Release new version

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "openpgp",
-  "version": "4.0.2",
+  "version": "4.1.0",
   "license": "LGPL-3.0+",
   "homepage": "https://openpgpjs.org/",
   "authors": [

dist/compat/openpgp.worker.min.js

@@ -1,2 +1,2 @@
-/*! OpenPGP.js v4.0.2 - 2018-09-17 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v4.1.0 - 2018-09-25 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 !function(){return function e(n,r,t){function o(a,f){if(!r[a]){if(!n[a]){var u="function"==typeof require&&require;if(!f&&u)return u(a,!0);if(i)return i(a,!0);var c=new Error("Cannot find module '"+a+"'");throw c.code="MODULE_NOT_FOUND",c}var s=r[a]={exports:{}};n[a][0].call(s.exports,function(e){return o(n[a][1][e]||e)},s,s.exports,e,n,r,t)}return r[a].exports}for(var i="function"==typeof require&&require,a=0;a<t.length;a++)o(t[a]);return o}}()({1:[function(e,n,r){self.window=self,importScripts("openpgp.min.js");var t=window.openpgp,o=[],i=6e4;function a(e){self.postMessage(e,t.util.getTransferables(e.data))}t.crypto.random.randomBuffer.init(i,function(){return o.length||self.postMessage({event:"request-seed",amount:i}),new Promise(function(e){o.push(e)})}),self.onmessage=function(e){var n,r=e.data||{};switch(r.event){case"configure":n=r.config,Object.keys(n).forEach(function(e){t.config[e]=n[e]});break;case"seed-random":!function(e){e instanceof Uint8Array||(e=new Uint8Array(e));t.crypto.random.randomBuffer.set(e)}(r.buf);var i=o;o=[];for(var f=0;f<i.length;f++)i[f]();break;default:!function(e,n,r){if("function"!=typeof t[n])return void a({id:e,event:"method-return",err:"Unknown Worker Event"});r=t.packet.clone.parseClonedPackets(r,n),t.util.restoreStreams(r),t[n](r).then(function(n){a({id:e,event:"method-return",data:t.packet.clone.clonePackets(n)})}).catch(function(n){t.util.print_debug_error(n),a({id:e,event:"method-return",err:n.message,stack:n.stack})})}(r.id,r.event,r.options||{})}}},{}]},{},[1]);

dist/openpgp.js

@@ -23337,7 +23337,7 @@ exports.default = {
    * @memberof module:config
    * @property {String} versionstring A version string to be included in armored messages
    */
-  versionstring: "OpenPGP.js v4.0.2",
+  versionstring: "OpenPGP.js v4.1.0",
   /**
    * @memberof module:config
    * @property {String} commentstring A comment string to be included in armored messages
@@ -30838,25 +30838,26 @@ Key.prototype.armor = function () {
 };
 
 /**
- * Returns the signature that has the latest creation date, while ignoring signatures created in the future.
+ * Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.
  * @param  {Array<module:packet.Signature>} signatures  List of signatures
  * @param  {Date}                           date        Use the given date instead of the current time
- * @returns {module:packet.Signature} The latest signature
+ * @returns {Promise<module:packet.Signature>} The latest valid signature
+ * @async
  */
-function getLatestSignature(signatures, date = new Date()) {
+async function getLatestValidSignature(signatures, primaryKey, dataToVerify, date = new Date()) {
-  let signature = signatures[0];
+  let signature;
-  for (let i = 1; i < signatures.length; i++) {
+  for (let i = signatures.length - 1; i >= 0; i--) {
-    if (signatures[i].created >= signature.created && (signatures[i].created <= date || date === null)) {
+    if ((!signature || signatures[i].created >= signature.created) &&
+    // check binding signature is not expired (ie, check for V4 expiration time)
+    !signatures[i].isExpired(date) && (
+    // check binding signature is verified
+    signatures[i].verified || (await signatures[i].verify(primaryKey, dataToVerify)))) {
       signature = signatures[i];
     }
   }
   return signature;
 }
 
