suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename public/privateKeys to encryption/decryption/signing/verificationKeys (#1299)

Browse Source 
- Rename `publicKeys` to `encryptionKeys` or `verificationKeys` depending on their use
- Rename `privateKeys` to `decryptionKeys` or `signingKeys` depending on their use
- Similarly, rename `toUserIDs` to `encryptionUserIDs` and `fromUserIDs` to `signingUserIDs`
This commit is contained in:
Ali Cherry 2021-05-17 19:56:28 +03:00 committed by GitHub
parent 93b77669bc
commit 6299c6dd77
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 513 additions and 508 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
openpgp.d.ts vendored
View File

@ -14,7 +14,7 @@ export function readKey(options: { binaryKey: Uint8Array, config?: PartialConfig
export function readKeys(options: { armoredKeys: string, config?: PartialConfig }): Promise<Key[]>;
export function readKeys(options: { binaryKeys: Uint8Array, config?: PartialConfig }): Promise<Key[]>;
export function generateKey(options: KeyOptions): Promise<KeyPair>;
export function generateSessionKey(options: { publicKeys: Key[], date?: Date, toUserIDs?: UserID[], config?: PartialConfig }): Promise<SessionKey>;
export function generateSessionKey(options: { encryptionKeys: Key[], date?: Date, encryptionUserIDs?: UserID[], config?: PartialConfig }): Promise<SessionKey>;
export function decryptKey(options: { privateKey: Key; passphrase?: string | string[]; config?: PartialConfig }): Promise<Key>;
export function encryptKey(options: { privateKey: Key; passphrase?: string | string[]; config?: PartialConfig }): Promise<Key>;
export function reformatKey(options: { privateKey: Key; userIDs?: UserID|UserID[]; passphrase?: string; keyExpirationTime?: number; config?: PartialConfig }): Promise<KeyPair>;
@ -212,14 +212,14 @@ export class Message<T extends MaybeStream<Data>> {
public armor(config?: Config): string;
/** Decrypt the message
@param privateKey private key with decrypted secret data
@param decryptionKeys array of private keys with decrypted secret data
*/
public decrypt(privateKeys?: Key[], passwords?: string[], sessionKeys?: SessionKey[], config?: Config): Promise<Message<MaybeStream<Data>>>;
public decrypt(decryptionKeys?: Key[], passwords?: string[], sessionKeys?: SessionKey[], config?: Config): Promise<Message<MaybeStream<Data>>>;
/** Encrypt the message
@param keys array of keys, used to encrypt the message
@param encryptionKeys array of public keys, used to encrypt the message
*/
public encrypt(keys?: Key[], passwords?: string[], sessionKeys?: SessionKey[], wildcard?: boolean, encryptionKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], config?: Config): Promise<Message<MaybeStream<Data>>>;
public encrypt(encryptionKeys?: Key[], passwords?: string[], sessionKeys?: SessionKey[], wildcard?: boolean, encryptionKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], config?: Config): Promise<Message<MaybeStream<Data>>>;
/** Returns the key IDs of the keys to which the session key is encrypted
*/
@ -240,18 +240,18 @@ export class Message<T extends MaybeStream<Data>> {
public getFilename(): string | null;
/** Sign the message (the literal data packet of the message)
@param privateKey private keys with decrypted secret key data for signing
@param signingKeys private keys with decrypted secret key data for signing
*/
public sign(privateKey: Key[], signature?: Signature, signingKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], config?: Config): Promise<Message<T>>;
public sign(signingKeys: Key[], signature?: Signature, signingKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], config?: Config): Promise<Message<T>>;
/** Unwrap compressed message
*/
public unwrapCompressed(): Message<T>;
/** Verify message signatures
@param keys array of keys to verify signatures
@param verificationKeys array of public keys to verify signatures
*/
public verify(keys: Key[], date?: Date, config?: Config): Promise<VerificationResult[]>;
public verify(verificationKeys: Key[], date?: Date, config?: Config): Promise<VerificationResult[]>;
/**
* Append signature to unencrypted message object
@ -525,9 +525,9 @@ interface EncryptOptions {
/** message to be encrypted as created by createMessage */
message: Message<MaybeStream<Data>>;
/** (optional) array of keys or single key, used to encrypt the message */
publicKeys?: Key | Key[];
encryptionKeys?: Key | Key[];
/** (optional) private keys for signing. If omitted message will not be signed */
privateKeys?: Key | Key[];
signingKeys?: Key | Key[];
/** (optional) array of passwords or a single password to encrypt the message */
passwords?: string | string[];
/** (optional) session key in the form: { data:Uint8Array, algorithm:String } */
@ -540,10 +540,14 @@ interface EncryptOptions {
date?: Date;
/** (optional) use a key ID of 0 instead of the public key IDs */
wildcard?: boolean;
/** (optional) user ID to sign with, e.g. { name:'Steve Sender', email:'steve@openpgp.org' } */
fromUserID?: UserID;
/** (optional) user ID to encrypt for, e.g. { name:'Robert Receiver', email:'robert@openpgp.org' } */
toUserID?: UserID;
/** (optional) Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]` */
signingKeyIDs?: KeyID[];
/** (optional) Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`*/
encryptionKeyIDs?: KeyID[];
/** (optional) Array of user IDs to sign with, e.g. { name:'Steve Sender', email:'steve@openpgp.org' } */
signingUserIDs?: UserID[];
/** (optional) array of user IDs to encrypt for, e.g. { name:'Robert Receiver', email:'robert@openpgp.org' } */
encryptionUserIDs?: UserID[];
config?: PartialConfig;
}
@ -551,13 +555,13 @@ interface DecryptOptions {
/** the message object with the encrypted data */
message: Message<MaybeStream<Data>>;
/** (optional) private keys with decrypted secret key data or session key */
privateKeys?: Key | Key[];
decryptionKeys?: Key | Key[];
/** (optional) passwords to decrypt the message */
passwords?: string | string[];
/** (optional) session keys in the form: { data:Uint8Array, algorithm:String } */
sessionKeys?: SessionKey | SessionKey[];
/** (optional) array of public keys or single key, to verify signatures */
publicKeys?: Key | Key[];
verificationKeys?: Key | Key[];
/** (optional) whether data decryption should fail if the message is not signed with the provided publicKeys */
expectSigned?: boolean;
/** (optional) whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. */
@ -571,12 +575,13 @@ interface DecryptOptions {
interface SignOptions {
message: CleartextMessage | Message<MaybeStream<Data>>;
privateKeys?: Key | Key[];
signingKeys?: Key | Key[];
armor?: boolean;
dataType?: DataPacketType;
detached?: boolean;
signingKeyIDs?: KeyID[];
date?: Date;
fromUserID?: UserID;
signingUserIDs?: UserID[];
config?: PartialConfig;
}
@ -584,7 +589,7 @@ interface VerifyOptions {
/** (cleartext) message object with signatures */
message: CleartextMessage | Message<MaybeStream<Data>>;
/** array of publicKeys or single key, to verify signatures */
publicKeys: Key | Key[];
verificationKeys: Key | Key[];
/** (optional) whether verification should throw if the message is not signed with the provided publicKeys */
expectSigned?: boolean;
/** (optional) whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. */

