From 3f44082457b88d1732932458108d205e705345b7 Mon Sep 17 00:00:00 2001 From: larabr <7375870+larabr@users.noreply.github.com> Date: Mon, 20 Mar 2023 19:25:42 +0100 Subject: [PATCH] `crypto-refresh`: add support for new Ed25519 key and signature format This addition is backwards compatible. We offer no way to generate v4 keys in the new format. --- src/crypto/crypto.js | 37 +++++-- src/crypto/public_key/elliptic/eddsa.js | 90 +++++++++++------ .../public_key/elliptic/eddsa_legacy.js | 99 +++++++++++++++++++ src/crypto/public_key/elliptic/index.js | 3 +- src/crypto/signature.js | 30 ++++-- src/enums.js | 17 +++- src/packet/public_key.js | 2 +- test/crypto/validate.js | 2 +- test/general/key.js | 18 +++- test/general/openpgp.js | 28 ++++++ test/general/streaming.js | 2 +- 11 files changed, 277 insertions(+), 51 deletions(-) create mode 100644 src/crypto/public_key/elliptic/eddsa_legacy.js diff --git a/src/crypto/crypto.js b/src/crypto/crypto.js index d05e4fe9..21df6a98 100644 --- a/src/crypto/crypto.js +++ b/src/crypto/crypto.js @@ -145,7 +145,8 @@ export function parsePublicKeyParams(algo, bytes) { const Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; return { read: read, publicParams: { oid, Q } }; } - case enums.publicKey.eddsa: { + case enums.publicKey.eddsa: + case enums.publicKey.ed25519Legacy: { const oid = new OID(); read += oid.read(bytes); checkSupportedCurve(oid); let Q = util.readMPI(bytes.subarray(read)); read += Q.length + 2; @@ -159,6 +160,10 @@ export function parsePublicKeyParams(algo, bytes) { const kdfParams = new KDFParams(); read += kdfParams.read(bytes.subarray(read)); return { read: read, publicParams: { oid, Q, kdfParams } }; } + case enums.publicKey.ed25519: { + const A = bytes.subarray(read, read + 32); read += A.length; + return { read, publicParams: { A } }; + } default: throw new UnsupportedError('Unknown public key encryption algorithm.'); } @@ -195,12 +200,17 @@ export function parsePrivateKeyParams(algo, bytes, publicParams) { d = util.leftPad(d, curve.payloadSize); return { read, privateParams: { d } }; } - case enums.publicKey.eddsa: { + case enums.publicKey.eddsa: + case enums.publicKey.ed25519Legacy: { const curve = new Curve(publicParams.oid); let seed = util.readMPI(bytes.subarray(read)); read += seed.length + 2; seed = util.leftPad(seed, curve.payloadSize); return { read, privateParams: { seed } }; } + case enums.publicKey.ed25519: { + const seed = bytes.subarray(read, read + 32); read += seed.length; + return { read, privateParams: { seed } }; + } default: throw new UnsupportedError('Unknown public key encryption algorithm.'); } @@ -250,9 +260,12 @@ export function parseEncSessionKeyParams(algo, bytes) { * @returns {Uint8Array} The array containing the MPIs. */ export function serializeParams(algo, params) { + // Some algorithms do not rely on MPIs to store the binary params + const algosWithNativeRepresentation = new Set([enums.publicKey.ed25519]); const orderedParams = Object.keys(params).map(name => { const param = params[name]; - return util.isUint8Array(param) ? util.uint8ArrayToMPI(param) : param.write(); + if (!util.isUint8Array(param)) return param.write(); + return algosWithNativeRepresentation.has(algo) ? param : util.uint8ArrayToMPI(param); }); return util.concatUint8Array(orderedParams); } @@ -281,6 +294,7 @@ export function generateParams(algo, bits, oid) { publicParams: { oid: new OID(oid), Q } })); case enums.publicKey.eddsa: + case enums.publicKey.ed25519Legacy: return publicKey.elliptic.generate(oid).then(({ oid, Q, secret }) => ({ privateParams: { seed: secret }, publicParams: { oid: new OID(oid), Q } @@ -294,6 +308,11 @@ export function generateParams(algo, bits, oid) { kdfParams: new KDFParams({ hash, cipher }) } })); + case enums.publicKey.ed25519: + return publicKey.elliptic.eddsa.generate(algo).then(({ A, seed }) => ({ + privateParams: { seed }, + publicParams: { A } + })); case enums.publicKey.dsa: case enums.publicKey.elgamal: throw new Error('Unsupported algorithm for key generation.'); @@ -339,10 +358,16 @@ export async function validateParams(algo, publicParams, privateParams) { const { d } = privateParams; return algoModule.validateParams(oid, Q, d); } - case enums.publicKey.eddsa: { - const { oid, Q } = publicParams; + case enums.publicKey.eddsa: + case enums.publicKey.ed25519Legacy: { + const { Q, oid } = publicParams; const { seed } = privateParams; - return publicKey.elliptic.eddsa.validateParams(oid, Q, seed); + return publicKey.elliptic.eddsaLegacy.validateParams(oid, Q, seed); + } + case enums.publicKey.ed25519: { + const { A } = publicParams; + const { seed } = privateParams; + return publicKey.elliptic.eddsa.validateParams(algo, A, seed); } default: throw new Error('Unknown public key algorithm.'); diff --git a/src/crypto/public_key/elliptic/eddsa.js b/src/crypto/public_key/elliptic/eddsa.js index a3277ff6..474ebb07 100644 --- a/src/crypto/public_key/elliptic/eddsa.js +++ b/src/crypto/public_key/elliptic/eddsa.js @@ -26,12 +26,30 @@ import nacl from '@openpgp/tweetnacl/nacl-fast-light'; import util from '../../../util'; import enums from '../../../enums'; import hash from '../../hash'; +import { getRandomBytes } from '../../random'; nacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest()); +/** + * Generate (non-legacy) EdDSA key + * @param {module:enums.publicKey} algo - Algorithm identifier + * @returns Promise<{ A, seed }> + */ +export async function generate(algo) { + switch (algo) { + case enums.publicKey.ed25519: { + const seed = getRandomBytes(32); + const { publicKey: A } = nacl.sign.keyPair.fromSeed(seed); + return { A, seed }; + } + default: + throw new Error('Unsupported EdDSA algorithm'); + } +} + /** * Sign a message using the provided key - * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.publicKey} algo - Algorithm identifier * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) * @param {Uint8Array} message - Message to sign * @param {Uint8Array} publicKey - Public key @@ -43,55 +61,67 @@ nacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest()); * }>} Signature of the message * @async */ -export async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) { +export async function sign(algo, hashAlgo, message, publicKey, privateKey, hashed) { if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 throw new Error('Hash algorithm too weak: sha256 or stronger is required for EdDSA.'); } - const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]); - const signature = nacl.sign.detached(hashed, secretKey); - // EdDSA signature params are returned in little-endian format - return { - r: signature.subarray(0, 32), - s: signature.subarray(32) - }; + switch (algo) { + case enums.publicKey.ed25519: { + const secretKey = util.concatUint8Array([privateKey, publicKey]); + const signature = nacl.sign.detached(hashed, secretKey); + return { RS: signature }; + } + case enums.publicKey.ed448: + default: + throw new Error('Unsupported EdDSA algorithm'); + } + } /** * Verifies if a signature is valid for a message - * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.publicKey} algo - Algorithm identifier * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature - * @param {{r: Uint8Array, - s: Uint8Array}} signature Signature to verify the