-function isValidSigningKeyPacket(keyPacket, signature, date = new Date()) {
-  return keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.rsa_encrypt) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.elgamal) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.ecdh) && (!signature.keyFlags || (signature.keyFlags[0] & _enums2.default.keyFlags.sign_data) !== 0) && signature.verified && !signature.revoked && !signature.isExpired(date) && !isDataExpired(keyPacket, signature, date);
-}
-
 /**
  * Returns last created key or key by given keyId that is available for signing and verification
  * @param  {module:type/keyid} keyId, optional
@@ -30872,24 +30873,29 @@ Key.prototype.getSigningKey = async function (keyId = null, date = new Date(), u
     for (let i = 0; i < subKeys.length; i++) {
       if (!keyId || subKeys[i].getKeyId().equals(keyId)) {
         if ((await subKeys[i].verify(primaryKey, date)) === _enums2.default.keyStatus.valid) {
-          const bindingSignature = getLatestSignature(subKeys[i].bindingSignatures, date);
+          const dataToVerify = { key: primaryKey, bind: subKeys[i].keyPacket };
-          if (isValidSigningKeyPacket(subKeys[i].keyPacket, bindingSignature, date)) {
+          const bindingSignature = await getLatestValidSignature(subKeys[i].bindingSignatures, primaryKey, dataToVerify, date);
+          if (bindingSignature && isValidSigningKeyPacket(subKeys[i].keyPacket, bindingSignature)) {
             return subKeys[i];
           }
         }
       }
     }
     const primaryUser = await this.getPrimaryUser(date, userId);
-    if (primaryUser && (!keyId || primaryKey.getKeyId().equals(keyId)) && isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification, date)) {
+    if (primaryUser && (!keyId || primaryKey.getKeyId().equals(keyId)) && isValidSigningKeyPacket(primaryKey, primaryUser.selfCertification)) {
       return this;
     }
   }
   return null;
-};
 
-function isValidEncryptionKeyPacket(keyPacket, signature, date = new Date()) {
+  function isValidSigningKeyPacket(keyPacket, signature) {
-  return keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.dsa) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.rsa_sign) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.ecdsa) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.eddsa) && (!signature.keyFlags || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_communication) !== 0 || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_storage) !== 0) && signature.verified && !signature.revoked && !signature.isExpired(date) && !isDataExpired(keyPacket, signature, date);
+    if (!signature.verified || signature.revoked !== false) {
-}
+      // Sanity check
+      throw new Error('Signature not verified');
+    }
+    return keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.rsa_encrypt) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.elgamal) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.ecdh) && (!signature.keyFlags || (signature.keyFlags[0] & _enums2.default.keyFlags.sign_data) !== 0);
+  }
+};
 
 /**
  * Returns last created key or key by given keyId that is available for encryption or decryption
@@ -30907,8 +30913,9 @@ Key.prototype.getEncryptionKey = async function (keyId, date = new Date(), userI
     for (let i = 0; i < subKeys.length; i++) {
       if (!keyId || subKeys[i].getKeyId().equals(keyId)) {
         if ((await subKeys[i].verify(primaryKey, date)) === _enums2.default.keyStatus.valid) {
-          const bindingSignature = getLatestSignature(subKeys[i].bindingSignatures, date);
+          const dataToVerify = { key: primaryKey, bind: subKeys[i].keyPacket };
-          if (isValidEncryptionKeyPacket(subKeys[i].keyPacket, bindingSignature, date)) {
+          const bindingSignature = await getLatestValidSignature(subKeys[i].bindingSignatures, primaryKey, dataToVerify, date);
+          if (bindingSignature && isValidEncryptionKeyPacket(subKeys[i].keyPacket, bindingSignature)) {
             return subKeys[i];
           }
         }
@@ -30916,11 +30923,19 @@ Key.prototype.getEncryptionKey = async function (keyId, date = new Date(), userI
     }
     // if no valid subkey for encryption, evaluate primary key
     const primaryUser = await this.getPrimaryUser(date, userId);
-    if (primaryUser && (!keyId || primaryKey.getKeyId().equals(keyId)) && isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification, date)) {
+    if (primaryUser && (!keyId || primaryKey.getKeyId().equals(keyId)) && isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) {
       return this;
     }
   }
   return null;
+
+  function isValidEncryptionKeyPacket(keyPacket, signature) {
+    if (!signature.verified || signature.revoked !== false) {
+      // Sanity check
+      throw new Error('Signature not verified');
+    }
+    return keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.dsa) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.rsa_sign) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.ecdsa) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.eddsa) && (!signature.keyFlags || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_communication) !== 0 || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_storage) !== 0);
+  }
 };
 