134
src/message.js
View File

@ -104,15 +104,15 @@ export class Message {
/**
* Decrypt the message. Either a private key, a session key, or a password must be specified.
* @param {Array<Key>} [privateKeys] - Private keys with decrypted secret data
* @param {Array<Key>} [decryptionKeys] - Private keys with decrypted secret data
* @param {Array<String>} [passwords] - Passwords used to decrypt
* @param {Array<Object>} [sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }
* @param {Object} [config] - Full configuration, defaults to openpgp.config
* @returns {Promise<Message>} New message with decrypted content.
* @async
*/
async decrypt(privateKeys, passwords, sessionKeys, config = defaultConfig) {
const keyObjs = sessionKeys || await this.decryptSessionKeys(privateKeys, passwords, config);
async decrypt(decryptionKeys, passwords, sessionKeys, config = defaultConfig) {
const keyObjs = sessionKeys || await this.decryptSessionKeys(decryptionKeys, passwords, config);
const symEncryptedPacketlist = this.packets.filterByTag(
enums.packet.symmetricallyEncryptedData,
@ -155,7 +155,7 @@ export class Message {
/**
* Decrypt encrypted session keys either with private keys or passwords.
* @param {Array<Key>} [privateKeys] - Private keys with decrypted secret data
* @param {Array<Key>} [decryptionKeys] - Private keys with decrypted secret data
* @param {Array<String>} [passwords] - Passwords used to decrypt
* @param {Object} [config] - Full configuration, defaults to openpgp.config
* @returns {Promise<Array<{
@ -164,7 +164,7 @@ export class Message {
* }>>} array of object with potential sessionKey, algorithm pairs
* @async
*/
async decryptSessionKeys(privateKeys, passwords, config = defaultConfig) {
async decryptSessionKeys(decryptionKeys, passwords, config = defaultConfig) {
let keyPackets = [];
let exception;
@ -189,13 +189,13 @@ export class Message {
}
}));
}));
} else if (privateKeys) {
} else if (decryptionKeys) {
const pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);
if (pkESKeyPacketlist.length === 0) {
throw new Error('No public key encrypted session key packet found.');
}
await Promise.all(pkESKeyPacketlist.map(async function(keyPacket) {
await Promise.all(privateKeys.map(async function(privateKey) {
await Promise.all(decryptionKeys.map(async function(decryptionKey) {
let algos = [
enums.symmetric.aes256, // Old OpenPGP.js default fallback
enums.symmetric.aes128, // RFC4880bis fallback
@ -203,23 +203,23 @@ export class Message {
enums.symmetric.cast5 // Golang OpenPGP fallback
];
try {
const primaryUser = await privateKey.getPrimaryUser(undefined, undefined, config); // TODO: Pass userID from somewhere.
const primaryUser = await decryptionKey.getPrimaryUser(undefined, undefined, config); // TODO: Pass userID from somewhere.
if (primaryUser.selfCertification.preferredSymmetricAlgorithms) {
algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms);
}
} catch (e) {}
// do not check key expiration to allow decryption of old messages
const privateKeyPackets = (await privateKey.getDecryptionKeys(keyPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);
await Promise.all(privateKeyPackets.map(async function(privateKeyPacket) {
if (!privateKeyPacket || privateKeyPacket.isDummy()) {
const decryptionKeyPackets = (await decryptionKey.getDecryptionKeys(keyPacket.publicKeyID, null, undefined, config)).map(key => key.keyPacket);
await Promise.all(decryptionKeyPackets.map(async function(decryptionKeyPacket) {
if (!decryptionKeyPacket || decryptionKeyPacket.isDummy()) {
return;
}
if (!privateKeyPacket.isDecrypted()) {
throw new Error('Private key is not decrypted.');
if (!decryptionKeyPacket.isDecrypted()) {
throw new Error('Decryption key is not decrypted.');
}
try {
await keyPacket.decrypt(privateKeyPacket);
await keyPacket.decrypt(decryptionKeyPacket);
if (!algos.includes(enums.write(enums.symmetric, keyPacket.sessionKeyAlgorithm))) {
throw new Error('A non-preferred symmetric algorithm was used.');
}
@ -290,18 +290,18 @@ export class Message {
}
/**
* Generate a new session key object, taking the algorithm preferences of the passed public keys into account, if any.
* @param {Array<Key>} [keys] - Public key(s) to select algorithm preferences for
* Generate a new session key object, taking the algorithm preferences of the passed encryption keys into account, if any.
* @param {Array<Key>} [encryptionKeys] - Public key(s) to select algorithm preferences for
* @param {Date} [date] - Date to select algorithm preferences at
* @param {Array<Object>} [userIDs] - User IDs to select algorithm preferences for
* @param {Object} [config] - Full configuration, defaults to openpgp.config
* @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.
* @async
*/
static async generateSessionKey(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {
const algorithm = enums.read(enums.symmetric, await getPreferredAlgo('symmetric', keys, date, userIDs, config));
const aeadAlgorithm = config.aeadProtect && await isAEADSupported(keys, date, userIDs, config) ?
enums.read(enums.aead, await getPreferredAlgo('aead', keys, date, userIDs, config)) :
static async generateSessionKey(encryptionKeys = [], date = new Date(), userIDs = [], config = defaultConfig) {
const algorithm = enums.read(enums.symmetric, await getPreferredAlgo('symmetric', encryptionKeys, date, userIDs, config));
const aeadAlgorithm = config.aeadProtect && await isAEADSupported(encryptionKeys, date, userIDs, config) ?
enums.read(enums.aead, await getPreferredAlgo('aead', encryptionKeys, date, userIDs, config)) :
undefined;
const sessionKeyData = await crypto.generateSessionKey(algorithm);
@ -310,24 +310,24 @@ export class Message {
/**
* Encrypt the message either with public keys, passwords, or both at once.
* @param {Array<Key>} [keys] - Public key(s) for message encryption
* @param {Array<Key>} [encryptionKeys] - Public key(s) for message encryption
* @param {Array<String>} [passwords] - Password(s) for message encryption
* @param {Object} [sessionKey] - Session key in the form: { data:Uint8Array, algorithm:String, [aeadAlgorithm:String] }
* @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs
* @param {Array<module:type/keyid~KeyID>} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to publicKeys[i]
* @param {Array<module:type/keyid~KeyID>} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to keys[i]
* @param {Date} [date] - Override the creation date of the literal package
* @param {Array<Object>} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]
* @param {Object} [config] - Full configuration, defaults to openpgp.config
* @returns {Promise<Message>} New message with encrypted content.
* @async
*/
async encrypt(keys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {
async encrypt(encryptionKeys, passwords, sessionKey, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {
if (sessionKey) {
if (!util.isUint8Array(sessionKey.data) || !util.isString(sessionKey.algorithm)) {
throw new Error('Invalid session key for encryption.');
}
} else if (keys && keys.length) {
sessionKey = await Message.generateSessionKey(keys, date, userIDs, config);
} else if (encryptionKeys && encryptionKeys.length) {
sessionKey = await Message.generateSessionKey(encryptionKeys, date, userIDs, config);
} else if (passwords && passwords.length) {
sessionKey = await Message.generateSessionKey(undefined, undefined, undefined, config);
} else {
@ -336,7 +336,7 @@ export class Message {
const { data: sessionKeyData, algorithm, aeadAlgorithm } = sessionKey;
const msg = await Message.encryptSessionKey(sessionKeyData, algorithm, aeadAlgorithm, keys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);
const msg = await Message.encryptSessionKey(sessionKeyData, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, userIDs, config);
let symEncryptedPacket;
if (aeadAlgorithm) {
@ -359,22 +359,22 @@ export class Message {
* @param {Uint8Array} sessionKey - session key for encryption
* @param {String} algorithm - session key algorithm
* @param {String} [aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'
* @param {Array<Key>} [publicKeys] - Public key(s) for message encryption
* @param {Array<Key>} [encryptionKeys] - Public key(s) for message encryption
* @param {Array<String>} [passwords] - For message encryption
* @param {Boolean} [wildcard] - Use a key ID of 0 instead of the public key IDs
* @param {Array<module:type/keyid~KeyID>} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to publicKeys[i]
* @param {Array<module:type/keyid~KeyID>} [encryptionKeyIDs] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]
* @param {Date} [date] - Override the date
* @param {Array} [userIDs] - User IDs to encrypt for, e.g. [{ name:'Robert Receiver', email:'robert@openpgp.org' }]
* @param {Object} [config] - Full configuration, defaults to openpgp.config
* @returns {Promise<Message>} New message with encrypted content.
* @async
*/
static async encryptSessionKey(sessionKey, algorithm, aeadAlgorithm, publicKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {
static async encryptSessionKey(sessionKey, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard = false, encryptionKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {
const packetlist = new PacketList();
if (publicKeys) {
const results = await Promise.all(publicKeys.map(async function(publicKey, i) {
const encryptionKey = await publicKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);
if (encryptionKeys) {
const results = await Promise.all(encryptionKeys.map(async function(primaryKey, i) {
const encryptionKey = await primaryKey.getEncryptionKey(encryptionKeyIDs[i], date, userIDs, config);
const pkESKeyPacket = new PublicKeyEncryptedSessionKeyPacket();
pkESKeyPacket.publicKeyID = wildcard ? KeyID.wildcard() : encryptionKey.getKeyID();
pkESKeyPacket.publicKeyAlgorithm = encryptionKey.keyPacket.algorithm;
@ -427,16 +427,16 @@ export class Message {
/**
* Sign the message (the literal data packet of the message)
* @param {Array<Key>} privateKeys - private keys with decrypted secret key data for signing
* @param {Array<Key>} signingKeys - private keys with decrypted secret key data for signing
* @param {Signature} [signature] - Any existing detached signature to add to the message
* @param {Array<module:type/keyid~KeyID>} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]
* @param {Array<module:type/keyid~KeyID>} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]
* @param {Date} [date] - Override the creation time of the signature
* @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]
* @param {Object} [config] - Full configuration, defaults to openpgp.config
* @returns {Promise<Message>} New message with signed content.
* @async
*/
async sign(privateKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {
async sign(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {
const packetlist = new PacketList();
const literalDataPacket = this.packets.findPacket(enums.packet.literalData);
@ -459,25 +459,25 @@ export class Message {
onePassSig.hashAlgorithm = signaturePacket.hashAlgorithm;
onePassSig.publicKeyAlgorithm = signaturePacket.publicKeyAlgorithm;
onePassSig.issuerKeyID = signaturePacket.issuerKeyID;
if (!privateKeys.length && i === 0) {
if (!signingKeys.length && i === 0) {
onePassSig.flags = 1;
}
packetlist.push(onePassSig);
}
}
await Promise.all(Array.from(privateKeys).reverse().map(async function (privateKey, i) {
if (privateKey.isPublic()) {
await Promise.all(Array.from(signingKeys).reverse().map(async function (primaryKey, i) {
if (primaryKey.isPublic()) {
throw new Error('Need private key for signing');
}
const signingKeyID = signingKeyIDs[privateKeys.length - 1 - i];
const signingKey = await privateKey.getSigningKey(signingKeyID, date, userIDs, config);
const signingKeyID = signingKeyIDs[signingKeys.length - 1 - i];
const signingKey = await primaryKey.getSigningKey(signingKeyID, date, userIDs, config);
const onePassSig = new OnePassSignaturePacket();
onePassSig.signatureType = signatureType;
onePassSig.hashAlgorithm = await getPreferredHashAlgo(privateKey, signingKey.keyPacket, date, userIDs, config);
onePassSig.hashAlgorithm = await getPreferredHashAlgo(primaryKey, signingKey.keyPacket, date, userIDs, config);
onePassSig.publicKeyAlgorithm = signingKey.keyPacket.algorithm;
onePassSig.issuerKeyID = signingKey.getKeyID();
if (i === privateKeys.length - 1) {
if (i === signingKeys.length - 1) {
onePassSig.flags = 1;
}
return onePassSig;
@ -486,7 +486,7 @@ export class Message {
});
packetlist.push(literalDataPacket);
packetlist.push(...(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, false, config)));
packetlist.push(...(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, false, config)));
return new Message(packetlist);
}
@ -514,26 +514,26 @@ export class Message {
/**
* Create a detached signature for the message (the literal data packet of the message)
* @param {Array<Key>} privateKeys - private keys with decrypted secret key data for signing
* @param {Array<Key>} signingKeys - private keys with decrypted secret key data for signing
* @param {Signature} [signature] - Any existing detached signature
* @param {Array<module:type/keyid~KeyID>} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]
* @param {Array<module:type/keyid~KeyID>} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]
* @param {Date} [date] - Override the creation time of the signature
* @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]
* @param {Object} [config] - Full configuration, defaults to openpgp.config
* @returns {Promise<Signature>} New detached signature of message content.
* @async
*/
async signDetached(privateKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {
async signDetached(signingKeys = [], signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], config = defaultConfig) {
const literalDataPacket = this.packets.findPacket(enums.packet.literalData);
if (!literalDataPacket) {
throw new Error('No literal data packet to sign.');
}
return new Signature(await createSignaturePackets(literalDataPacket, privateKeys, signature, signingKeyIDs, date, userIDs, true, config));
return new Signature(await createSignaturePackets(literalDataPacket, signingKeys, signature, signingKeyIDs, date, userIDs, true, config));
}
/**
* Verify message signatures
* @param {Array<Key>} keys - Array of keys to verify signatures
* @param {Array<Key>} verificationKeys - Array of public keys to verify signatures
* @param {Date} [date] - Verify the signature against the given date, i.e. check signature creation time < date < expiration time
* @param {Object} [config] - Full configuration, defaults to openpgp.config
* @returns {Promise<Array<{
@ -543,7 +543,7 @@ export class Message {
* }>>} List of signer's keyID and validity of signatures.
* @async
*/
async verify(keys, date = new Date(), config = defaultConfig) {
async verify(verificationKeys, date = new Date(), config = defaultConfig) {
const msg = this.unwrapCompressed();
const literalDataList = msg.packets.filterByTag(enums.packet.literalData);
if (literalDataList.length !== 1) {
@ -582,14 +582,14 @@ export class Message {
await writer.abort(e);
}
});
return createVerificationObjects(onePassSigList, literalDataList, keys, date, false, config);
return createVerificationObjects(onePassSigList, literalDataList, verificationKeys, date, false, config);
}
return createVerificationObjects(signatureList, literalDataList, keys, date, false, config);
return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, false, config);
}
/**
* Verify detached message signature
* @param {Array<Key>} keys - Array of keys to verify signatures
* @param {Array<Key>} verificationKeys - Array of public keys to verify signatures
* @param {Signature} signature
* @param {Date} date - Verify the signature against the given date, i.e. check signature creation time < date < expiration time
* @param {Object} [config] - Full configuration, defaults to openpgp.config
@ -600,14 +600,14 @@ export class Message {
* }>>} List of signer's keyID and validity of signature.
* @async
*/
verifyDetached(signature, keys, date = new Date(), config = defaultConfig) {
verifyDetached(signature, verificationKeys, date = new Date(), config = defaultConfig) {
const msg = this.unwrapCompressed();
const literalDataList = msg.packets.filterByTag(enums.packet.literalData);
if (literalDataList.length !== 1) {
throw new Error('Can only verify message with one literal data packet.');
}
const signatureList = signature.packets;
return createVerificationObjects(signatureList, literalDataList, keys, date, true, config);
return createVerificationObjects(signatureList, literalDataList, verificationKeys, date, true, config);
}
/**
@ -656,9 +656,9 @@ export class Message {
/**
* Create signature packets for the message
* @param {LiteralDataPacket} literalDataPacket - the literal data packet to sign
* @param {Array<Key>} privateKeys - private keys with decrypted secret key data for signing
* @param {Array<Key>} signingKeys - private keys with decrypted secret key data for signing
* @param {Signature} [signature] - Any existing detached signature to append
* @param {Array<module:type/keyid~KeyID>} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]
* @param {Array<module:type/keyid~KeyID>} [signingKeyIDs] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]
* @param {Date} [date] - Override the creationtime of the signature
* @param {Array} [userIDs] - User IDs to sign with, e.g. [{ name:'Steve Sender', email:'steve@openpgp.org' }]
* @param {Boolean} [detached] - Whether to create detached signature packets
@ -667,20 +667,20 @@ export class Message {
* @async
* @private
*/
export async function createSignaturePackets(literalDataPacket, privateKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], detached = false, config = defaultConfig) {
export async function createSignaturePackets(literalDataPacket, signingKeys, signature = null, signingKeyIDs = [], date = new Date(), userIDs = [], detached = false, config = defaultConfig) {
const packetlist = new PacketList();
// If data packet was created from Uint8Array, use binary, otherwise use text
const signatureType = literalDataPacket.text === null ?
enums.signature.binary : enums.signature.text;
await Promise.all(privateKeys.map(async (privateKey, i) => {
await Promise.all(signingKeys.map(async (primaryKey, i) => {
const userID = userIDs[i];
if (privateKey.isPublic()) {
if (primaryKey.isPublic()) {
throw new Error('Need private key for signing');
}
const signingKey = await privateKey.getSigningKey(signingKeyIDs[i], date, userID, config);
return createSignaturePacket(literalDataPacket, privateKey, signingKey.keyPacket, { signatureType }, date, userID, detached, config);
const signingKey = await primaryKey.getSigningKey(signingKeyIDs[i], date, userID, config);
return createSignaturePacket(literalDataPacket, primaryKey, signingKey.keyPacket, { signatureType }, date, userID, detached, config);
})).then(signatureList => {
signatureList.forEach(signaturePacket => packetlist.push(signaturePacket));
});
@ -696,7 +696,7 @@ export async function createSignaturePackets(literalDataPacket, privateKeys, sig
* Create object containing signer's keyID and validity of signature
* @param {SignaturePacket} signature - Signature packet
* @param {Array<LiteralDataPacket>} literalDataList - Array of literal data packets
* @param {Array<Key>} keys - Array of keys to verify signatures
* @param {Array<Key>} verificationKeys - Array of public keys to verify signatures
* @param {Date} date - Verify the signature against the given date,
* i.e. check signature creation time < date < expiration time
* @param {Boolean} [detached] - Whether to verify detached signature packets
@ -709,12 +709,12 @@ export async function createSignaturePackets(literalDataPacket, privateKeys, sig
* @async
* @private
*/
async function createVerificationObject(signature, literalDataList, keys, date = new Date(), detached = false, config = defaultConfig) {
async function createVerificationObject(signature, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {
let primaryKey;
let signingKey;
let keyError;
for (const key of keys) {
for (const key of verificationKeys) {
const issuerKeys = key.getKeys(signature.issuerKeyID);
if (issuerKeys.length > 0) {
primaryKey = key;
@ -772,7 +772,7 @@ async function createVerificationObject(signature, literalDataList, keys, date =
* Create list of objects containing signer's keyID and validity of signature
* @param {Array<SignaturePacket>} signatureList - Array of signature packets
* @param {Array<LiteralDataPacket>} literalDataList - Array of literal data packets
* @param {Array<Key>} keys - Array of keys to verify signatures
* @param {Array<Key>} verificationKeys - Array of public keys to verify signatures
* @param {Date} date - Verify the signature against the given date,
* i.e. check signature creation time < date < expiration time
* @param {Boolean} [detached] - Whether to verify detached signature packets
@ -785,11 +785,11 @@ async function createVerificationObject(signature, literalDataList, keys, date =
* @async
* @private
*/
export async function createVerificationObjects(signatureList, literalDataList, keys, date = new Date(), detached = false, config = defaultConfig) {
export async function createVerificationObjects(signatureList, literalDataList, verificationKeys, date = new Date(), detached = false, config = defaultConfig) {
return Promise.all(signatureList.filter(function(signature) {
return ['text', 'binary'].includes(enums.read(enums.signature, signature.signatureType));
}).map(async function(signature) {
return createVerificationObject(signature, literalDataList, keys, date, detached, config);
return createVerificationObject(signature, literalDataList, verificationKeys, date, detached, config);
}));
}

