
||||||
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ binary: plaintext }), config }).then(async function(signed) {
|
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ binary: plaintext }), config }).then(async signed => {
|
||||||
|
|
||||||
const message = await openpgp.readMessage({ armoredMessage: signed });
|
const message = await openpgp.readMessage({ armoredMessage: signed });
|
||||||
return openpgp.verify({ publicKeys:[pubKey], message, format: 'binary', config });
|
return openpgp.verify({ publicKeys: pubKey, message, format: 'binary', config });
|
||||||
|
|
||||||
}).then(function({ data, signatures }) {
|
}).then(function({ data, signatures }) {
|
||||||
expect(data).to.deep.equal(plaintext);
|
expect(data).to.deep.equal(plaintext);
|
||||||
|
@ -1398,14 +1416,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
|
||||||
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same bytes cleartext and valid signatures - not armored', async function() {
|
it('Sign text with openpgp.sign and verify with openpgp.verify leads to same bytes cleartext and valid signatures - not armored', async function() {
|
||||||
const plaintext = util.stringToUint8Array('short message\nnext line \n한국어/조선말');
|
const plaintext = util.stringToUint8Array('short message\nnext line \n한국어/조선말');
|
||||||
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const config = { minRSABits: 1024 };
|
const config = { minRSABits: 1024 };
|
||||||
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ binary: plaintext }), armor:false, config }).then(async function(signed) {
|
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ binary: plaintext }), armor: false, config }).then(async signed => {
|
||||||
|
|
||||||
const message = await openpgp.readMessage({ binaryMessage: signed });
|
const message = await openpgp.readMessage({ binaryMessage: signed });
|
||||||
return openpgp.verify({ publicKeys:[pubKey], message, format: 'binary', config });
|
return openpgp.verify({ publicKeys: pubKey, message, format: 'binary', config });
|
||||||
|
|
||||||
}).then(function({ data, signatures }) {
|
}).then(function({ data, signatures }) {
|
||||||
expect(data).to.deep.equal(plaintext);
|
expect(data).to.deep.equal(plaintext);
|
||||||
|
@ -1418,13 +1438,15 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
|
||||||
it('Should verify cleartext message correctly when using a detached cleartext signature and binary literal data', async function () {
|
it('Should verify cleartext message correctly when using a detached cleartext signature and binary literal data', async function () {
|
||||||
const plaintext = 'short message\nnext line \n한국어/조선말';
|
const plaintext = 'short message\nnext line \n한국어/조선말';
|
||||||
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const config = { minRSABits: 1024 };
|
const config = { minRSABits: 1024 };
|
||||||
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async function(armoredSignature) {
|
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => {
|
||||||
const signature = await openpgp.readSignature({ armoredSignature });
|
const signature = await openpgp.readSignature({ armoredSignature });
|
||||||
return openpgp.verify({ publicKeys:[pubKey], message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), signature, config });
|
return openpgp.verify({ publicKeys: pubKey, message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), signature, config });
|
||||||
}).then(function({ data, signatures }) {
|
}).then(function({ data, signatures }) {
|
||||||
expect(data).to.equal(plaintext);
|
expect(data).to.equal(plaintext);
|
||||||
expect(signatures).to.have.length(1);
|
expect(signatures).to.have.length(1);
|
||||||
|
@ -1437,13 +1459,16 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
|
||||||
const plaintext = 'short message\nnext line \n한국어/조선말';
|
const plaintext = 'short message\nnext line \n한국어/조선말';
|
||||||
const binaryPlaintext = util.encodeUTF8(plaintext);
|
const binaryPlaintext = util.encodeUTF8(plaintext);
|