 /**
@@ -31037,11 +31052,12 @@ Key.prototype.verifyPrimaryKey = async function (date = new Date(), userId = {})
 /**
  * Returns the latest date when the key can be used for encrypting, signing, or both, depending on the `capabilities` paramater.
  * When `capabilities` is null, defaults to returning the expiry date of the primary key.
+ * Returns null if `capabilities` is passed and the key does not have the specified capabilities or is revoked or invalid.
  * Returns Infinity if the key doesn't expire.
  * @param  {encrypt|sign|encrypt_sign} capabilities, optional
  * @param  {module:type/keyid} keyId, optional
  * @param  {Object} userId, optional user ID
- * @returns {Promise<Date>}
+ * @returns {Promise<Date | Infinity | null>}
  * @async
  */
 Key.prototype.getExpirationTime = async function (capabilities, keyId, userId) {
@@ -31056,13 +31072,13 @@ Key.prototype.getExpirationTime = async function (capabilities, keyId, userId) {
   if (capabilities === 'encrypt' || capabilities === 'encrypt_sign') {
     const encryptKey = await this.getEncryptionKey(keyId, null, userId);
     if (!encryptKey) return null;
-    const encryptExpiry = encryptKey.getExpirationTime();
+    const encryptExpiry = await encryptKey.getExpirationTime(this.keyPacket);
     if (encryptExpiry < expiry) expiry = encryptExpiry;
   }
   if (capabilities === 'sign' || capabilities === 'encrypt_sign') {
     const signKey = await this.getSigningKey(keyId, null, userId);
     if (!signKey) return null;
-    const signExpiry = signKey.getExpirationTime();
+    const signExpiry = await signKey.getExpirationTime(this.keyPacket);
     if (signExpiry < expiry) expiry = signExpiry;
   }
   return expiry;
@@ -31079,12 +31095,16 @@ Key.prototype.getExpirationTime = async function (capabilities, keyId, userId) {
  * @async
  */
 Key.prototype.getPrimaryUser = async function (date = new Date(), userId = {}) {
-  const users = this.users.map(function (user, index) {
+  const primaryKey = this.keyPacket;
-    const selfCertification = getLatestSignature(user.selfCertifications, date);
+  const users = [];
-    return { index, user, selfCertification };
+  for (let i = 0; i < this.users.length; i++) {
-  }).filter(({ user, selfCertification }) => {
+    const user = this.users[i];
-    return user.userId && selfCertification && (userId.name === undefined || user.userId.name === userId.name) && (userId.email === undefined || user.userId.email === userId.email) && (userId.comment === undefined || user.userId.comment === userId.comment);
+    if (!user.userId || !((userId.name === undefined || user.userId.name === userId.name) && (userId.email === undefined || user.userId.email === userId.email) && (userId.comment === undefined || user.userId.comment === userId.comment))) continue;
-  });
+    const dataToVerify = { userId: user.userId, key: primaryKey };
+    const selfCertification = await getLatestValidSignature(user.selfCertifications, primaryKey, dataToVerify, date);
+    if (!selfCertification) continue;
+    users.push({ index: i, user, selfCertification });
+  }
   if (!users.length) {
     if (userId.name !== undefined || userId.email !== undefined || userId.comment !== undefined) {
       throw new Error('Could not find user that matches that user ID');
@@ -31100,18 +31120,9 @@ Key.prototype.getPrimaryUser = async function (date = new Date(), userId = {}) {
   const user = primaryUser.user,
         cert = primaryUser.selfCertification;
 