106
src/openpgp.js
View File

@ -228,47 +228,47 @@ export async function encryptKey({ privateKey, passphrase, config }) {
/**
* Encrypts message text/data with public keys, passwords or both at once. At least either public keys or passwords
* must be specified. If private keys are specified, those will be used to sign the message.
* Encrypts message text/data with public keys, passwords or both at once. At least either encryption keys or passwords
* must be specified. If signing keys are specified, those will be used to sign the message.
* @param {Object} options
* @param {Message} options.message - Message to be encrypted as created by {@link createMessage}
* @param {Key|Array<Key>} [options.publicKeys] - Array of keys or single key, used to encrypt the message
* @param {Key|Array<Key>} [options.privateKeys] - Private keys for signing. If omitted message will not be signed
* @param {Key|Array<Key>} [options.encryptionKeys] - Array of keys or single key, used to encrypt the message
* @param {Key|Array<Key>} [options.signingKeys] - Private keys for signing. If omitted message will not be signed
* @param {String|Array<String>} [options.passwords] - Array of passwords or a single password to encrypt the message
* @param {Object} [options.sessionKey] - Session key in the form: `{ data:Uint8Array, algorithm:String }`
* @param {Boolean} [options.armor=true] - Whether the return values should be ascii armored (true, the default) or binary (false)
* @param {Signature} [options.signature] - A detached signature to add to the encrypted message
* @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs
* @param {Array<module:type/keyid~KeyID>} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `privateKeys[i]`
* @param {Array<module:type/keyid~KeyID>} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `publicKeys[i]`
* @param {Array<module:type/keyid~KeyID>} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]`
* @param {Array<module:type/keyid~KeyID>} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`
* @param {Date} [options.date=current date] - Override the creation date of the message signature
* @param {Array<Object>} [options.fromUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `privateKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`
* @param {Array<Object>} [options.toUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `publicKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`
* @param {Array<Object>} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`
* @param {Array<Object>} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Robert Receiver', email: 'robert@openpgp.org' }]`
* @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}
* @returns {Promise<String|ReadableStream<String>|NodeStream<String>|Uint8Array|ReadableStream<Uint8Array>|NodeStream<Uint8Array>>} Encrypted message (string if `armor` was true, the default; Uint8Array if `armor` was false).
* @async
* @static
*/
export function encrypt({ message, publicKeys, privateKeys, passwords, sessionKey, armor = true, detached = false, signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), fromUserIDs = [], toUserIDs = [], config }) {
export function encrypt({ message, encryptionKeys, signingKeys, passwords, sessionKey, armor = true, detached = false, signature = null, wildcard = false, signingKeyIDs = [], encryptionKeyIDs = [], date = new Date(), signingUserIDs = [], encryptionUserIDs = [], config }) {
config = { ...defaultConfig, ...config };
checkMessage(message); publicKeys = toArray(publicKeys); privateKeys = toArray(privateKeys); passwords = toArray(passwords); fromUserIDs = toArray(fromUserIDs); toUserIDs = toArray(toUserIDs);
checkMessage(message); encryptionKeys = toArray(encryptionKeys); signingKeys = toArray(signingKeys); passwords = toArray(passwords); signingUserIDs = toArray(signingUserIDs); encryptionUserIDs = toArray(encryptionUserIDs);
if (detached) {
throw new Error("detached option has been removed from openpgp.encrypt. Separately call openpgp.sign instead. Don't forget to remove privateKeys option as well.");
}
return Promise.resolve().then(async function() {
const streaming = message.fromStream;
if (!privateKeys) {
privateKeys = [];
if (!signingKeys) {
signingKeys = [];
}
if (privateKeys.length || signature) { // sign the message only if private keys or signature is specified
message = await message.sign(privateKeys, signature, signingKeyIDs, date, fromUserIDs, config);
if (signingKeys.length || signature) { // sign the message only if signing keys or signature is specified
message = await message.sign(signingKeys, signature, signingKeyIDs, date, signingUserIDs, config);
}
message = message.compress(
await getPreferredAlgo('compression', publicKeys, date, toUserIDs, config),
await getPreferredAlgo('compression', encryptionKeys, date, encryptionUserIDs, config),
config
);
message = await message.encrypt(publicKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, toUserIDs, config);
message = await message.encrypt(encryptionKeys, passwords, sessionKey, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);
const data = armor ? message.armor(config) : message.write();
return convertStream(data, streaming, armor ? 'utf8' : 'binary');
}).catch(onError.bind(null, 'Error encrypting message'));
@ -279,10 +279,10 @@ export function encrypt({ message, publicKeys, privateKeys, passwords, sessionKe
* a session key or a password must be specified.
* @param {Object} options
* @param {Message} options.message - The message object with the encrypted data
* @param {Key|Array<Key>} [options.privateKeys] - Private keys with decrypted secret key data or session key
* @param {Key|Array<Key>} [options.decryptionKeys] - Private keys with decrypted secret key data or session key
* @param {String|Array<String>} [options.passwords] - Passwords to decrypt the message
* @param {Object|Array<Object>} [options.sessionKeys] - Session keys in the form: { data:Uint8Array, algorithm:String }
* @param {Key|Array<Key>} [options.publicKeys] - Array of public keys or single key, to verify signatures
* @param {Key|Array<Key>} [options.verificationKeys] - Array of public keys or single key, to verify signatures
* @param {Boolean} [options.expectSigned=false] - If true, data decryption fails if the message is not signed with the provided publicKeys
* @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.
* @param {Signature} [options.signature] - Detached signature for verification
@ -305,23 +305,23 @@ export function encrypt({ message, publicKeys, privateKeys, passwords, sessionKe
* @async
* @static
*/
export function decrypt({ message, privateKeys, passwords, sessionKeys, publicKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config }) {
export function decrypt({ message, decryptionKeys, passwords, sessionKeys, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config }) {
config = { ...defaultConfig, ...config };
checkMessage(message); publicKeys = toArray(publicKeys); privateKeys = toArray(privateKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);
checkMessage(message); verificationKeys = toArray(verificationKeys); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords); sessionKeys = toArray(sessionKeys);
return message.decrypt(privateKeys, passwords, sessionKeys, config).then(async function(decrypted) {
if (!publicKeys) {
publicKeys = [];
return message.decrypt(decryptionKeys, passwords, sessionKeys, config).then(async function(decrypted) {
if (!verificationKeys) {
verificationKeys = [];
}
const result = {};
result.signatures = signature ? await decrypted.verifyDetached(signature, publicKeys, date, config) : await decrypted.verify(publicKeys, date, config);
result.signatures = signature ? await decrypted.verifyDetached(signature, verificationKeys, date, config) : await decrypted.verify(verificationKeys, date, config);
result.data = format === 'binary' ? decrypted.getLiteralData() : decrypted.getText();
result.filename = decrypted.getFilename();
linkStreams(result, message);
if (expectSigned) {
if (publicKeys.length === 0) {
throw new Error('Public keys are required to verify message signatures');
if (verificationKeys.length === 0) {
throw new Error('Verification keys are required to verify message signatures');
}
if (result.signatures.length === 0) {
throw new Error('Message is not signed');
@ -351,30 +351,30 @@ export function decrypt({ message, privateKeys, passwords, sessionKeys, publicKe
* Signs a message.
* @param {Object} options
* @param {CleartextMessage|Message} options.message - (cleartext) message to be signed
* @param {Key|Array<Key>} options.privateKeys - Array of keys or single key with decrypted secret key data to sign cleartext
* @param {Key|Array<Key>} options.signingKeys - Array of keys or single key with decrypted secret key data to sign cleartext
* @param {Boolean} [options.armor=true] - Whether the return values should be ascii armored (true, the default) or binary (false)
* @param {Boolean} [options.detached=false] - If the return value should contain a detached signature
* @param {Array<module:type/keyid~KeyID>} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to privateKeys[i]
* @param {Array<module:type/keyid~KeyID>} [options.signingKeyIDs=latest-created valid signing (sub)keys] - Array of key IDs to use for signing. Each signingKeyIDs[i] corresponds to signingKeys[i]
* @param {Date} [options.date=current date] - Override the creation date of the signature
* @param {Array<Object>} [options.fromUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `privateKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`
* @param {Array<Object>} [options.signingUserIDs=primary user IDs] - Array of user IDs to sign with, one per key in `signingKeys`, e.g. `[{ name: 'Steve Sender', email: 'steve@openpgp.org' }]`
* @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}
* @returns {Promise<String|ReadableStream<String>|NodeStream<String>|Uint8Array|ReadableStream<Uint8Array>|NodeStream<Uint8Array>>} Signed message (string if `armor` was true, the default; Uint8Array if `armor` was false).
* @async
* @static
*/
export function sign({ message, privateKeys, armor = true, detached = false, signingKeyIDs = [], date = new Date(), fromUserIDs = [], config }) {
export function sign({ message, signingKeys, armor = true, detached = false, signingKeyIDs = [], date = new Date(), signingUserIDs = [], config }) {
config = { ...defaultConfig, ...config };
checkCleartextOrMessage(message);
if (message instanceof CleartextMessage && !armor) throw new Error("Can't sign non-armored cleartext message");
if (message instanceof CleartextMessage && detached) throw new Error("Can't detach-sign a cleartext message");
privateKeys = toArray(privateKeys); fromUserIDs = toArray(fromUserIDs);
signingKeys = toArray(signingKeys); signingUserIDs = toArray(signingUserIDs);
return Promise.resolve().then(async function() {
let signature;
if (detached) {
signature = await message.signDetached(privateKeys, undefined, signingKeyIDs, date, fromUserIDs, config);
signature = await message.signDetached(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, config);
} else {
signature = await message.sign(privateKeys, undefined, signingKeyIDs, date, fromUserIDs, config);
signature = await message.sign(signingKeys, undefined, signingKeyIDs, date, signingUserIDs, config);
}
signature = armor ? signature.armor(config) : signature.write();
if (detached) {
@ -393,7 +393,7 @@ export function sign({ message, privateKeys, armor = true, detached = false, sig
* Verifies signatures of cleartext signed message
* @param {Object} options
* @param {CleartextMessage|Message} options.message - (cleartext) message object with signatures
* @param {Key|Array<Key>} options.publicKeys - Array of publicKeys or single key, to verify signatures
* @param {Key|Array<Key>} options.verificationKeys - Array of publicKeys or single key, to verify signatures
* @param {Boolean} [options.expectSigned=false] - If true, verification throws if the message is not signed with the provided publicKeys
* @param {'utf8'|'binary'} [options.format='utf8'] - Whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines.
* @param {Signature} [options.signature] - Detached signature for verification
@ -415,19 +415,19 @@ export function sign({ message, privateKeys, armor = true, detached = false, sig
* @async
* @static
*/
export function verify({ message, publicKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config }) {
export function verify({ message, verificationKeys, expectSigned = false, format = 'utf8', signature = null, date = new Date(), config }) {
config = { ...defaultConfig, ...config };
checkCleartextOrMessage(message);
if (message instanceof CleartextMessage && format === 'binary') throw new Error("Can't return cleartext message data as binary");
if (message instanceof CleartextMessage && signature) throw new Error("Can't verify detached cleartext signature");
publicKeys = toArray(publicKeys);
verificationKeys = toArray(verificationKeys);
return Promise.resolve().then(async function() {
const result = {};
if (signature) {
result.signatures = await message.verifyDetached(signature, publicKeys, date, config);
result.signatures = await message.verifyDetached(signature, verificationKeys, date, config);
} else {
result.signatures = await message.verify(publicKeys, date, config);
result.signatures = await message.verify(verificationKeys, date, config);
}
result.data = format === 'binary' ? message.getLiteralData() : message.getText();
if (message.fromStream) linkStreams(result, message);
@ -458,21 +458,21 @@ export function verify({ message, publicKeys, expectSigned = false, format = 'ut
/**
* Generate a new session key object, taking the algorithm preferences of the passed public keys into account.
* @param {Object} options
* @param {Key|Array<Key>} options.publicKeys - Array of public keys or single key used to select algorithm preferences for
* @param {Key|Array<Key>} options.encryptionKeys - Array of public keys or single key used to select algorithm preferences for
* @param {Date} [options.date=current date] - Date to select algorithm preferences at
* @param {Array} [options.toUserIDs=primary user IDs] - User IDs to select algorithm preferences for
* @param {Array} [options.encryptionUserIDs=primary user IDs] - User IDs to select algorithm preferences for
* @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}
* @returns {Promise<{ data: Uint8Array, algorithm: String }>} Object with session key data and algorithm.
* @async
* @static
*/
export function generateSessionKey({ publicKeys, date = new Date(), toUserIDs = [], config }) {
export function generateSessionKey({ encryptionKeys, date = new Date(), encryptionUserIDs = [], config }) {
config = { ...defaultConfig, ...config };
publicKeys = toArray(publicKeys); toUserIDs = toArray(toUserIDs);
encryptionKeys = toArray(encryptionKeys); encryptionUserIDs = toArray(encryptionUserIDs);
return Promise.resolve().then(async function() {
return Message.generateSessionKey(publicKeys, date, toUserIDs, config);
return Message.generateSessionKey(encryptionKeys, date, encryptionUserIDs, config);
}).catch(onError.bind(null, 'Error generating session key'));
}
@ -484,25 +484,25 @@ export function generateSessionKey({ publicKeys, date = new Date(), toUserIDs =
* @param {Uint8Array} options.data - The session key to be encrypted e.g. 16 random bytes (for aes128)
* @param {String} options.algorithm - Algorithm of the symmetric session key e.g. 'aes128' or 'aes256'
* @param {String} [options.aeadAlgorithm] - AEAD algorithm, e.g. 'eax' or 'ocb'
* @param {Key|Array<Key>} [options.publicKeys] - Array of public keys or single key, used to encrypt the key
* @param {Key|Array<Key>} [options.encryptionKeys] - Array of public keys or single key, used to encrypt the key
* @param {String|Array<String>} [options.passwords] - Passwords for the message
* @param {Boolean} [options.armor=true] - Whether the return values should be ascii armored (true, the default) or binary (false)
* @param {Boolean} [options.wildcard=false] - Use a key ID of 0 instead of the public key IDs
* @param {Array<module:type/keyid~KeyID>} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to publicKeys[i]
* @param {Array<module:type/keyid~KeyID>} [options.encryptionKeyIDs=latest-created valid encryption (sub)keys] - Array of key IDs to use for encryption. Each encryptionKeyIDs[i] corresponds to encryptionKeys[i]
* @param {Date} [options.date=current date] - Override the date
* @param {Array} [options.toUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `publicKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`
* @param {Array} [options.encryptionUserIDs=primary user IDs] - Array of user IDs to encrypt for, one per key in `encryptionKeys`, e.g. `[{ name: 'Phil Zimmermann', email: 'phil@openpgp.org' }]`
* @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}
* @returns {Promise<String|Uint8Array>} Encrypted session keys (string if `armor` was true, the default; Uint8Array if `armor` was false).
* @async
* @static
*/
export function encryptSessionKey({ data, algorithm, aeadAlgorithm, publicKeys, passwords, armor = true, wildcard = false, encryptionKeyIDs = [], date = new Date(), toUserIDs = [], config }) {
export function encryptSessionKey({ data, algorithm, aeadAlgorithm, encryptionKeys, passwords, armor = true, wildcard = false, encryptionKeyIDs = [], date = new Date(), encryptionUserIDs = [], config }) {
config = { ...defaultConfig, ...config };
checkBinary(data); checkString(algorithm, 'algorithm'); publicKeys = toArray(publicKeys); passwords = toArray(passwords); toUserIDs = toArray(toUserIDs);
checkBinary(data); checkString(algorithm, 'algorithm'); encryptionKeys = toArray(encryptionKeys); passwords = toArray(passwords); encryptionUserIDs = toArray(encryptionUserIDs);
return Promise.resolve().then(async function() {
const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, publicKeys, passwords, wildcard, encryptionKeyIDs, date, toUserIDs, config);
const message = await Message.encryptSessionKey(data, algorithm, aeadAlgorithm, encryptionKeys, passwords, wildcard, encryptionKeyIDs, date, encryptionUserIDs, config);
return armor ? message.armor(config) : message.write();
}).catch(onError.bind(null, 'Error encrypting session key'));
@ -513,7 +513,7 @@ export function encryptSessionKey({ data, algorithm, aeadAlgorithm, publicKeys,
* a password must be specified.
* @param {Object} options
* @param {Message} options.message - A message object containing the encrypted session key packets
* @param {Key|Array<Key>} [options.privateKeys] - Private keys with decrypted secret key data
* @param {Key|Array<Key>} [options.decryptionKeys] - Private keys with decrypted secret key data
* @param {String|Array<String>} [options.passwords] - Passwords to decrypt the session key
* @param {Object} [options.config] - Custom configuration settings to overwrite those in [config]{@link module:config}
* @returns {Promise<Object|undefined>} Array of decrypted session key, algorithm pairs in the form:
@ -522,13 +522,13 @@ export function encryptSessionKey({ data, algorithm, aeadAlgorithm, publicKeys,
* @async
* @static
*/
export function decryptSessionKeys({ message, privateKeys, passwords, config }) {
export function decryptSessionKeys({ message, decryptionKeys, passwords, config }) {
config = { ...defaultConfig, ...config };
checkMessage(message); privateKeys = toArray(privateKeys); passwords = toArray(passwords);
checkMessage(message); decryptionKeys = toArray(decryptionKeys); passwords = toArray(passwords);
return Promise.resolve().then(async function() {
return message.decryptSessionKeys(privateKeys, passwords, config);
return message.decryptSessionKeys(decryptionKeys, passwords, config);
}).catch(onError.bind(null, 'Error decrypting session keys'));
}