||||||
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const config = { minRSABits: 1024 };
|
const config = { minRSABits: 1024 };
|
||||||
return openpgp.sign({ privateKeys:[privKey], message:await openpgp.createMessage({ binary: binaryPlaintext }), detached: true, config }).then(async function(armoredSignature) {
|
return openpgp.sign({ privateKeys: privKey, message:await openpgp.createMessage({ binary: binaryPlaintext }), detached: true, config }).then(async armoredSignature => {
|
||||||
const signature = await openpgp.readSignature({ armoredSignature });
|
const signature = await openpgp.readSignature({ armoredSignature });
|
||||||
return openpgp.verify({ publicKeys:[pubKey], message: await openpgp.createMessage({ text: plaintext }), signature, config });
|
return openpgp.verify({ publicKeys: pubKey, message: await openpgp.createMessage({ text: plaintext }), signature, config });
|
||||||
|
|
||||||
}).then(function({ data, signatures }) {
|
}).then(function({ data, signatures }) {
|
||||||
expect(data).to.equal(plaintext);
|
expect(data).to.equal(plaintext);
|
||||||
expect(signatures).to.have.length(1);
|
expect(signatures).to.have.length(1);
|
||||||
|
@ -1455,11 +1480,13 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
|
||||||
it('Should verify encrypted cleartext message correctly when encrypting binary literal data with a canonical text signature', async function () {
|
it('Should verify encrypted cleartext message correctly when encrypting binary literal data with a canonical text signature', async function () {
|
||||||
const plaintext = 'short message\nnext line \n한국어/조선말';
|
const plaintext = 'short message\nnext line \n한국어/조선말';
|
||||||
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||||
const privKey = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const config = { minRSABits: 1024 };
|
const config = { minRSABits: 1024 };
|
||||||
return openpgp.sign({ privateKeys:[privKey], message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async function(armoredSignature) {
|
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => {
|
||||||
const signature = await openpgp.readSignature({ armoredSignature });
|
const signature = await openpgp.readSignature({ armoredSignature });
|
||||||
return openpgp.encrypt({ message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), publicKeys: [pubKey], signature, config });
|
return openpgp.encrypt({ message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), publicKeys: [pubKey], signature, config });
|
||||||
|
|
||||||
|
@ -1590,15 +1617,17 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
|
||||||
|
|
||||||
it('Detached signature signing and verification', async function() {
|
it('Detached signature signing and verification', async function() {
|
||||||
const message = await openpgp.createMessage({ text: 'hello' });
|
const message = await openpgp.createMessage({ text: 'hello' });
|
||||||
const pubKey2 = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
const pubKey = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||||
const privKey2 = await openpgp.readKey({ armoredKey: priv_key_arm2 });
|
const privKey = await openpgp.decryptKey({
|
||||||
await privKey2.decrypt('hello world');
|
privateKey: await openpgp.readKey({ armoredKey: priv_key_arm2 }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
|
|
||||||
const opt = { rsaBits: 2048, userIDs: { name:'test', email:'a@b.com' }, passphrase: null };
|
const opt = { rsaBits: 2048, userIDs: { name:'test', email:'a@b.com' }, passphrase: null };
|
||||||
const { key: generatedKey } = await openpgp.generateKey(opt);
|
const { key: generatedKey } = await openpgp.generateKey(opt);
|
||||||
const armoredSignature = await openpgp.sign({ privateKeys:[generatedKey, privKey2], message, detached: true, config: { minRSABits: 1024 } });
|
const armoredSignature = await openpgp.sign({ privateKeys: [generatedKey, privKey], message, detached: true, config: { minRSABits: 1024 } });
|
||||||
const signature = await openpgp.readSignature({ armoredSignature });