-  const primaryKey = this.keyPacket;
-  const dataToVerify = { userId: user.userId, key: primaryKey };
-  // skip if certificates is invalid, revoked, or expired
-  if (!(cert.verified || (await cert.verify(primaryKey, dataToVerify)))) {
-    return null;
-  }
   if (cert.revoked || (await user.isRevoked(primaryKey, cert, null, date))) {
     return null;
   }
-  if (cert.isExpired(date)) {
-    return null;
-  }
   return primaryUser;
 };
 
@@ -31235,12 +31246,15 @@ Key.prototype.revoke = async function ({
 /**
  * Get revocation certificate from a revoked key.
  *   (To get a revocation certificate for an unrevoked key, call revoke() first.)
- * @returns {String} armored revocation certificate
+ * @returns {Promise<String>} armored revocation certificate
+ * @async
  */
-Key.prototype.getRevocationCertificate = function () {
+Key.prototype.getRevocationCertificate = async function () {
-  if (this.revocationSignatures.length) {
+  const dataToVerify = { key: this.keyPacket };
+  const revocationSignature = await getLatestValidSignature(this.revocationSignatures, this.keyPacket, dataToVerify);
+  if (revocationSignature) {
     const packetlist = new _packet2.default.List();
-    packetlist.push(getLatestSignature(this.revocationSignatures));
+    packetlist.push(revocationSignature);
     return _armor2.default.encode(_enums2.default.armor.public_key, packetlist.write(), null, null, 'This is a revocation certificate');
   }
 };
@@ -31648,17 +31662,17 @@ SubKey.prototype.verify = async function (primaryKey, date = new Date()) {
   const that = this;
   const dataToVerify = { key: primaryKey, bind: this.keyPacket };
   // check subkey binding signatures
-  const bindingSignature = getLatestSignature(this.bindingSignatures, date);
+  const bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, dataToVerify, date);
   // check binding signature is verified
-  if (!(bindingSignature.verified || (await bindingSignature.verify(primaryKey, dataToVerify)))) {
+  if (!bindingSignature) {
     return _enums2.default.keyStatus.invalid;
   }
   // check binding signature is not revoked
   if (bindingSignature.revoked || (await that.isRevoked(primaryKey, bindingSignature, null, date))) {
     return _enums2.default.keyStatus.revoked;
   }
-  // check binding signature is not expired (ie, check for V4 expiration time)
+  // check for expiration time
-  if (bindingSignature.isExpired(date)) {
+  if (isDataExpired(this.keyPacket, bindingSignature, date)) {
     return _enums2.default.keyStatus.expired;
   }
   return _enums2.default.keyStatus.valid; // binding signature passed all checks
@@ -31666,11 +31680,17 @@ SubKey.prototype.verify = async function (primaryKey, date = new Date()) {
 
 /**
  * Returns the expiration time of the subkey or Infinity if key does not expire
+ * Returns null if the subkey is invalid.
+ * @param  {module:packet.SecretKey|
+ *          module:packet.PublicKey} primaryKey  The primary key packet
  * @param  {Date}                     date       Use the given date instead of the current time
- * @returns {Date}
+ * @returns {Promise<Date | Infinity | null>}
+ * @async
  */
-SubKey.prototype.getExpirationTime = function (date = new Date()) {
+SubKey.prototype.getExpirationTime = async function (primaryKey, date = new Date()) {
-  const bindingSignature = getLatestSignature(this.bindingSignatures, date);
+  const dataToVerify = { key: primaryKey, bind: this.keyPacket };
+  const bindingSignature = await getLatestValidSignature(this.bindingSignatures, primaryKey, dataToVerify, date);
+  if (!bindingSignature) return null;
   const keyExpiry = getExpirationTime(this.keyPacket, bindingSignature);
   const sigExpiry = bindingSignature.getExpirationTime();
   return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;
@@ -31743,8 +31763,6 @@ SubKey.prototype.revoke = async function (primaryKey, {
   return subKey;
 };
 