30
test/general/brainpool.js
View File

@ -203,7 +203,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
it('Verify clear signed message', async function () {
const pub = await load_pub_key('juliet');
const msg = await openpgp.readCleartextMessage({ cleartextMessage: data.juliet.message_signed });
return openpgp.verify({ publicKeys: [pub], message: msg }).then(function(result) {
return openpgp.verify({ verificationKeys: [pub], message: msg }).then(function(result) {
expect(result).to.exist;
expect(result.data).to.equal(data.juliet.message);
expect(result.signatures).to.have.length(1);
@ -212,10 +212,10 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
});
it('Sign message', async function () {
const romeoPrivate = await load_priv_key('romeo');
const signed = await openpgp.sign({ privateKeys: [romeoPrivate], message: await openpgp.createCleartextMessage({ text: data.romeo.message }) });
const signed = await openpgp.sign({ signingKeys: [romeoPrivate], message: await openpgp.createCleartextMessage({ text: data.romeo.message }) });
const romeoPublic = await load_pub_key('romeo');
const msg = await openpgp.readCleartextMessage({ cleartextMessage: signed });
const result = await openpgp.verify({ publicKeys: [romeoPublic], message: msg });
const result = await openpgp.verify({ verificationKeys: [romeoPublic], message: msg });
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message);
@ -226,7 +226,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
const juliet = await load_pub_key('juliet');
const romeo = await load_priv_key('romeo');
const msg = await openpgp.readMessage({ armoredMessage: data.romeo.message_encrypted });
const result = await openpgp.decrypt({ privateKeys: romeo, publicKeys: [juliet], message: msg });
const result = await openpgp.decrypt({ decryptionKeys: romeo, verificationKeys: [juliet], message: msg });
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message);
@ -237,7 +237,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
const juliet = await load_priv_key('juliet');
const romeo = await load_pub_key('romeo');
const msg = await openpgp.readMessage({ armoredMessage: data.romeo.message_encrypted_with_leading_zero_in_hash });
const result = await openpgp.decrypt({ privateKeys: juliet, publicKeys: [romeo], message: msg });
const result = await openpgp.decrypt({ decryptionKeys: juliet, verificationKeys: [romeo], message: msg });
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message_with_leading_zero_in_hash);
@ -252,7 +252,7 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
const juliet = await load_priv_key('juliet');
const romeo = await load_pub_key('romeo');
const msg = await openpgp.readMessage({ armoredMessage: data.romeo.message_encrypted_with_leading_zero_in_hash_signed_by_elliptic_with_old_implementation });
const result = await openpgp.decrypt({ privateKeys: juliet, publicKeys: [romeo], message: msg });
const result = await openpgp.decrypt({ decryptionKeys: juliet, verificationKeys: [romeo], message: msg });
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message_with_leading_zero_in_hash_old_elliptic_implementation);
expect(result.signatures).to.have.length(1);
@ -262,12 +262,12 @@ EJ4QcD/oQ6x1M/8X/iKQCtxZP8RnlrbH7ExkNON5s5g=
it('Encrypt and sign message', async function () {
const romeoPrivate = await load_priv_key('romeo');
const julietPublic = await load_pub_key('juliet');
const encrypted = await openpgp.encrypt({ publicKeys: [julietPublic], privateKeys: [romeoPrivate], message: await openpgp.createMessage({ text: data.romeo.message }) });
const encrypted = await openpgp.encrypt({ encryptionKeys: [julietPublic], signingKeys: [romeoPrivate], message: await openpgp.createMessage({ text: data.romeo.message }) });
const message = await openpgp.readMessage({ armoredMessage: encrypted });
const romeoPublic = await load_pub_key('romeo');
const julietPrivate = await load_priv_key('juliet');
const result = await openpgp.decrypt({ privateKeys: julietPrivate, publicKeys: [romeoPublic], message: message });
const result = await openpgp.decrypt({ decryptionKeys: julietPrivate, verificationKeys: [romeoPublic], message: message });
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message);
@ -292,29 +292,29 @@ function omnibus() {
const bye = secondKey.key;
const pubBye = bye.toPublic();
const cleartextMessage = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: testData }), privateKeys: hi });
const cleartextMessage = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: testData }), signingKeys: hi });
await openpgp.verify({
message: await openpgp.readCleartextMessage({ cleartextMessage }),
publicKeys: pubHi
verificationKeys: pubHi
}).then(output => expect(output.signatures[0].valid).to.be.true);
// Verifying detached signature
await openpgp.verify({
message: await openpgp.createMessage({ text: util.removeTrailingSpaces(testData) }),
publicKeys: pubHi,
verificationKeys: pubHi,
signature: (await openpgp.readCleartextMessage({ cleartextMessage })).signature
}).then(output => expect(output.signatures[0].valid).to.be.true);
// Encrypting and signing
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: testData2 }),
publicKeys: [pubBye],
privateKeys: [hi]
encryptionKeys: [pubBye],
signingKeys: [hi]
});
// Decrypting and verifying
return openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage: encrypted }),
privateKeys: bye,
publicKeys: [pubHi]
decryptionKeys: bye,
verificationKeys: [pubHi]
}).then(output => {
expect(output.data).to.equal(testData2);
expect(output.signatures[0].valid).to.be.true;

36
test/general/config.js
View File

@ -242,7 +242,7 @@ qDEdLyNWF30o6wD/fZYCV8aS4dAu2U3fpN5y5+PbuXFRYljA5gQ/1zrGN/UA
const userIDs = { name: 'Test User', email: 'text2@example.com' };
const { key } = await openpgp.generateKey({ userIDs });
await expect(openpgp.encrypt({
message, publicKeys: [key], config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.ecdh]) }
message, encryptionKeys: [key], config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.ecdh]) }
})).to.be.eventually.rejectedWith(/ecdh keys are considered too weak/);
} finally {
openpgp.config.aeadProtect = aeadProtectVal;
@ -256,19 +256,19 @@ qDEdLyNWF30o6wD/fZYCV8aS4dAu2U3fpN5y5+PbuXFRYljA5gQ/1zrGN/UA
const userIDs = { name: 'Test User', email: 'text2@example.com' };
const { key } = await openpgp.generateKey({ userIDs, type: 'rsa', rsaBits: 2048 });
const armoredMessage = await openpgp.encrypt({ message, publicKeys:[key], privateKeys: [key] });
const armoredMessage = await openpgp.encrypt({ message, encryptionKeys:[key], signingKeys: [key] });
const { data, signatures } = await openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage }),
privateKeys: [key],
publicKeys: [key]
decryptionKeys: [key],
verificationKeys: [key]
});
expect(data).to.equal(plaintext);
expect(signatures[0].valid).to.be.true;
const { data: data2, signatures: signatures2 } = await openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage }),
privateKeys: [key],
publicKeys: [key],
decryptionKeys: [key],
verificationKeys: [key],
config: { minRSABits: 4096 }
});
expect(data2).to.equal(plaintext);
@ -277,8 +277,8 @@ qDEdLyNWF30o6wD/fZYCV8aS4dAu2U3fpN5y5+PbuXFRYljA5gQ/1zrGN/UA
const { data: data3, signatures: signatures3 } = await openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage }),
privateKeys: [key],
publicKeys: [key],
decryptionKeys: [key],
verificationKeys: [key],
config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.rsaEncryptSign]) }
});
expect(data3).to.equal(plaintext);
@ -294,7 +294,7 @@ qDEdLyNWF30o6wD/fZYCV8aS4dAu2U3fpN5y5+PbuXFRYljA5gQ/1zrGN/UA
const message = await openpgp.createMessage({ text: "test" });
const opt = {
message,
privateKeys: key,
signingKeys: key,
config: { rejectHashAlgorithms: new Set([openpgp.enums.hash.sha256, openpgp.enums.hash.sha512]) }
};
await expect(openpgp.sign(opt)).to.be.rejectedWith(/Insecure hash algorithm/);
@ -304,13 +304,13 @@ qDEdLyNWF30o6wD/fZYCV8aS4dAu2U3fpN5y5+PbuXFRYljA5gQ/1zrGN/UA
const clearText = await openpgp.createCleartextMessage({ text: "test" });
const opt2 = {
message: clearText,
privateKeys: key,
signingKeys: key,
config: { rejectHashAlgorithms: new Set([openpgp.enums.hash.sha256, openpgp.enums.hash.sha512]) }
};
await expect(openpgp.sign(opt2)).to.be.rejectedWith(/Insecure hash algorithm/);
await expect(openpgp.sign({
message, privateKeys: [key], config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.eddsa]) }
message, signingKeys: [key], config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.eddsa]) }
})).to.be.eventually.rejectedWith(/eddsa keys are considered too weak/);
});
@ -322,29 +322,29 @@ qDEdLyNWF30o6wD/fZYCV8aS4dAu2U3fpN5y5+PbuXFRYljA5gQ/1zrGN/UA
const message = await openpgp.createMessage({ text: "test" });
const signed = await openpgp.sign({ message, privateKeys: key });
const signed = await openpgp.sign({ message, signingKeys: key });
const opt = {
message: await openpgp.readMessage({ armoredMessage: signed }),
publicKeys: key,
verificationKeys: key,
config
};
const { signatures: [sig] } = await openpgp.verify(opt);
await expect(sig.error).to.match(/Insecure message hash algorithm/);
const armoredSignature = await openpgp.sign({ message, privateKeys: key, detached: true });
const armoredSignature = await openpgp.sign({ message, signingKeys: key, detached: true });
const opt2 = {
message,
signature: await openpgp.readSignature({ armoredSignature }),
publicKeys: key,
verificationKeys: key,
config
};
const { signatures: [sig2] } = await openpgp.verify(opt2);
await expect(sig2.error).to.match(/Insecure message hash algorithm/);
const cleartext = await openpgp.createCleartextMessage({ text: "test" });
const signedCleartext = await openpgp.sign({ message: cleartext, privateKeys: key });
const signedCleartext = await openpgp.sign({ message: cleartext, signingKeys: key });
const opt3 = {
message: await openpgp.readCleartextMessage({ cleartextMessage: signedCleartext }),
publicKeys: key,
verificationKeys: key,
config
};
const { signatures: [sig3] } = await openpgp.verify(opt3);
@ -352,7 +352,7 @@ qDEdLyNWF30o6wD/fZYCV8aS4dAu2U3fpN5y5+PbuXFRYljA5gQ/1zrGN/UA
const opt4 = {
message: await openpgp.readMessage({ armoredMessage: signed }),
publicKeys: [key],
verificationKeys: [key],
config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.eddsa]) }
};
const { signatures: [sig4] } = await openpgp.verify(opt4);