|
const signature = await openpgp.readSignature({ armoredSignature });
|
||||||
const { data, signatures } = await openpgp.verify({ publicKeys:[generatedKey.toPublic(), pubKey2], message, signature, config: { minRSABits: 1024 } });
|
const { data, signatures } = await openpgp.verify({ publicKeys: [generatedKey.toPublic(), pubKey], message, signature, config: { minRSABits: 1024 } });
|
||||||
expect(data).to.equal('hello');
|
expect(data).to.equal('hello');
|
||||||
expect(await signatures[0].verified).to.be.true;
|
expect(await signatures[0].verified).to.be.true;
|
||||||
expect(await signatures[1].verified).to.be.true;
|
expect(await signatures[1].verified).to.be.true;
|
||||||
|
|
|
@ -84,8 +84,6 @@ const priv_key = [
|
||||||
'-----END PGP PRIVATE KEY BLOCK-----'
|
'-----END PGP PRIVATE KEY BLOCK-----'
|
||||||
].join('\n');
|
].join('\n');
|
||||||
|
|
||||||
const passphrase = 'hello world';
|
|
||||||
|
|
||||||
const brainpoolPub = [
|
const brainpoolPub = [
|
||||||
'-----BEGIN PGP PUBLIC KEY BLOCK-----',
|
'-----BEGIN PGP PUBLIC KEY BLOCK-----',
|
||||||
'',
|
'',
|
||||||
|
@ -344,9 +342,12 @@ function tests() {
|
||||||
it('Encrypt and decrypt larger message roundtrip using curve x25519 (allowUnauthenticatedStream=true)', async function() {
|
it('Encrypt and decrypt larger message roundtrip using curve x25519 (allowUnauthenticatedStream=true)', async function() {
|
||||||
const allowUnauthenticatedStreamValue = openpgp.config.allowUnauthenticatedStream;
|
const allowUnauthenticatedStreamValue = openpgp.config.allowUnauthenticatedStream;
|
||||||
openpgp.config.allowUnauthenticatedStream = true;
|
openpgp.config.allowUnauthenticatedStream = true;
|
||||||
const priv = await openpgp.readKey({ armoredKey: xPriv });
|
|
||||||
const pub = await openpgp.readKey({ armoredKey: xPub });
|
const pub = await openpgp.readKey({ armoredKey: xPub });
|
||||||
await priv.decrypt(xPass);
|
const priv = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: xPriv }),
|
||||||
|
passphrase: xPass
|
||||||
|
});
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ binary: data }),
|
message: await openpgp.createMessage({ binary: data }),
|
||||||
|
@ -376,9 +377,12 @@ function tests() {
|
||||||
it('Encrypt and decrypt larger message roundtrip using curve brainpool (allowUnauthenticatedStream=true)', async function() {
|
it('Encrypt and decrypt larger message roundtrip using curve brainpool (allowUnauthenticatedStream=true)', async function() {
|
||||||
const allowUnauthenticatedStreamValue = openpgp.config.allowUnauthenticatedStream;
|
const allowUnauthenticatedStreamValue = openpgp.config.allowUnauthenticatedStream;
|
||||||
openpgp.config.allowUnauthenticatedStream = true;
|
openpgp.config.allowUnauthenticatedStream = true;
|
||||||
const priv = await openpgp.readKey({ armoredKey: brainpoolPriv });
|
|
||||||
const pub = await openpgp.readKey({ armoredKey: brainpoolPub });
|
const pub = await openpgp.readKey({ armoredKey: brainpoolPub });
|
||||||
await priv.decrypt(brainpoolPass);
|
const priv = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: brainpoolPriv }),
|
||||||
|
passphrase: brainpoolPass
|
||||||
|
});
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const encrypted = await openpgp.encrypt({
|
const encrypted = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ binary: data }),
|
message: await openpgp.createMessage({ binary: data }),
|
||||||
|
@ -698,9 +702,12 @@ function tests() {
|
||||||
this.push(null);
|
this.push(null);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
const priv = await openpgp.readKey({ armoredKey: brainpoolPriv });
|
|
||||||
const pub = await openpgp.readKey({ armoredKey: brainpoolPub });
|
const pub = await openpgp.readKey({ armoredKey: brainpoolPub });
|
||||||
await priv.decrypt(brainpoolPass);
|
const priv = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: brainpoolPriv }),
|
||||||
|
passphrase: brainpoolPass
|
||||||
|
});
|
||||||
|
|
||||||
const signed = await openpgp.sign({