-/**
- */
 ['getKeyId', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {
   Key.prototype[name] = SubKey.prototype[name] = function () {
     return this.keyPacket[name]();
@@ -31762,9 +31780,14 @@ SubKey.prototype.revoke = async function (primaryKey, {
 async function read(data) {
   const result = {};
   result.keys = [];
+  const err = [];
   try {
     const packetlist = new _packet2.default.List();
     await packetlist.read(data);
+    if (packetlist.filterByTag(_enums2.default.packet.signature).some(signature => signature.revocationKeyClass !== null)) {
+      // Indicate an error, but still parse the key.
+      err.push(new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.'));
+    }
     const keyIndex = packetlist.indexOfTag(_enums2.default.packet.publicKey, _enums2.default.packet.secretKey);
     if (keyIndex.length === 0) {
       throw new Error('No key packet found');
@@ -31775,13 +31798,14 @@ async function read(data) {
         const newKey = new Key(oneKeyList);
         result.keys.push(newKey);
       } catch (e) {
-        result.err = result.err || [];
+        err.push(e);
-        result.err.push(e);
       }
     }
   } catch (e) {
-    result.err = result.err || [];
+    err.push(e);
-    result.err.push(e);
+  }
+  if (err.length) {
+    result.err = err;
   }
   return result;
 }
@@ -32104,7 +32128,16 @@ async function isDataRevoked(primaryKey, dataToVerify, revocations, signature, k
   const normDate = _util2.default.normalizeDate(date);
   const revocationKeyIds = [];
   await Promise.all(revocations.map(async function (revocationSignature) {
-    if (!(_config2.default.revocations_expire && revocationSignature.isExpired(normDate)) && (revocationSignature.verified || (await revocationSignature.verify(key, dataToVerify)))) {
+    if (
+    // Note: a third-party revocation signature could legitimately revoke a
+    // self-signature if the signature has an authorized revocation key.
+    // However, we don't support passing authorized revocation keys, nor
+    // verifying such revocation signatures. Instead, we indicate an error
+    // when parsing a key with an authorized revocation key, and ignore
+    // third-party revocation signatures here. (It could also be revoking a
+    // third-party key certification, which should only affect
+    // `verifyAllCertifications`.)
+    (!signature || revocationSignature.issuerKeyId.equals(signature.issuerKeyId)) && !(_config2.default.revocations_expire && revocationSignature.isExpired(normDate)) && (revocationSignature.verified || (await revocationSignature.verify(key, dataToVerify)))) {
       // TODO get an identifier of the revoked object instead
       revocationKeyIds.push(revocationSignature.issuerKeyId);
       return true;
@@ -32113,7 +32146,7 @@ async function isDataRevoked(primaryKey, dataToVerify, revocations, signature, k
   }));
   // TODO further verify that this is the signature that should be revoked
   if (signature) {
-    signature.revoked = revocationKeyIds.some(keyId => keyId.equals(signature.issuerKeyId)) ? true : signature.revoked;
+    signature.revoked = revocationKeyIds.some(keyId => keyId.equals(signature.issuerKeyId)) ? true : signature.revoked || false;
     return signature.revoked;
   }
   return revocationKeyIds.length > 0;
@@ -33611,7 +33644,7 @@ function generateKey({ userIds = [], passphrase = "", numBits = 2048, keyExpirat
   }
 
   return (0, _key.generate)(options).then(async key => {
-    const revocationCertificate = key.getRevocationCertificate();
+    const revocationCertificate = await key.getRevocationCertificate();
     key.revocationSignatures = [];
 
     return convertStreams({
@@ -33646,8 +33679,8 @@ function reformatKey({ privateKey, userIds = [], passphrase = "", keyExpirationT
 
   options.revoked = options.revocationCertificate;
 