message + * @param {{ RS: Uint8Array }} signature Signature to verify the message * @param {Uint8Array} m - Message to verify * @param {Uint8Array} publicKey - Public key used to verify the message * @param {Uint8Array} hashed - The hashed message * @returns {Boolean} * @async */ -export async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) { - const signature = util.concatUint8Array([r, s]); - return nacl.sign.detached.verify(hashed, signature, publicKey.subarray(1)); +export async function verify(algo, hashAlgo, { RS }, m, publicKey, hashed) { + switch (algo) { + case enums.publicKey.ed25519: { + return nacl.sign.detached.verify(hashed, RS, publicKey); + } + case enums.publicKey.ed448: + default: + throw new Error('Unsupported EdDSA algorithm'); + } } /** - * Validate EdDSA parameters - * @param {module:type/oid} oid - Elliptic curve object identifier - * @param {Uint8Array} Q - EdDSA public point + * Validate (non-legacy) EdDSA parameters + * @param {module:enums.publicKey} algo - Algorithm identifier + * @param {Uint8Array} A - EdDSA public point * @param {Uint8Array} k - EdDSA secret seed + * @param {Uint8Array} oid - (legacy only) EdDSA OID * @returns {Promise} Whether params are valid. * @async */ -export async function validateParams(oid, Q, k) { - // Check whether the given curve is supported - if (oid.getName() !== 'ed25519') { - return false; - } +export async function validateParams(algo, A, k) { + switch (algo) { + case enums.publicKey.ed25519: { + /** + * Derive public point A' from private key + * and expect A == A' + */ + const { publicKey } = nacl.sign.keyPair.fromSeed(k); + return util.equalsUint8Array(A, publicKey); + } - /** - * Derive public point Q' = dG from private key - * and expect Q == Q' - */ - const { publicKey } = nacl.sign.keyPair.fromSeed(k); - const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix - return util.equalsUint8Array(Q, dG); + case enums.publicKey.ed448: // unsupported + default: + return false; + } } diff --git a/src/crypto/public_key/elliptic/eddsa_legacy.js b/src/crypto/public_key/elliptic/eddsa_legacy.js new file mode 100644 index 00000000..7c348de1 --- /dev/null +++ b/src/crypto/public_key/elliptic/eddsa_legacy.js @@ -0,0 +1,99 @@ +// OpenPGP.js - An OpenPGP implementation in javascript +// Copyright (C) 2018 Proton Technologies AG +// +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; either +// version 3.0 of the License, or (at your option) any later version. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +/** + * @fileoverview Implementation of legacy EdDSA following RFC4880bis-03 for OpenPGP. + * This key type has been deprecated by the crypto-refresh RFC. + * @module crypto/public_key/elliptic/eddsa_legacy + * @private + */ + +import sha512 from 'hash.js/lib/hash/sha/512'; +import nacl from '@openpgp/tweetnacl/nacl-fast-light'; +import util from '../../../util'; +import enums from '../../../enums'; +import hash from '../../hash'; + +nacl.hash = bytes => new Uint8Array(sha512().update(bytes).digest()); + +/** + * Sign a message using the provided legacy EdDSA key + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used to sign (must be sha256 or stronger) + * @param {Uint8Array} message - Message to sign + * @param {Uint8Array} publicKey - Public key + * @param {Uint8Array} privateKey - Private key used to sign the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Promise<{ + * r: Uint8Array, + * s: Uint8Array + * }>} Signature of the message + * @async + */ +export async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed) { + if (hash.getHashByteLength(hashAlgo) < hash.getHashByteLength(enums.hash.sha256)) { + // see