26
test/general/ecc_nist.js
View File

@ -20,29 +20,29 @@ module.exports = () => describe('Elliptic Curve Cryptography for NIST P-256,P-38
const bye = secondKey.key;
const pubBye = bye.toPublic();
const cleartextMessage = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: testData }), privateKeys: hi });
const cleartextMessage = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: testData }), signingKeys: hi });
await openpgp.verify({
message: await openpgp.readCleartextMessage({ cleartextMessage }),
publicKeys: pubHi
verificationKeys: pubHi
}).then(output => expect(output.signatures[0].valid).to.be.true);
// Verifying detached signature
await openpgp.verify({
message: await openpgp.createMessage({ text: util.removeTrailingSpaces(testData) }),
publicKeys: pubHi,
verificationKeys: pubHi,
signature: (await openpgp.readCleartextMessage({ cleartextMessage })).signature
}).then(output => expect(output.signatures[0].valid).to.be.true);
// Encrypting and signing
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: testData2 }),
publicKeys: [pubBye],
privateKeys: [hi]
encryptionKeys: [pubBye],
signingKeys: [hi]
});
// Decrypting and verifying
return openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage: encrypted }),
privateKeys: bye,
publicKeys: [pubHi]
decryptionKeys: bye,
verificationKeys: [pubHi]
}).then(output => {
expect(output.data).to.equal(testData2);
expect(output.signatures[0].valid).to.be.true;
@ -56,9 +56,9 @@ module.exports = () => describe('Elliptic Curve Cryptography for NIST P-256,P-38
const testData = input.createSomeMessage();
const options = { userIDs: { name: "Hi", email: "hi@hel.lo" }, curve: "p256" };
const firstKey = await openpgp.generateKey(options);
const signature = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: testData }), privateKeys: firstKey.key });
const signature = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: testData }), signingKeys: firstKey.key });
const msg = await openpgp.readCleartextMessage({ cleartextMessage: signature });
const result = await openpgp.verify({ message: msg, publicKeys: firstKey.key.toPublic() });
const result = await openpgp.verify({ message: msg, verificationKeys: firstKey.key.toPublic() });
expect(result.signatures[0].valid).to.be.true;
});
@ -70,14 +70,14 @@ module.exports = () => describe('Elliptic Curve Cryptography for NIST P-256,P-38
const secondKey = await openpgp.generateKey(options);
const encrypted = await openpgp.encrypt(
{ message: await openpgp.createMessage({ text: testData }),
publicKeys: [secondKey.key.toPublic()],
privateKeys: [firstKey.key] }
encryptionKeys: [secondKey.key.toPublic()],
signingKeys: [firstKey.key] }
);
const msg = await openpgp.readMessage({ armoredMessage: encrypted });
const result = await openpgp.decrypt(
{ message: msg,
privateKeys: secondKey.key,
publicKeys: [firstKey.key.toPublic()] }
decryptionKeys: secondKey.key,
verificationKeys: [firstKey.key.toPublic()] }
);
expect(result.signatures[0].valid).to.be.true;
});

12
test/general/ecc_secp256k1.js
View File

@ -177,7 +177,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve
it('Verify clear signed message', async function () {
const pub = await load_pub_key('juliet');
const msg = await openpgp.readCleartextMessage({ cleartextMessage: data.juliet.message_signed });
return openpgp.verify({ publicKeys: [pub], message: msg }).then(function(result) {
return openpgp.verify({ verificationKeys: [pub], message: msg }).then(function(result) {
expect(result).to.exist;
expect(result.data).to.equal(data.juliet.message);
expect(result.signatures).to.have.length(1);
@ -186,10 +186,10 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve
});
it('Sign message', async function () {
const romeoPrivate = await load_priv_key('romeo');
const signed = await openpgp.sign({ privateKeys: [romeoPrivate], message: await openpgp.createCleartextMessage({ text: data.romeo.message }) });
const signed = await openpgp.sign({ signingKeys: [romeoPrivate], message: await openpgp.createCleartextMessage({ text: data.romeo.message }) });
const romeoPublic = await load_pub_key('romeo');
const msg = await openpgp.readCleartextMessage({ cleartextMessage: signed });
const result = await openpgp.verify({ publicKeys: [romeoPublic], message: msg });
const result = await openpgp.verify({ verificationKeys: [romeoPublic], message: msg });
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message);
@ -200,7 +200,7 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve
const juliet = await load_pub_key('juliet');
const romeo = await load_priv_key('romeo');
const msg = await openpgp.readMessage({ armoredMessage: data.juliet.message_encrypted });
const result = await openpgp.decrypt({ privateKeys: romeo, publicKeys: [juliet], message: msg });
const result = await openpgp.decrypt({ decryptionKeys: romeo, verificationKeys: [juliet], message: msg });
expect(result).to.exist;
expect(result.data).to.equal(data.juliet.message);
@ -210,12 +210,12 @@ module.exports = () => describe('Elliptic Curve Cryptography for secp256k1 curve
it('Encrypt and sign message', async function () {
const romeoPrivate = await load_priv_key('romeo');
const julietPublic = await load_pub_key('juliet');
const encrypted = await openpgp.encrypt({ publicKeys: [julietPublic], privateKeys: [romeoPrivate], message: await openpgp.createMessage({ text: data.romeo.message }) });
const encrypted = await openpgp.encrypt({ encryptionKeys: [julietPublic], signingKeys: [romeoPrivate], message: await openpgp.createMessage({ text: data.romeo.message }) });
const message = await openpgp.readMessage({ armoredMessage: encrypted });
const romeoPublic = await load_pub_key('romeo');
const julietPrivate = await load_priv_key('juliet');
const result = await openpgp.decrypt({ privateKeys: julietPrivate, publicKeys: [romeoPublic], message: message });
const result = await openpgp.decrypt({ decryptionKeys: julietPrivate, verificationKeys: [romeoPublic], message: message });
expect(result).to.exist;
expect(result.data).to.equal(data.romeo.message);

60
test/general/key.js
View File

@ -2167,12 +2167,12 @@ function versionSpecificTests() {
const { key } = await openpgp.generateKey(opt);
return openpgp.encrypt({
message: await openpgp.createMessage({ text: 'hello' }),
publicKeys: key
encryptionKeys: key
}).then(async armoredMessage => openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage }),
privateKeys: key
decryptionKeys: key
})).catch(function(err) {
expect(err.message).to.match(/Private key is not decrypted./);
expect(err.message).to.match(/Decryption key is not decrypted./);
});
});
@ -2600,9 +2600,9 @@ function versionSpecificTests() {
expect(newKey.users.length).to.equal(1);
expect(newKey.users[0].userID.userID).to.equal('test <a@b.com>');
expect(newKey.isDecrypted()).to.be.true;
return openpgp.sign({ message: await openpgp.createCleartextMessage({ text: 'hello' }), privateKeys: newKey, armor: true }).then(async function(signed) {
return openpgp.sign({ message: await openpgp.createCleartextMessage({ text: 'hello' }), signingKeys: newKey, armor: true }).then(async function(signed) {
return openpgp.verify(
{ message: await openpgp.readCleartextMessage({ cleartextMessage: signed }), publicKeys: newKey.toPublic() }
{ message: await openpgp.readCleartextMessage({ cleartextMessage: signed }), verificationKeys: newKey.toPublic() }
).then(async function(verified) {
expect(verified.signatures[0].valid).to.be.true;
const newSigningKey = await newKey.getSigningKey();
@ -2641,8 +2641,8 @@ function versionSpecificTests() {
opt.userIDs = userID2;
return openpgp.reformatKey(opt).then(async function(newKey) {
newKey = newKey.key;
return openpgp.encrypt({ message: await openpgp.createMessage({ text: 'hello' }), publicKeys: newKey.toPublic(), privateKeys: newKey, armor: true }).then(async function(encrypted) {
return openpgp.decrypt({ message: await openpgp.readMessage({ armoredMessage: encrypted }), privateKeys: newKey, publicKeys: newKey.toPublic() }).then(function(decrypted) {
return openpgp.encrypt({ message: await openpgp.createMessage({ text: 'hello' }), encryptionKeys: newKey.toPublic(), signingKeys: newKey, armor: true }).then(async function(encrypted) {
return openpgp.decrypt({ message: await openpgp.readMessage({ armoredMessage: encrypted }), decryptionKeys: newKey, verificationKeys: newKey.toPublic() }).then(function(decrypted) {
expect(decrypted.data).to.equal('hello');
expect(decrypted.signatures[0].valid).to.be.true;
});
@ -2878,12 +2878,12 @@ module.exports = () => describe('Key', function() {
await expect(openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage: encryptedRsaSignOnly }),
privateKeys: key
decryptionKeys: key
})).to.be.rejectedWith(/Session key decryption failed/);
await expect(openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage: encryptedRsaSignOnly }),
privateKeys: key,
decryptionKeys: key,
config: { allowInsecureDecryptionWithSigningKeys: true }
})).to.be.fulfilled;
});
@ -3021,7 +3021,7 @@ module.exports = () => describe('Key', function() {
expect(key.primaryKey.isDummy()).to.be.false;
key.primaryKey.makeDummy();
expect(key.primaryKey.isDummy()).to.be.true;
await expect(openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), privateKeys: [key], config: { minRSABits: 1024 } })).to.be.fulfilled;
await expect(openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), signingKeys: [key], config: { minRSABits: 1024 } })).to.be.fulfilled;
});
it('makeDummy() - should work for encrypted keys', async function() {
@ -3410,7 +3410,7 @@ VYGdb3eNlV8CfoEC
const publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
// Set second user to prefer aes128. We should select this user by default, since it was created later.
publicKey.users[1].selfCertifications[0].preferredSymmetricAlgorithms = [openpgp.enums.symmetric.aes128];
const sessionKey = await openpgp.generateSessionKey({ publicKeys: publicKey });
const sessionKey = await openpgp.generateSessionKey({ encryptionKeys: publicKey });
expect(sessionKey.algorithm).to.equal('aes128');
});
@ -3420,7 +3420,7 @@ VYGdb3eNlV8CfoEC
publicKey.users[0].selfCertifications[0].isPrimaryUserID = true;
// Set first user to prefer aes128.
publicKey.users[0].selfCertifications[0].preferredSymmetricAlgorithms = [openpgp.enums.symmetric.aes128];
const sessionKey = await openpgp.generateSessionKey({ publicKeys: publicKey });
const sessionKey = await openpgp.generateSessionKey({ encryptionKeys: publicKey });
expect(sessionKey.algorithm).to.equal('aes128');
});
@ -3434,14 +3434,14 @@ VYGdb3eNlV8CfoEC
publicKey.users[0].selfCertifications[0].isPrimaryUserID = true;
// Set second user to prefer aes128. We will select this user.
publicKey.users[1].selfCertifications[0].preferredSymmetricAlgorithms = [openpgp.enums.symmetric.aes128];
const sessionKey = await openpgp.generateSessionKey({ publicKeys: publicKey, toUserIDs: { name: 'Test User', email: 'b@c.com' } });
const sessionKey = await openpgp.generateSessionKey({ encryptionKeys: publicKey, encryptionUserIDs: { name: 'Test User', email: 'b@c.com' } });
expect(sessionKey.algorithm).to.equal('aes128');
const config = { minRSABits: 1024 };
await openpgp.encrypt({
message: await openpgp.createMessage({ text: 'hello' }), publicKeys: publicKey, privateKeys: privateKey, toUserIDs: { name: 'Test User', email: 'b@c.com' }, armor: false, config
message: await openpgp.createMessage({ text: 'hello' }), encryptionKeys: publicKey, signingKeys: privateKey, encryptionUserIDs: { name: 'Test User', email: 'b@c.com' }, armor: false, config
});
await expect(openpgp.encrypt({
message: await openpgp.createMessage({ text: 'hello' }), publicKeys: publicKey, privateKeys: privateKey, toUserIDs: { name: 'Test User', email: 'c@c.com' }, armor: false, config
message: await openpgp.createMessage({ text: 'hello' }), encryptionKeys: publicKey, signingKeys: privateKey, encryptionUserIDs: { name: 'Test User', email: 'c@c.com' }, armor: false, config
})).to.be.rejectedWith('Could not find user that matches that user ID');
});
@ -3452,7 +3452,7 @@ VYGdb3eNlV8CfoEC
privateKey: await openpgp.readKey({ armoredKey: uidlessKey }),
passphrase: 'correct horse battery staple'
});
await expect(openpgp.encrypt({ message: await openpgp.createMessage({ text: 'hello' }), publicKeys: publicKey, privateKeys: privateKey, armor: false })).to.be.rejectedWith('Could not find primary user');
await expect(openpgp.encrypt({ message: await openpgp.createMessage({ text: 'hello' }), encryptionKeys: publicKey, signingKeys: privateKey, armor: false })).to.be.rejectedWith('Could not find primary user');
});
it('Sign - specific user', async function() {
@ -3472,17 +3472,17 @@ VYGdb3eNlV8CfoEC
privateKey.users[1].selfCertifications[0].preferredHashAlgorithms = [openpgp.enums.hash.sha512];
const config = { minRSABits: 1024 };
const signed = await openpgp.sign({
message: await openpgp.createMessage({ text: 'hello' }), privateKeys: privateKey, fromUserIDs: { name: 'Test McTestington', email: 'test@example.com' }, armor: false, config
message: await openpgp.createMessage({ text: 'hello' }), signingKeys: privateKey, signingUserIDs: { name: 'Test McTestington', email: 'test@example.com' }, armor: false, config
});
const signature = await openpgp.readMessage({ binaryMessage: signed });
expect(signature.packets[0].hashAlgorithm).to.equal(openpgp.enums.hash.sha512);
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: 'hello' }), passwords: 'test', privateKeys: privateKey, fromUserIDs: { name: 'Test McTestington', email: 'test@example.com' }, armor: false, config
message: await openpgp.createMessage({ text: 'hello' }), passwords: 'test', signingKeys: privateKey, signingUserIDs: { name: 'Test McTestington', email: 'test@example.com' }, armor: false, config
});
const { signatures } = await openpgp.decrypt({ message: await openpgp.readMessage({ binaryMessage: encrypted }), passwords: 'test' });
expect(signatures[0].signature.packets[0].hashAlgorithm).to.equal(openpgp.enums.hash.sha512);
await expect(openpgp.encrypt({
message: await openpgp.createMessage({ text: 'hello' }), publicKeys: publicKey, privateKeys: privateKey, fromUserIDs: { name: 'Not Test McTestington', email: 'test@example.com' }, armor: false, config
message: await openpgp.createMessage({ text: 'hello' }), encryptionKeys: publicKey, signingKeys: privateKey, signingUserIDs: { name: 'Not Test McTestington', email: 'test@example.com' }, armor: false, config
})).to.be.rejectedWith('Could not find user that matches that user ID');
});
@ -3518,7 +3518,7 @@ VYGdb3eNlV8CfoEC
it('Reject encryption with revoked primary user', async function() {
const key = await openpgp.readKey({ armoredKey: pub_revoked_subkeys });
return openpgp.encrypt({ publicKeys: [key], message: await openpgp.createMessage({ text: 'random data' }) }).then(() => {
return openpgp.encrypt({ encryptionKeys: [key], message: await openpgp.createMessage({ text: 'random data' }) }).then(() => {
throw new Error('encryptSessionKey should not encrypt with revoked public key');
}).catch(function(error) {
expect(error.message).to.equal('Error encrypting message: Primary user is revoked');
@ -3529,7 +3529,7 @@ VYGdb3eNlV8CfoEC
const key = await openpgp.readKey({ armoredKey: pub_revoked_subkeys });
key.revocationSignatures = [];
key.users[0].revocationSignatures = [];
return openpgp.encrypt({ publicKeys: [key], message: await openpgp.createMessage({ text: 'random data' }), date: new Date(1386842743000) }).then(() => {
return openpgp.encrypt({ encryptionKeys: [key], message: await openpgp.createMessage({ text: 'random data' }), date: new Date(1386842743000) }).then(() => {
throw new Error('encryptSessionKey should not encrypt with revoked public key');
}).catch(error => {
expect(error.message).to.equal('Error encrypting message: Could not find valid encryption key packet in key ' + key.getKeyID().toHex() + ': Subkey is revoked');
@ -3538,7 +3538,7 @@ VYGdb3eNlV8CfoEC
it('Reject encryption with key revoked with appended revocation cert', async function() {
const key = await openpgp.readKey({ armoredKey: pub_revoked_with_cert });
return openpgp.encrypt({ publicKeys: [key], message: await openpgp.createMessage({ text: 'random data' }) }).then(() => {
return openpgp.encrypt({ encryptionKeys: [key], message: await openpgp.createMessage({ text: 'random data' }) }).then(() => {
throw new Error('encryptSessionKey should not encrypt with revoked public key');
}).catch(function(error) {
expect(error.message).to.equal('Error encrypting message: Primary key is revoked');
@ -3766,9 +3766,9 @@ VYGdb3eNlV8CfoEC
expect(subKey.getAlgorithmInfo().algorithm).to.be.equal('eddsa');
await subKey.verify(newPrivateKey.primaryKey);
expect(await newPrivateKey.getSigningKey()).to.be.equal(subKey);
const signed = await openpgp.sign({ message: await openpgp.createMessage({ text: 'the data to signed' }), privateKeys: newPrivateKey, armor:false });
const signed = await openpgp.sign({ message: await openpgp.createMessage({ text: 'the data to signed' }), signingKeys: newPrivateKey, armor:false });
const message = await openpgp.readMessage({ binaryMessage: signed });
const { signatures } = await openpgp.verify({ message, publicKeys: [newPrivateKey.toPublic()] });
const { signatures } = await openpgp.verify({ message, verificationKeys: [newPrivateKey.toPublic()] });
expect(signatures).to.exist;
expect(signatures.length).to.be.equal(1);
expect(signatures[0].keyID.toHex()).to.be.equal(subKey.getKeyID().toHex());
@ -3788,14 +3788,14 @@ VYGdb3eNlV8CfoEC
const publicKey = newPrivateKey.toPublic();
await subKey.verify(newPrivateKey.primaryKey);
expect(await newPrivateKey.getEncryptionKey()).to.be.equal(subKey);
const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: vData }), publicKeys: publicKey, armor:false });
const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: vData }), encryptionKeys: publicKey, armor:false });
expect(encrypted).to.be.exist;
const message = await openpgp.readMessage({ binaryMessage: encrypted });
const pkSessionKeys = message.packets.filterByTag(openpgp.enums.packet.publicKeyEncryptedSessionKey);
expect(pkSessionKeys).to.exist;
expect(pkSessionKeys.length).to.be.equal(1);
expect(pkSessionKeys[0].publicKeyID.toHex()).to.be.equals(subKey.keyPacket.getKeyID().toHex());
const decrypted = await openpgp.decrypt({ message, privateKeys: newPrivateKey });
const decrypted = await openpgp.decrypt({ message, decryptionKeys: newPrivateKey });
expect(decrypted).to.exist;
expect(decrypted.data).to.be.equal(vData);
});
@ -3814,9 +3814,9 @@ VYGdb3eNlV8CfoEC
expect(subKey.getAlgorithmInfo().algorithm).to.be.equal('rsaEncryptSign');
await subKey.verify(newPrivateKey.primaryKey);
expect(await newPrivateKey.getSigningKey()).to.be.equal(subKey);
const signed = await openpgp.sign({ message: await openpgp.createMessage({ text: 'the data to signed' }), privateKeys: newPrivateKey, armor:false });
const signed = await openpgp.sign({ message: await openpgp.createMessage({ text: 'the data to signed' }), signingKeys: newPrivateKey, armor:false });
const message = await openpgp.readMessage({ binaryMessage: signed });
const { signatures } = await openpgp.verify({ message, publicKeys: [newPrivateKey.toPublic()] });
const { signatures } = await openpgp.verify({ message, verificationKeys: [newPrivateKey.toPublic()] });
expect(signatures).to.exist;
expect(signatures.length).to.be.equal(1);
expect(signatures[0].keyID.toHex()).to.be.equal(subKey.getKeyID().toHex());
@ -3836,14 +3836,14 @@ VYGdb3eNlV8CfoEC
const publicKey = newPrivateKey.toPublic();
const vData = 'the data to encrypted!';
expect(await newPrivateKey.getEncryptionKey()).to.be.equal(subKey);
const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: vData }), publicKeys: publicKey, armor:false });
const encrypted = await openpgp.encrypt({ message: await openpgp.createMessage({ text: vData }), encryptionKeys: publicKey, armor:false });
expect(encrypted).to.be.exist;
const message = await openpgp.readMessage({ binaryMessage: encrypted });
const pkSessionKeys = message.packets.filterByTag(openpgp.enums.packet.publicKeyEncryptedSessionKey);
expect(pkSessionKeys).to.exist;
expect(pkSessionKeys.length).to.be.equal(1);
expect(pkSessionKeys[0].publicKeyID.toHex()).to.be.equals(subKey.keyPacket.getKeyID().toHex());
const decrypted = await openpgp.decrypt({ message, privateKeys: newPrivateKey });
const decrypted = await openpgp.decrypt({ message, decryptionKeys: newPrivateKey });
expect(decrypted).to.exist;
expect(decrypted.data).to.be.equal(vData);
});