-  return (0, _key.reformat)(options).then(key => {
+  return (0, _key.reformat)(options).then(async key => {
-    const revocationCertificate = key.getRevocationCertificate();
+    const revocationCertificate = await key.getRevocationCertificate();
     key.revocationSignatures = [];
 
     return {
@@ -33834,7 +33867,7 @@ function encrypt({ message, publicKeys, privateKeys, passwords, sessionKey, comp
  * @param  {String|Array<String>} passwords   (optional) passwords to decrypt the message
  * @param  {Object|Array<Object>} sessionKeys (optional) session keys in the form: { data:Uint8Array, algorithm:String }
  * @param  {Key|Array<Key>} publicKeys        (optional) array of public keys or single key, to verify signatures
- * @param  {String} format                    (optional) return data format either as 'utf8' or 'binary'
+ * @param  {'utf8'|'binary'} format           (optional) whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.
  * @param  {'web'|'node'|false} streaming     (optional) whether to return data as a stream. Defaults to the type of stream `message` was created from, if any.
  * @param  {Signature} signature              (optional) detached signature for verification
  * @param  {Date} date                        (optional) use the given date for verification instead of the current time
@@ -35608,6 +35641,7 @@ function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { de
  * are stored as numerical indices.
  * @memberof module:packet
  * @constructor
+ * @extends Array
  */
 /* eslint-disable callback-return */
 /**
@@ -35628,6 +35662,8 @@ function List() {
   this.length = 0;
 }
 
+List.prototype = [];
+
 /**
  * Reads a stream of binary data and interprents it as a list of packets.
  * @param {Uint8Array | ReadableStream<Uint8Array>} A Uint8Array of bytes.
@@ -35743,37 +35779,6 @@ List.prototype.push = function (packet) {
   this.length++;
 };
 
-/**
- * Remove a packet from the list and return it.
- * @returns {Object}   The packet that was removed
- */
-List.prototype.pop = function () {
-  if (this.length === 0) {
-    return;
-  }
-
-  const packet = this[this.length - 1];
-  delete this[this.length - 1];
-  this.length--;
-
-  return packet;
-};
-
-/**
- * Creates a new PacketList with all packets that pass the test implemented by the provided function.
- */
-List.prototype.filter = function (callback) {
-  const filtered = new List();
-
-  for (let i = 0; i < this.length; i++) {
-    if (callback(this[i], i, this)) {
-      filtered.push(this[i]);
-    }
-  }
-
-  return filtered;
-};
-
 /**
  * Creates a new PacketList with all packets from the given types
  */
@@ -35791,58 +35796,6 @@ List.prototype.filterByTag = function (...args) {
   return filtered;
 };
 
-/**
- * Executes the provided callback once for each element
- */
-List.prototype.forEach = function (callback) {
-  for (let i = 0; i < this.length; i++) {
-    callback(this[i], i, this);
-  }
-};
-
-/**
- * Returns an array containing return values of callback
- * on each element
- */
-List.prototype.map = function (callback) {
-  const packetArray = [];
-
-  for (let i = 0; i < this.length; i++) {
-    packetArray.push(callback(this[i], i, this));
-  }
-
-  return packetArray;
-};
-
-/**
- * Executes the callback function once for each element
- * until it finds one where callback returns a truthy value
- * @param  {Function} callback
- * @returns {Promise<Boolean>}
- * @async
- */
-List.prototype.some = async function (callback) {
-  for (let i = 0; i < this.length; i++) {
-    if (await callback(this[i], i, this)) {
-      return true;
-    }
-  }
-  return false;
-};
-
-/**
- * Executes the callback function once for each element,
- * returns true if all callbacks returns a truthy value
- */
-List.prototype.every = function (callback) {
-  for (let i = 0; i < this.length; i++) {
-    if (!callback(this[i], i, this)) {
-      return false;
-    }
-  }
-  return true;
-};
-
 /**
  * Traverses packet tree and returns first matching packet
  * @param  {module:enums.packet} type The packet type
@@ -35883,20 +35836,6 @@ List.prototype.indexOfTag = function (...args) {
   return tagIndex;
 };
 