https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2 + throw new Error('Hash algorithm too weak: sha256 or stronger is required for EdDSA.'); + } + const secretKey = util.concatUint8Array([privateKey, publicKey.subarray(1)]); + const signature = nacl.sign.detached(hashed, secretKey); + // EdDSA signature params are returned in little-endian format + return { + r: signature.subarray(0, 32), + s: signature.subarray(32) + }; +} + +/** + * Verifies if a legacy EdDSA signature is valid for a message + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {module:enums.hash} hashAlgo - Hash algorithm used in the signature + * @param {{r: Uint8Array, + s: Uint8Array}} signature Signature to verify the message + * @param {Uint8Array} m - Message to verify + * @param {Uint8Array} publicKey - Public key used to verify the message + * @param {Uint8Array} hashed - The hashed message + * @returns {Boolean} + * @async + */ +export async function verify(oid, hashAlgo, { r, s }, m, publicKey, hashed) { + const signature = util.concatUint8Array([r, s]); + return nacl.sign.detached.verify(hashed, signature, publicKey.subarray(1)); +} +/** + * Validate legacy EdDSA parameters + * @param {module:type/oid} oid - Elliptic curve object identifier + * @param {Uint8Array} Q - EdDSA public point + * @param {Uint8Array} k - EdDSA secret seed + * @returns {Promise} Whether params are valid. + * @async + */ +export async function validateParams(oid, Q, k) { + // Check whether the given curve is supported + if (oid.getName() !== 'ed25519') { + return false; + } + + /** + * Derive public point Q' = dG from private key + * and expect Q == Q' + */ + const { publicKey } = nacl.sign.keyPair.fromSeed(k); + const dG = new Uint8Array([0x40, ...publicKey]); // Add public key prefix + return util.equalsUint8Array(Q, dG); + +} diff --git a/src/crypto/public_key/elliptic/index.js b/src/crypto/public_key/elliptic/index.js index 2f5367fe..1c338acd 100644 --- a/src/crypto/public_key/elliptic/index.js +++ b/src/crypto/public_key/elliptic/index.js @@ -27,9 +27,10 @@ import { Curve, generate, getPreferredHashAlgo } from './curves'; import * as ecdsa from './ecdsa'; +import * as eddsaLegacy from './eddsa_legacy'; import * as eddsa from './eddsa'; import * as ecdh from './ecdh'; export { - Curve, ecdh, ecdsa, eddsa, generate, getPreferredHashAlgo + Curve, ecdh, ecdsa, eddsaLegacy, eddsa, generate, getPreferredHashAlgo }; diff --git a/src/crypto/signature.js b/src/crypto/signature.js index aa027bbe..c2027ed1 100644 --- a/src/crypto/signature.js +++ b/src/crypto/signature.js @@ -43,10 +43,11 @@ export function parseSignatureParams(algo, signature) { const s = util.readMPI(signature.subarray(read)); return { r, s }; } - // Algorithm-Specific Fields for EdDSA signatures: + // Algorithm-Specific Fields for legacy EdDSA signatures: // - MPI of an EC point r. // - EdDSA value s, in MPI, in the little endian representation - case enums.publicKey.eddsa: { + case enums.publicKey.eddsa: + case enums.publicKey.ed25519Legacy: { // When parsing little-endian MPI data, we always need to left-pad it, as done with big-endian values: // https://www.ietf.org/archive/id/draft-ietf-openpgp-rfc4880bis-10.html#section-3.2-9 let r = util.readMPI(signature.subarray(read)); read += r.length + 2; @@ -55,6 +56,12 @@ export function parseSignatureParams(algo, signature) { s = util.leftPad(s, 32); return { r, s }; } + // Algorithm-Specific Fields for Ed25519 signatures: + // - 64 octets of the native signature + case enums.publicKey.ed25519: { + const RS = signature.subarray(read, read + 64); read += RS.length; + return { RS }; + } default: throw new UnsupportedError('Unknown signature algorithm.'); } @@ -96,10 +103,15 @@ export async function verify(algo, hashAlgo, signature, publicParams, data, hash const s = util.leftPad(signature.s, curveSize); return publicKey.elliptic.ecdsa.verify(oid, hashAlgo, { r, s }, data, Q, hashed); } - case enums.publicKey.eddsa: { + case enums.publicKey.eddsa: + case enums.publicKey.ed25519Legacy: { const { oid, Q } = publicParams; // signature already padded on parsing - return publicKey.elliptic.eddsa.verify(oid, hashAlgo, signature, data, Q, hashed); + return publicKey.elliptic.eddsaLegacy.verify(oid, hashAlgo, signature, data, Q, hashed); + } + case enums.publicKey.ed25519: { + const { A } = publicParams; + return publicKey.elliptic.eddsa.verify(algo, hashAlgo, signature, data, A, hashed); } default: throw new Error('Unknown signature algorithm.'); @@ -146,10 +158,16 @@ export async function sign(algo, hashAlgo, publicKeyParams, privateKeyParams, da const { d } = privateKeyParams; return publicKey.elliptic.ecdsa.sign(oid, hashAlgo, data, Q, d, hashed); } - case enums.publicKey.eddsa: { + case enums.publicKey.eddsa: + case enums.publicKey.ed25519Legacy: { const { oid, Q } = publicKeyParams; const { seed } = privateKeyParams; - return publicKey.elliptic.eddsa.sign(oid, hashAlgo, data, Q, seed, hashed); + return publicKey.elliptic.eddsaLegacy.sign(oid, hashAlgo, data, Q, seed, hashed); + } + case enums.publicKey.ed25519: { + const { A } = publicKeyParams; + const { seed } = privateKeyParams; + return publicKey.elliptic.eddsa.sign(algo, hashAlgo, data, A, seed, hashed); } default: throw new Error('Unknown signature algorithm.'); diff --git a/src/enums.js b/src/enums.js index 3f2e15ab..84bf9ccd 100644 --- a/src/enums.js +++ b/src/enums.js @@ -90,7 +90,7 @@ export default { gnu: 101 }, - /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.1|RFC4880bis-04, section 9.1} + /** {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-08.html#section-9.1|crypto-refresh RFC, section 9.1} * @enum {Integer} * @readonly */ @@ -109,13 +109,22 @@ export default { ecdh: 18, /** ECDSA (Sign only) [RFC6637] */ ecdsa: 19, - /** EdDSA (Sign only) + /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below) * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */ - eddsa: 22, + ed25519Legacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility + eddsa: 22, // to be deprecated in v6 /** Reserved for AEDH */ aedh: 23, /** Reserved for AEDSA */ - aedsa: 24 + aedsa: 24, + /** ECDH 25519 (encrypt only) */ + x25519: 25, + /** ECDH 448 (encrypt only) */ + x448: 26, + /** EdDSA 25519 (sign only) */ + ed25519: 27, + /** EdDSA 448 (sign only) */ + eddsa448: 28 }, /** {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2} diff --git a/src/packet/public_key.js b/src/packet/public_key.js index 14c188e6..15e90857 100644 --- a/src/packet/public_key.js +++ b/src/packet/public_key.js @@ -260,7 +260,7 @@ class PublicKeyPacket { const modulo = this.publicParams.n || this.publicParams.p; if (modulo) { result.bits = util.uint8ArrayBitLength(modulo); - } else { + } else if (this.publicParams.oid) { result.curve = this.publicParams.oid.getName(); } return result; diff --git a/test/crypto/validate.js b/test/crypto/validate.js index d194d00b..5e311532 100644 --- a/test/crypto/validate.js +++ b/test/crypto/validate.js @@ -87,7 +87,7 @@ async function generatePrivateKeyObject(options) { /* eslint-disable no-invalid-this */ module.exports = () => { - describe('EdDSA parameter validation', function() { + describe('EdDSA parameter validation (legacy format)', function() { let eddsaKey; before(async () => { eddsaKey = await generatePrivateKeyObject({ curve: 'ed25519' }); diff --git a/test/general/key.js b/test/general/key.js index 882552f4..6288bd8c 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -3012,6 +3012,22 @@ zWBsBR8VnoOVfEE+VQk6YAi7cTSjcMjfsIez9FYtAQDKo9aCMhUohYyqvhZjn8aS })).to.be.rejectedWith(/Cannot read KDFParams/); }); + it('Parsing V4 key using new curve25519 format', async function() { + const privateKey = await openpgp.readKey({ armoredKey: `-----BEGIN PGP PRIVATE KEY BLOCK----- + +xUkEZBw5PBscroGar9fsilA0q9AX979pBhTNkGQ69vQGGW7kxRxNuABB+eAw +JrQ9A3o1gUJg28ORTQd72+kFo87184qR97a6rRGFzQR0ZXN0wogEEBsIAD4F +gmQcOTwECwkHCAmQT/m+Rl22Ps8DFQgKBBYAAgECGQECmwMCHgEWIQSUlOfm +G7MWJd2909ZP+b5GXbY+zwAAVs/4pWH4l7pWcTATBavVqSATMKi4A+usp89G +J/qaHc+qmcEpIMmPNvLQ7n4F4kEXk8Zwz+OXovVWLQ+Njl5gzooF +=wYg1 +-----END PGP PRIVATE KEY BLOCK-----` }); + // sanity checks + await expect(privateKey.validate()).to.be.fulfilled; + const signingKey = await privateKey.getSigningKey(); + expect(signingKey.keyPacket.algorithm).to.equal(openpgp.enums.publicKey.ed25519); + }); + it('Testing key ID and fingerprint for V4 keys', async function() { const pubKeysV4 = await openpgp.readKeys({ armoredKeys: twoKeys }); expect(pubKeysV4).to.exist; @@ -4077,7 +4093,7 @@ XvmoLueOOShu01X/kaylMqaT8w== await subkey.verify(); }); - it('sign/verify data with the new subkey correctly using curve25519', async function() { + it('sign/verify data with the new subkey correctly using curve25519 (legacy format)', async function() { const userID = { name: 'test', email: 'a@b.com' }; const opt = { curve: 'curve25519', userIDs: [userID], format: 'object', subkeys:[] }; const { privateKey } = await openpgp.generateKey(opt); diff --git a/test/general/openpgp.js b/test/general/openpgp.js index 2335664f..0378b3ad 100644 --- a/test/general/openpgp.js +++ b/test/general/openpgp.js @@ -4035,6 +4035,34 @@ bsZgJWVlAa5eil6J9ePX2xbo1vVAkLQdzE9+1jL+l7PRIZuVBQ== expect(await verified.signatures[0].verified).to.be.true; }); }); + + it('sign/verify with new Ed25519 format', async function () { + // v4 key, which we do not support generating + const privateKey = await openpgp.readKey({ armoredKey: `-----BEGIN PGP PRIVATE KEY BLOCK----- + +xUkEZBw5PBscroGar9fsilA0q9AX979pBhTNkGQ69vQGGW7kxRxNuABB+eAw +JrQ9A3o1gUJg28ORTQd72+kFo87184qR97a6rRGFzQR0ZXN0wogEEBsIAD4F +gmQcOTwECwkHCAmQT/m+Rl22Ps8DFQgKBBYAAgECGQECmwMCHgEWIQSUlOfm +G7MWJd2909ZP+b5GXbY+zwAAVs/4pWH4l7pWcTATBavVqSATMKi4A+usp89G +J/qaHc+qmcEpIMmPNvLQ7n4F4kEXk8Zwz+OXovVWLQ+Njl5gzooF +=wYg1 +-----END PGP PRIVATE KEY BLOCK----- + ` }); + const plaintext = 'plaintext'; + + const signed = await openpgp.sign({ + message: await openpgp.createMessage({ text: plaintext }), + signingKeys: privateKey + }); + + const { signatures, data } = await openpgp.verify({ + message: await openpgp.readMessage({ armoredMessage: signed }), + verificationKeys: privateKey + }); + expect(data).to.equal(plaintext); + expect(signatures).to.have.length(1); + expect(await signatures[0].verified).to.be.true; + }); }); describe('Errors', function() { diff --git a/test/general/streaming.js b/test/general/streaming.js index 2d6e16d9..b604907a 100644 --- a/test/general/streaming.js +++ b/test/general/streaming.js @@ -730,7 +730,7 @@ function tests() { expect(await verified.signatures[0].verified).to.be.true; }); - it('Detached sign small message using x25519 curve keys', async function() { + it('Detached sign small message using curve25519 keys (legacy format)', async function() { dataArrived(); // Do not wait until data arrived. const data = global.ReadableStream ? new global.ReadableStream({ async start(controller) {