360
test/general/openpgp.js
View File

File diff suppressed because it is too large Load Diff

80
test/general/signature.js
View File

@ -859,7 +859,7 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]),
rejectPublicKeyAlgorithms: new Set()
};
const decrypted = await openpgp.decrypt({ privateKeys: privateKey, publicKeys: publicKey, message, config });
const decrypted = await openpgp.decrypt({ decryptionKeys: privateKey, verificationKeys: publicKey, message, config });
expect(decrypted.data).to.exist;
expect(decrypted.signatures[0].valid).to.be.true;
expect(decrypted.signatures[0].signature.packets.length).to.equal(1);
@ -880,14 +880,14 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
const decryptedDummyKey = await openpgp.decryptKey({ privateKey: dummyKey, passphrase });
expect(decryptedDummyKey.isDecrypted()).to.be.true;
// decrypting with a secret subkey works
const msg = await openpgp.decrypt({ message, privateKeys: decryptedDummyKey, publicKeys: publicKey, config: { rejectPublicKeyAlgorithms: new Set() } });
const msg = await openpgp.decrypt({ message, decryptionKeys: decryptedDummyKey, verificationKeys: publicKey, config: { rejectPublicKeyAlgorithms: new Set() } });
expect(msg.signatures).to.exist;
expect(msg.signatures).to.have.length(1);
expect(msg.signatures[0].valid).to.be.true;
expect(msg.signatures[0].signature.packets.length).to.equal(1);
// secret key operations involving the primary key should fail
await expect(openpgp.sign({
message: await openpgp.createMessage({ text: 'test' }), privateKeys: decryptedDummyKey, config: { rejectPublicKeyAlgorithms: new Set() }
message: await openpgp.createMessage({ text: 'test' }), signingKeys: decryptedDummyKey, config: { rejectPublicKeyAlgorithms: new Set() }
})).to.eventually.be.rejectedWith(/Cannot sign with a gnu-dummy key/);
await expect(
openpgp.reformatKey({ userIDs: { name: 'test' }, privateKey: decryptedDummyKey })
@ -907,7 +907,7 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
privateKey: await openpgp.readKey({ armoredKey: flowcrypt_stripped_key }),
passphrase: 'FlowCrypt'
});
const sig = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), privateKeys: dummyKey, date: new Date('2018-12-17T03:24:00') });
const sig = await openpgp.sign({ message: await openpgp.createMessage({ text: 'test' }), signingKeys: dummyKey, date: new Date('2018-12-17T03:24:00') });
expect(sig).to.match(/-----END PGP MESSAGE-----\n$/);
});
@ -984,7 +984,7 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
});
return openpgp.decrypt({
privateKeys: privKey, publicKeys: pubKey , message, config: { minRSABits: 1024 }
decryptionKeys: privKey, verificationKeys: pubKey , message, config: { minRSABits: 1024 }
}).then(decrypted => {
expect(decrypted.data).to.exist;
expect(decrypted.data).to.equal(plaintext);
@ -1021,7 +1021,7 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
expect(pubKey2.getKeys(keyIDs[1])).to.not.be.empty;
expect(pubKey3.getKeys(keyIDs[0])).to.not.be.empty;
const { data, signatures } = await openpgp.verify({ message: sMsg, publicKeys: [pubKey2, pubKey3], config: { minRSABits: 1024 } });
const { data, signatures } = await openpgp.verify({ message: sMsg, verificationKeys: [pubKey2, pubKey3], config: { minRSABits: 1024 } });
expect(data).to.equal(plaintext);
expect(signatures).to.exist;
expect(signatures).to.have.length(2);
@ -1034,7 +1034,7 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
it('Verify fails with signed message with critical notations', async function() {
const message = await openpgp.readMessage({ armoredMessage: signature_with_critical_notation });
const key = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const { signatures: [sig] } = await openpgp.verify({ message, publicKeys: key, config: { minRSABits: 1024 } });
const { signatures: [sig] } = await openpgp.verify({ message, verificationKeys: key, config: { minRSABits: 1024 } });
expect(sig.valid).to.be.false;
expect(sig.error).to.match(/Unknown critical notation: test@example.com/);
});
@ -1044,7 +1044,7 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
const key = await openpgp.readKey({ armoredKey: pub_key_arm2 });
const config = { knownNotations: ['test@example.com'], minRSABits: 1024 };
const { signatures: [sig] } = await openpgp.verify({ message, publicKeys: key, config });
const { signatures: [sig] } = await openpgp.verify({ message, verificationKeys: key, config });
expect(sig.valid).to.be.true;
});
@ -1082,7 +1082,7 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
expect(pubKey2.getKeys(keyIDs[0])).to.not.be.empty;
expect(pubKey3.getKeys(keyIDs[1])).to.not.be.empty;
return openpgp.verify({ publicKeys:[pubKey2, pubKey3], message, config: { minRSABits: 1024 } }).then(function(cleartextSig) {
return openpgp.verify({ verificationKeys:[pubKey2, pubKey3], message, config: { minRSABits: 1024 } }).then(function(cleartextSig) {
expect(cleartextSig).to.exist;
expect(cleartextSig.data).to.equal(plaintext);
expect(cleartextSig.signatures).to.have.length(2);
@ -1156,7 +1156,7 @@ zmuVOdNuWQqxT9Sqa84=
expect(pubKey.getKeys(keyIDs[0])).to.not.be.empty;
const cleartextSig = await openpgp.verify({
publicKeys:[pubKey],
verificationKeys:[pubKey],
message,
config: { minRSABits: 1024, rejectMessageHashAlgorithms: new Set() }
});
@ -1189,7 +1189,7 @@ yYDnCgA=
const keyIDs = message.getSigningKeyIDs();
expect(pubKey.getKeys(keyIDs[0])).to.not.be.empty;
return openpgp.verify({ publicKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(({ data, signatures }) => {
return openpgp.verify({ verificationKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(({ data, signatures }) => {
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.equal(!openpgp.config.rejectMessageHashAlgorithms.has(openpgp.enums.hash.sha1));
@ -1227,7 +1227,7 @@ yYDnCgA=
const keyIDs = message.getSigningKeyIDs();
expect(pubKey.getKeys(keyIDs[0])).to.not.be.empty;
return openpgp.verify({ publicKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(async function(cleartextSig) {
return openpgp.verify({ verificationKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(async function(cleartextSig) {
expect(cleartextSig).to.exist;
expect(await stream.readToEnd(cleartextSig.data)).to.equal(plaintext);
expect(cleartextSig.signatures).to.have.length(1);
@ -1259,7 +1259,7 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const keyIDs = message.getSigningKeyIDs();
expect(pubKey.getKeys(keyIDs[0])).to.not.be.empty;
return openpgp.verify({ publicKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(async ({ data, signatures }) => {
return openpgp.verify({ verificationKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(async ({ data, signatures }) => {
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(0);
});
@ -1293,7 +1293,7 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const keyIDs = message.getSigningKeyIDs();
expect(pubKey.getKeys(keyIDs[0])).to.not.be.empty;
return openpgp.verify({ publicKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(async ({ data, signatures }) => {
return openpgp.verify({ verificationKeys: [pubKey], message, config: { minRSABits: 1024 } }).then(async ({ data, signatures }) => {
expect(await stream.readToEnd(data)).to.equal(plaintext);
expect(signatures).to.have.length(1);
await expect(signatures[0].verified).to.be.rejectedWith('Corresponding signature packet missing');
@ -1325,10 +1325,10 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
return openpgp.sign({ signingKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
return openpgp.verify({ publicKeys:[pubKey], message, config });
return openpgp.verify({ verificationKeys:[pubKey], message, config });
}).then(function({ data, signatures }) {
expect(data).to.equal(plaintext.replace(/[ \t\r]+$/mg, ''));
@ -1347,10 +1347,10 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
return openpgp.sign({ signingKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
return openpgp.verify({ publicKeys: pubKey, message, config });
return openpgp.verify({ verificationKeys: pubKey, message, config });
}).then(function({ data, signatures }) {
expect(data).to.equal(plaintext);
@ -1369,10 +1369,10 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
return openpgp.sign({ signingKeys: privKey, message: await openpgp.createCleartextMessage({ text: plaintext }), config }).then(async signed => {
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
return openpgp.verify({ publicKeys: pubKey, message, config });
return openpgp.verify({ verificationKeys: pubKey, message, config });
}).then(function({ data, signatures }) {
expect(data).to.equal(plaintext.replace(/[ \t]+$/mg, ''));
@ -1391,10 +1391,10 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ binary: plaintext }), config }).then(async signed => {
return openpgp.sign({ signingKeys: privKey, message: await openpgp.createMessage({ binary: plaintext }), config }).then(async signed => {
const message = await openpgp.readMessage({ armoredMessage: signed });
return openpgp.verify({ publicKeys: pubKey, message, format: 'binary', config });
return openpgp.verify({ verificationKeys: pubKey, message, format: 'binary', config });
}).then(function({ data, signatures }) {
expect(data).to.deep.equal(plaintext);
@ -1413,10 +1413,10 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ binary: plaintext }), armor: false, config }).then(async signed => {
return openpgp.sign({ signingKeys: privKey, message: await openpgp.createMessage({ binary: plaintext }), armor: false, config }).then(async signed => {
const message = await openpgp.readMessage({ binaryMessage: signed });
return openpgp.verify({ publicKeys: pubKey, message, format: 'binary', config });
return openpgp.verify({ verificationKeys: pubKey, message, format: 'binary', config });
}).then(function({ data, signatures }) {
expect(data).to.deep.equal(plaintext);
@ -1435,9 +1435,9 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => {
return openpgp.sign({ signingKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => {
const signature = await openpgp.readSignature({ armoredSignature });
return openpgp.verify({ publicKeys: pubKey, message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), signature, config });
return openpgp.verify({ verificationKeys: pubKey, message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), signature, config });
}).then(function({ data, signatures }) {
expect(data).to.equal(plaintext);
expect(signatures).to.have.length(1);
@ -1456,9 +1456,9 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys: privKey, message:await openpgp.createMessage({ binary: binaryPlaintext }), detached: true, config }).then(async armoredSignature => {
return openpgp.sign({ signingKeys: privKey, message:await openpgp.createMessage({ binary: binaryPlaintext }), detached: true, config }).then(async armoredSignature => {
const signature = await openpgp.readSignature({ armoredSignature });
return openpgp.verify({ publicKeys: pubKey, message: await openpgp.createMessage({ text: plaintext }), signature, config });
return openpgp.verify({ verificationKeys: pubKey, message: await openpgp.createMessage({ text: plaintext }), signature, config });
}).then(function({ data, signatures }) {
expect(data).to.equal(plaintext);
@ -1477,13 +1477,13 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
});
const config = { minRSABits: 1024 };
return openpgp.sign({ privateKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => {
return openpgp.sign({ signingKeys: privKey, message: await openpgp.createMessage({ text: plaintext }), detached: true, config }).then(async armoredSignature => {