-/**
- * Returns slice of packetlist
- */
-List.prototype.slice = function (begin, end) {
-  if (!end) {
-    end = this.length;
-  }
-  const part = new List();
-  for (let i = begin; i < end; i++) {
-    part.push(this[i]);
-  }
-  return part;
-};
-
 /**
  * Concatenates packetlist or array of packets
  */
@@ -37151,6 +37090,12 @@ Signature.prototype.sign = async function (key, data) {
 
   const params = key.params;
   this.signature = _webStreamTools2.default.fromAsync(async () => _crypto2.default.signature.sign(publicKeyAlgorithm, hashAlgorithm, params, toHash, (await _webStreamTools2.default.readToEnd(hash))));
+
+  // Store the fact that this signature is valid, e.g. for when we call `await
+  // getLatestValidSignature(this.revocationSignatures, key, data)` later. Note
+  // that this only holds up if the key and data passed to verify are the same
+  // as the ones passed to sign.
+  this.verified = true;
   return true;
 };
 

dist/openpgp.worker.min.js

@@ -1,2 +1,2 @@
-/*! OpenPGP.js v4.0.2 - 2018-09-17 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v4.1.0 - 2018-09-25 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 !function(){return function e(n,r,t){function o(a,f){if(!r[a]){if(!n[a]){var u="function"==typeof require&&require;if(!f&&u)return u(a,!0);if(i)return i(a,!0);var c=new Error("Cannot find module '"+a+"'");throw c.code="MODULE_NOT_FOUND",c}var s=r[a]={exports:{}};n[a][0].call(s.exports,function(e){return o(n[a][1][e]||e)},s,s.exports,e,n,r,t)}return r[a].exports}for(var i="function"==typeof require&&require,a=0;a<t.length;a++)o(t[a]);return o}}()({1:[function(e,n,r){self.window=self,importScripts("openpgp.min.js");var t=window.openpgp,o=[],i=6e4;function a(e){self.postMessage(e,t.util.getTransferables(e.data))}t.crypto.random.randomBuffer.init(i,function(){return o.length||self.postMessage({event:"request-seed",amount:i}),new Promise(function(e){o.push(e)})}),self.onmessage=function(e){var n,r=e.data||{};switch(r.event){case"configure":n=r.config,Object.keys(n).forEach(function(e){t.config[e]=n[e]});break;case"seed-random":!function(e){e instanceof Uint8Array||(e=new Uint8Array(e));t.crypto.random.randomBuffer.set(e)}(r.buf);var i=o;o=[];for(var f=0;f<i.length;f++)i[f]();break;default:!function(e,n,r){if("function"!=typeof t[n])return void a({id:e,event:"method-return",err:"Unknown Worker Event"});r=t.packet.clone.parseClonedPackets(r,n),t.util.restoreStreams(r),t[n](r).then(function(n){a({id:e,event:"method-return",data:t.packet.clone.clonePackets(n)})}).catch(function(n){t.util.print_debug_error(n),a({id:e,event:"method-return",err:n.message,stack:n.stack})})}(r.id,r.event,r.options||{})}}},{}]},{},[1]);

npm-shrinkwrap.json

@@ -1,6 +1,6 @@
 {
   "name": "openpgp",
-  "version": "4.0.2",
+  "version": "4.1.0",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

package.json

@@ -1,7 +1,7 @@
 {
   "name": "openpgp",
   "description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
-  "version": "4.0.2",
+  "version": "4.1.0",
   "license": "LGPL-3.0+",
   "homepage": "https://openpgpjs.org/",
   "engines": {