|
const signed = await openpgp.sign({
|
||||||
message: await openpgp.createMessage({ binary: data }),
|
message: await openpgp.createMessage({ binary: data }),
|
||||||
privateKeys: priv,
|
privateKeys: priv,
|
||||||
|
@ -734,9 +741,12 @@ function tests() {
|
||||||
this.push(null);
|
this.push(null);
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
const priv = await openpgp.readKey({ armoredKey: xPriv });
|
|
||||||
const pub = await openpgp.readKey({ armoredKey: xPub });
|
const pub = await openpgp.readKey({ armoredKey: xPub });
|
||||||
await priv.decrypt(xPass);
|
const priv = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: xPriv }),
|
||||||
|
passphrase: xPass
|
||||||
|
});
|
||||||
|
|
||||||
const signed = await openpgp.sign({
|
const signed = await openpgp.sign({
|
||||||
message: await openpgp.createMessage({ binary: data }),
|
message: await openpgp.createMessage({ binary: data }),
|
||||||
privateKeys: priv,
|
privateKeys: priv,
|
||||||
|
@ -937,8 +947,10 @@ module.exports = () => describe('Streaming', function() {
|
||||||
|
|
||||||
before(async function() {
|
before(async function() {
|
||||||
pubKey = await openpgp.readKey({ armoredKey: pub_key });
|
pubKey = await openpgp.readKey({ armoredKey: pub_key });
|
||||||
privKey = await openpgp.readKey({ armoredKey: priv_key });
|
privKey = await openpgp.decryptKey({
|
||||||
await privKey.decrypt(passphrase);
|
privateKey: await openpgp.readKey({ armoredKey: priv_key }),
|
||||||
|
passphrase: 'hello world'
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
beforeEach(function() {
|
beforeEach(function() {
|
||||||
|
|
|
@ -137,10 +137,12 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr
|
||||||
if (data[name].priv_key) {
|
if (data[name].priv_key) {
|
||||||
return data[name].priv_key;
|
return data[name].priv_key;
|
||||||
}
|
}
|
||||||
const pk = await openpgp.readKey({ armoredKey: data[name].priv });
|
const pk = await openpgp.decryptKey({
|
||||||
|
privateKey: await openpgp.readKey({ armoredKey: data[name].priv }),
|
||||||
|
passphrase: data[name].pass
|
||||||
|
});
|
||||||
expect(pk).to.exist;
|
expect(pk).to.exist;
|
||||||
expect(pk.getKeyID().toHex()).to.equal(data[name].id);
|
expect(pk.getKeyID().toHex()).to.equal(data[name].id);
|
||||||
await pk.decrypt(data[name].pass);
|
|
||||||
data[name].priv_key = pk;
|
data[name].priv_key = pk;
|
||||||
return pk;
|
return pk;
|
||||||
}
|
}
|
||||||
|
|
|
@ -45,8 +45,10 @@ onmessage = async function({ data: { action, message }, ports: [port] }) {
|
||||||
switch (action) {
|
switch (action) {
|
||||||
case 'encrypt': {
|
case 'encrypt': {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('test');
|
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
|
||||||
|
passphrase: 'test'
|
||||||
|
});
|
||||||
const data = await openpgp.encrypt({
|
const data = await openpgp.encrypt({
|
||||||
message: await openpgp.createMessage({ text: message }),
|
message: await openpgp.createMessage({ text: message }),
|
||||||
publicKeys: publicKey,
|
publicKeys: publicKey,
|
||||||
|
@ -57,8 +59,10 @@ onmessage = async function({ data: { action, message }, ports: [port] }) {
|
||||||
}
|
}
|
||||||
case 'decrypt': {
|
case 'decrypt': {
|
||||||
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
const publicKey = await openpgp.readKey({ armoredKey: publicKeyArmored });
|
||||||
const privateKey = await openpgp.readKey({ armoredKey: privateKeyArmored });
|
const privateKey = await openpgp.decryptKey({
|
||||||
await privateKey.decrypt('test');
|
privateKey: await openpgp.readKey({ armoredKey: privateKeyArmored }),
|
||||||
|
passphrase: 'test'
|
||||||
|
});
|
||||||
const { data, signatures } = await openpgp.decrypt({
|
const { data, signatures } = await openpgp.decrypt({
|
||||||
message: await openpgp.readMessage({ armoredMessage: message }),
|
message: await openpgp.readMessage({ armoredMessage: message }),
|
||||||
publicKeys: publicKey,
|
publicKeys: publicKey,
|
||||||
|
|
Loading…
Reference in New Issue
Block a user