const signature = await openpgp.readSignature({ armoredSignature });
return openpgp.encrypt({ message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), publicKeys: [pubKey], signature, config });
return openpgp.encrypt({ message: await openpgp.createMessage({ binary: util.encodeUTF8(plaintext) }), encryptionKeys: [pubKey], signature, config });
}).then(async armoredMessage => {
const message = await openpgp.readMessage({ armoredMessage });
return openpgp.decrypt({ message, privateKeys: [privKey], publicKeys: [pubKey], config });
return openpgp.decrypt({ message, decryptionKeys: [privKey], verificationKeys: [pubKey], config });
}).then(function({ data, signatures }) {
expect(data).to.equal(plaintext);
@ -1496,7 +1496,7 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
it('Verify test with expired verification public key', async function() {
const pubKey = await openpgp.readKey({ armoredKey: pub_expired });
const message = await openpgp.readMessage({ armoredMessage: msg_sig_expired });
return openpgp.verify({ publicKeys:[pubKey], message:message }).then(function(verified) {
return openpgp.verify({ verificationKeys:[pubKey], message:message }).then(function(verified) {
expect(verified).to.exist;
expect(verified.signatures).to.have.length(1);
expect(verified.signatures[0].valid).to.be.true;
@ -1507,7 +1507,7 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
it('Verify test with expired verification public key and disable expiration checks using null date', async function() {
const pubKey = await openpgp.readKey({ armoredKey: pub_expired });
const message = await openpgp.readMessage({ armoredMessage: msg_sig_expired });
return openpgp.verify({ publicKeys:[pubKey], message:message, date: null }).then(function(verified) {
return openpgp.verify({ verificationKeys:[pubKey], message:message, date: null }).then(function(verified) {
expect(verified).to.exist;
expect(verified.signatures).to.have.length(1);
expect(verified.signatures[0].valid).to.be.true;
@ -1598,7 +1598,7 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const message = await openpgp.createMessage({ text: content });
await message.appendSignature(detachedSig);
const { data, signatures } = await openpgp.verify({ publicKeys:[publicKey], message, config: { minRSABits: 1024 } });
const { data, signatures } = await openpgp.verify({ verificationKeys:[publicKey], message, config: { minRSABits: 1024 } });
expect(data).to.equal(content);
expect(signatures).to.have.length(1);
expect(signatures[0].valid).to.be.true;
@ -1616,9 +1616,9 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
const opt = { rsaBits: 2048, userIDs: { name:'test', email:'a@b.com' }, passphrase: null };
const { key: generatedKey } = await openpgp.generateKey(opt);
const armoredSignature = await openpgp.sign({ privateKeys: [generatedKey, privKey], message, detached: true, config: { minRSABits: 1024 } });
const armoredSignature = await openpgp.sign({ signingKeys: [generatedKey, privKey], message, detached: true, config: { minRSABits: 1024 } });
const signature = await openpgp.readSignature({ armoredSignature });
const { data, signatures } = await openpgp.verify({ publicKeys: [generatedKey.toPublic(), pubKey], message, signature, config: { minRSABits: 1024 } });
const { data, signatures } = await openpgp.verify({ verificationKeys: [generatedKey.toPublic(), pubKey], message, signature, config: { minRSABits: 1024 } });
expect(data).to.equal('hello');
expect(await signatures[0].verified).to.be.true;
expect(await signatures[1].verified).to.be.true;
@ -1763,8 +1763,8 @@ oaBUyhCKt8tz6Q==
const key = await openpgp.readKey({ armoredKey });
const decrypted = await openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage: encrypted }),
publicKeys: key,
privateKeys: key,
verificationKeys: key,
decryptionKeys: key,
config: { minRSABits: 1024 }
});
expect(decrypted.signatures[0].valid).to.be.true;
@ -1799,7 +1799,7 @@ j+GItrR+QbbN13ODlcR3hf66cwjLLsJCx5VcBaRspKF05O3ix/u9KVjJqtbi
Ie6jnY0zP2ldtS4JmhKBa43qmOHCxHc=
=7B58
-----END PGP MESSAGE-----`;
const decrypted = await openpgp.decrypt({ message: await openpgp.readMessage({ armoredMessage: encrypted }), privateKeys: key, publicKeys: key.toPublic() });
const decrypted = await openpgp.decrypt({ message: await openpgp.readMessage({ armoredMessage: encrypted }), decryptionKeys: key, verificationKeys: key.toPublic() });
expect(decrypted.signatures[0].valid).to.be.true;
});
@ -1835,7 +1835,7 @@ JImeZLY02MctIpGZULbqgcUGK0P/yqrPL8Pe4lQM
=Pacb
-----END PGP SIGNATURE-----`;
const message = await openpgp.readCleartextMessage({ cleartextMessage: signed });
const verified = await openpgp.verify({ publicKeys: key, message });
const verified = await openpgp.verify({ verificationKeys: key, message });
expect(verified.signatures[0].valid).to.be.true;
});
});

70
test/general/streaming.js
View File

@ -240,7 +240,7 @@ function tests() {
it('Sign: Input stream should be canceled when canceling encrypted stream', async function() {
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: privKey,
signingKeys: privKey,
config: { minRSABits: 1024 }
});
const reader = stream.getReader(signed);
@ -314,8 +314,8 @@ function tests() {
try {
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ binary: data }),
publicKeys: pubKey,
privateKeys: privKey,
encryptionKeys: pubKey,
signingKeys: privKey,
armor: false,
config: { minRSABits: 1024 }
});
@ -323,8 +323,8 @@ function tests() {
const message = await openpgp.readMessage({ binaryMessage: encrypted });
const decrypted = await openpgp.decrypt({
publicKeys: pubKey,
privateKeys: privKey,
verificationKeys: pubKey,
decryptionKeys: privKey,
message,
format: 'binary'
});
@ -350,16 +350,16 @@ function tests() {
try {
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ binary: data }),
publicKeys: pub,
privateKeys: priv,
encryptionKeys: pub,
signingKeys: priv,
armor: false
});
expect(stream.isStream(encrypted)).to.equal(expectedType);
const message = await openpgp.readMessage({ binaryMessage: encrypted });
const decrypted = await openpgp.decrypt({
publicKeys: pub,
privateKeys: priv,
verificationKeys: pub,
decryptionKeys: priv,
message,
format: 'binary'
});
@ -385,16 +385,16 @@ function tests() {
try {
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ binary: data }),
publicKeys: pub,
privateKeys: priv,
encryptionKeys: pub,
signingKeys: priv,
armor: false
});
expect(stream.isStream(encrypted)).to.equal(expectedType);
const message = await openpgp.readMessage({ binaryMessage: encrypted });
const decrypted = await openpgp.decrypt({
publicKeys: pub,
privateKeys: priv,
verificationKeys: pub,
decryptionKeys: priv,
message,
format: 'binary'
});
@ -452,8 +452,8 @@ function tests() {
try {
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ binary: data }),
publicKeys: pubKey,
privateKeys: privKey,
encryptionKeys: pubKey,
signingKeys: privKey,
config: { minRSABits: 1024 }
});
expect(stream.isStream(encrypted)).to.equal(expectedType);
@ -467,8 +467,8 @@ function tests() {
}), { encoding: 'utf8' })
});
const decrypted = await openpgp.decrypt({
publicKeys: pubKey,
privateKeys: privKey,
verificationKeys: pubKey,
decryptionKeys: privKey,
message,
format: 'binary'
});
@ -489,8 +489,8 @@ function tests() {
try {
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ binary: data }),
publicKeys: pubKey,
privateKeys: privKey,
encryptionKeys: pubKey,
signingKeys: privKey,
config: { minRSABits: 1024 }
});
expect(stream.isStream(encrypted)).to.equal(expectedType);
@ -504,7 +504,7 @@ function tests() {
}), { encoding: 'utf8' })
});
const decrypted = await openpgp.decrypt({
privateKeys: privKey,
decryptionKeys: privKey,
message,
format: 'binary'
});
@ -523,7 +523,7 @@ function tests() {
it('Sign/verify: Detect armor checksum error', async function() {
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: privKey,
signingKeys: privKey,
config: { minRSABits: 1024 }
});
expect(stream.isStream(signed)).to.equal(expectedType);
@ -537,7 +537,7 @@ function tests() {
}), { encoding: 'utf8' })
});
const verified = await openpgp.verify({
publicKeys: pubKey,
verificationKeys: pubKey,
message,
format: 'binary',
config: { minRSABits: 1024 }
@ -578,14 +578,14 @@ function tests() {
it('Sign/verify: Input stream should be canceled when canceling verified stream', async function() {
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: privKey,
signingKeys: privKey,
config: { minRSABits: 1024 }
});
expect(stream.isStream(signed)).to.equal(expectedType);
const message = await openpgp.readMessage({ armoredMessage: signed });
const verified = await openpgp.verify({
publicKeys: pubKey,
verificationKeys: pubKey,
message,
format: 'binary',
config: { minRSABits: 1024 }
@ -618,7 +618,7 @@ function tests() {
it("Sign: Don't pull entire input stream when we're not pulling signed stream", async function() {
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: privKey,
signingKeys: privKey,
config: { minRSABits: 1024 }
});
expect(stream.isStream(signed)).to.equal(expectedType);
@ -633,13 +633,13 @@ function tests() {
it("Sign/verify: Don't pull entire input stream when we're not pulling verified stream", async function() {
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: privKey,
signingKeys: privKey,
config: { minRSABits: 1024 }
});
expect(stream.isStream(signed)).to.equal(expectedType);
const message = await openpgp.readMessage({ armoredMessage: signed });
const verified = await openpgp.verify({
publicKeys: pubKey,
verificationKeys: pubKey,
message,
format: 'binary'
});
@ -668,7 +668,7 @@ function tests() {
});
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: privKey,
signingKeys: privKey,
detached: true,
config: { minRSABits: 1024 }
});
@ -677,7 +677,7 @@ function tests() {
const signature = await openpgp.readSignature({ armoredSignature });
const verified = await openpgp.verify({
signature,
publicKeys: pubKey,
verificationKeys: pubKey,
message: await openpgp.createMessage({ text: 'hello world' }),
config: { minRSABits: 1024 }
});
@ -709,7 +709,7 @@ function tests() {
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: priv,
signingKeys: priv,
detached: true
});
expect(stream.isStream(signed)).to.equal(expectedType);
@ -717,7 +717,7 @@ function tests() {
const signature = await openpgp.readSignature({ armoredSignature });
const verified = await openpgp.verify({
signature,
publicKeys: pub,
verificationKeys: pub,
message: await openpgp.createMessage({ text: 'hello world' })
});
expect(verified.data).to.equal('hello world');
@ -748,7 +748,7 @@ function tests() {
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: priv,
signingKeys: priv,
detached: true
});
expect(stream.isStream(signed)).to.equal(expectedType);
@ -756,7 +756,7 @@ function tests() {
const signature = await openpgp.readSignature({ armoredSignature });
const verified = await openpgp.verify({
signature,
publicKeys: pub,
verificationKeys: pub,
message: await openpgp.createMessage({ text: 'hello world' })
});
expect(verified.data).to.equal('hello world');
@ -767,7 +767,7 @@ function tests() {
it("Detached sign is expected to pull entire input stream when we're not pulling signed stream", async function() {
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: privKey,
signingKeys: privKey,
detached: true,
config: { minRSABits: 1024 }
});
@ -782,7 +782,7 @@ function tests() {
it('Detached sign: Input stream should be canceled when canceling signed stream', async function() {
const signed = await openpgp.sign({
message: await openpgp.createMessage({ binary: data }),
privateKeys: privKey,
signingKeys: privKey,
detached: true,
config: { minRSABits: 1024 }
});

26
test/general/x25519.js
View File

@ -164,7 +164,7 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr
const name = 'light';
const pub = await load_pub_key(name);
const msg = await openpgp.readCleartextMessage({ cleartextMessage: data[name].message_signed });
return openpgp.verify({ publicKeys: [pub], message: msg }).then(function(result) {
return openpgp.verify({ verificationKeys: [pub], message: msg }).then(function(result) {
expect(result).to.exist;
expect(result.data).to.equal(data[name].message);
expect(result.signatures).to.have.length(1);
@ -176,10 +176,10 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr
const name = 'light';
const randomData = input.createSomeMessage();
const priv = await load_priv_key(name);
const signed = await openpgp.sign({ privateKeys: [priv], message: await openpgp.createCleartextMessage({ text: randomData }) });
const signed = await openpgp.sign({ signingKeys: [priv], message: await openpgp.createCleartextMessage({ text: randomData }) });
const pub = await load_pub_key(name);
const msg = await openpgp.readCleartextMessage({ cleartextMessage: signed });
const result = await openpgp.verify({ publicKeys: [pub], message: msg });
const result = await openpgp.verify({ verificationKeys: [pub], message: msg });
expect(result).to.exist;
expect(result.data).to.equal(randomData.replace(/[ \t]+$/mg, ''));
@ -191,7 +191,7 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr
const light = await load_pub_key('light');
const night = await load_priv_key('night');
const msg = await openpgp.readMessage({ armoredMessage: data.night.message_encrypted });
const result = await openpgp.decrypt({ privateKeys: night, publicKeys: [light], message: msg });
const result = await openpgp.decrypt({ decryptionKeys: night, verificationKeys: [light], message: msg });
expect(result).to.exist;
expect(result.data).to.equal(data.night.message);
@ -203,12 +203,12 @@ module.exports = () => (openpgp.config.ci ? describe.skip : describe)('X25519 Cr
const nightPublic = await load_pub_key('night');
const lightPrivate = await load_priv_key('light');
const randomData = input.createSomeMessage();
const encrypted = await openpgp.encrypt({ publicKeys: [nightPublic], privateKeys: [lightPrivate], message: await openpgp.createMessage({ text: randomData }) });
const encrypted = await openpgp.encrypt({ encryptionKeys: [nightPublic], signingKeys: [lightPrivate], message: await openpgp.createMessage({ text: randomData }) });
const message = await openpgp.readMessage({ armoredMessage: encrypted });
const lightPublic = await load_pub_key('light');
const nightPrivate = await load_priv_key('night');
const result = await openpgp.decrypt({ privateKeys: nightPrivate, publicKeys: [lightPublic], message: message });
const result = await openpgp.decrypt({ decryptionKeys: nightPrivate, verificationKeys: [lightPublic], message: message });
expect(result).to.exist;
expect(result.data).to.equal(randomData);
@ -449,18 +449,18 @@ function omnibus() {
}),
// Signing message
openpgp.sign(
{ message: await openpgp.createCleartextMessage({ text: 'Hi, this is me, Hi!' }), privateKeys: hi }
{ message: await openpgp.createCleartextMessage({ text: 'Hi, this is me, Hi!' }), signingKeys: hi }
).then(async signed => {
const msg = await openpgp.readCleartextMessage({ cleartextMessage: signed });
// Verifying signed message
return Promise.all([
openpgp.verify(
{ message: msg, publicKeys: hi.toPublic() }
{ message: msg, verificationKeys: hi.toPublic() }
).then(output => expect(output.signatures[0].valid).to.be.true),
// Verifying detached signature
openpgp.verify({
message: await openpgp.createMessage({ text: 'Hi, this is me, Hi!' }),
publicKeys: hi.toPublic(),
verificationKeys: hi.toPublic(),
signature: msg.signature
}).then(output => expect(output.signatures[0].valid).to.be.true)
]);
@ -469,8 +469,8 @@ function omnibus() {
openpgp.encrypt(
{
message: await openpgp.createMessage({ text: 'Hi, Hi wrote this but only Bye can read it!' }),
publicKeys: [bye.toPublic()],
privateKeys: [hi]
encryptionKeys: [bye.toPublic()],
signingKeys: [hi]
}
).then(async encrypted => {
const msg = await openpgp.readMessage({ armoredMessage: encrypted });
@ -478,8 +478,8 @@ function omnibus() {
return openpgp.decrypt(
{
message: msg,
privateKeys: bye,
publicKeys: [hi.toPublic()]
decryptionKeys: bye,
verificationKeys: [hi.toPublic()]
}
).then(output => {
expect(output.data).to.equal('Hi, Hi wrote this but only Bye can read it!');

2
test/security/message_signature_bypass.js
View File

@ -97,7 +97,7 @@ async function fakeSignature() {
// faked message now verifies correctly
const res = await openpgp.verify({
message: fake,
publicKeys: await getOtherPubKey()
verificationKeys: await getOtherPubKey()
});
const { signatures } = res;
expect(signatures).to.have.length(0);

2
test/security/preferred_algo_mismatch.js
View File

@ -43,5 +43,5 @@ EnxUPL95HuMKoVkf4w==
module.exports = () => it('Does not accept message encrypted with algo not mentioned in preferred algorithms', async function() {
const message = await openpgp.readMessage({ armoredMessage });
const privKey = await openpgp.readKey({ armoredKey: privateKeyArmor });
await expect(openpgp.decrypt({ message, privateKeys: [privKey] })).to.be.rejectedWith('A non-preferred symmetric algorithm was used.');
await expect(openpgp.decrypt({ message, decryptionKeys: [privKey] })).to.be.rejectedWith('A non-preferred symmetric algorithm was used.');
});

4
test/security/subkey_trust.js
View File

@ -28,7 +28,7 @@ async function generateTestData() {
attackerPrivKey.revocationSignatures = [];
const signed = await openpgp.sign({
message: await createCleartextMessage({ text: 'I am batman' }),
privateKeys: victimPrivKey,
signingKeys: victimPrivKey,
armor: true
});
return {
@ -67,7 +67,7 @@ async function testSubkeyTrust() {
fakeKey = await readKey({ armoredKey: await fakeKey.toPublic().armor() });
const verifyAttackerIsBatman = await openpgp.verify({
message: await readCleartextMessage({ cleartextMessage: signed }),
publicKeys: fakeKey
verificationKeys: fakeKey
});
expect(verifyAttackerIsBatman.signatures[0].keyID.equals(victimPubKey.subKeys[0].getKeyID())).to.be.true;
expect(verifyAttackerIsBatman.signatures[0].valid).to.be.false;

2
test/security/unsigned_subpackets.js
View File

@ -59,7 +59,7 @@ async function makeKeyValid() {
try {
await openpgp.encrypt({
message: await createMessage({ text: 'Hello', filename: 'hello.txt' }),
publicKeys: k
encryptionKeys: k
});
return false;
} catch (e) {

18
test/typescript/definitions.ts
View File

@ -30,7 +30,7 @@ import {
// Encrypt text message (armored)
const text = 'hello';
const textMessage = await createMessage({ text: 'hello' });
const encryptedArmor: string = await encrypt({ publicKeys, message: textMessage });
const encryptedArmor: string = await encrypt({ encryptionKeys: publicKeys, message: textMessage });
expect(encryptedArmor).to.include('-----BEGIN PGP MESSAGE-----');
// Encrypt binary message (unarmored)
@ -38,18 +38,18 @@ import {
binary[0] = 1;
binary[1] = 2;
const binaryMessage = await createMessage({ binary });
const encryptedBinary: Uint8Array = await encrypt({ publicKeys, message: binaryMessage, armor: false });
const encryptedBinary: Uint8Array = await encrypt({ encryptionKeys: publicKeys, message: binaryMessage, armor: false });
expect(encryptedBinary).to.be.instanceOf(Uint8Array);
// Decrypt text message (armored)
const encryptedTextMessage = await readMessage({ armoredMessage: encryptedArmor });
const decryptedText = await decrypt({ privateKeys, message: encryptedTextMessage });
const decryptedText = await decrypt({ decryptionKeys: privateKeys, message: encryptedTextMessage });
const decryptedTextData: string = decryptedText.data;
expect(decryptedTextData).to.equal(text);
// Decrypt binary message (unarmored)
const encryptedBinaryMessage = await readMessage({ binaryMessage: encryptedBinary });
const decryptedBinary = await decrypt({ privateKeys, message: encryptedBinaryMessage, format: 'binary' });
const decryptedBinary = await decrypt({ decryptionKeys: privateKeys, message: encryptedBinaryMessage, format: 'binary' });
const decryptedBinaryData: Uint8Array = decryptedBinary.data;
expect(decryptedBinaryData).to.deep.equal(binary);
@ -59,26 +59,26 @@ import {
// Sign cleartext message (armored)
const cleartextMessage = await createCleartextMessage({ text: 'hello' });
const clearSignedArmor = await sign({ privateKeys, message: cleartextMessage });
const clearSignedArmor = await sign({ signingKeys: privateKeys, message: cleartextMessage });
expect(clearSignedArmor).to.include('-----BEGIN PGP SIGNED MESSAGE-----');
// Sign text message (armored)
const textSignedArmor: string = await sign({ privateKeys, message: textMessage });
const textSignedArmor: string = await sign({ signingKeys: privateKeys, message: textMessage });
expect(textSignedArmor).to.include('-----BEGIN PGP MESSAGE-----');
// Sign text message (unarmored)
const textSignedBinary: Uint8Array = await sign({ privateKeys, message: binaryMessage, armor: false });
const textSignedBinary: Uint8Array = await sign({ signingKeys: privateKeys, message: binaryMessage, armor: false });
expect(textSignedBinary).to.be.instanceOf(Uint8Array);
// Verify signed text message (armored)
const signedMessage = await readMessage({ armoredMessage: textSignedArmor });
const verifiedText = await verify({ publicKeys, message: signedMessage });
const verifiedText = await verify({ verificationKeys: publicKeys, message: signedMessage });
const verifiedTextData: string = verifiedText.data;
expect(verifiedTextData).to.equal(text);
// Verify signed binary message (unarmored)
const message = await readMessage({ binaryMessage: textSignedBinary });
const verifiedBinary = await verify({ publicKeys, message, format: 'binary' });
const verifiedBinary = await verify({ verificationKeys: publicKeys, message, format: 'binary' });
const verifiedBinaryData: Uint8Array = verifiedBinary.data;
expect(verifiedBinaryData).to.deep.equal(binary);

8
test/worker/worker_example.js
View File

@ -51,8 +51,8 @@ onmessage = async function({ data: { action, message }, ports: [port] }) {
});
const data = await openpgp.encrypt({
message: await openpgp.createMessage({ text: message }),
publicKeys: publicKey,
privateKeys: privateKey
encryptionKeys: publicKey,
signingKeys: privateKey
});
result = data;
break;
@ -65,8 +65,8 @@ onmessage = async function({ data: { action, message }, ports: [port] }) {
});
const { data, signatures } = await openpgp.decrypt({
message: await openpgp.readMessage({ armoredMessage: message }),
publicKeys: publicKey,
privateKeys: privateKey
verificationKeys: publicKey,
decryptionKeys: privateKey
});
if (!signatures[0].valid) {
throw new Error("Couldn't veriy signature");