Merge pull request #514 from Consensas/master

implement keyExpirationTime
2017-01-25 14:56:53 -08:00 · 2017-01-25 14:56:53 -08:00 · 7d4044c0d1
commit 7d4044c0d1
parent bc69357ab5 d6abdfe4ec
4 changed files with 32 additions and 7 deletions
--- a/src/key.js
+++ b/src/key.js
@ -944,6 +944,7 @@ export function readArmored(armoredText) {
                                                     If array is used, the first userId is set as primary user Id
 * @param {String}  options.passphrase The passphrase used to encrypt the resulting private key
 * @param {Boolean} [options.unlocked=false]    The secret part of the generated key is unlocked
+ * @param {Number} [options.keyExpirationTime=0] The number of seconds after the key creation time that the key expires
 * @return {module:key~Key}
 * @static
 */
@ -1023,6 +1024,10 @@ export function generate(options) {
        signaturePacket.features = [];
        signaturePacket.features.push(1); // Modification Detection
      }
+      if (options.keyExpirationTime > 0) {
+        signaturePacket.keyExpirationTime = options.keyExpirationTime;
+        signaturePacket.keyNeverExpires = false;
+      }
      signaturePacket.sign(secretKeyPacket, dataToSign);

      packetlist.push(userIdPacket);
--- a/src/openpgp.js
+++ b/src/openpgp.js
@ -92,12 +92,13 @@ export function destroyWorker() {
 * @param  {String} passphrase       (optional) The passphrase used to encrypt the resulting private key
 * @param  {Number} numBits          (optional) number of bits for the key creation. (should be 2048 or 4096)
 * @param  {Boolean} unlocked        (optional) If the returned secret part of the generated key is unlocked
+ * @param  {Number} keyExpirationTime (optional) The number of seconds after the key creation time that the key expires
 * @return {Promise<Object>}         The generated key object in the form:
 *                                     { key:Key, privateKeyArmored:String, publicKeyArmored:String }
 * @static
 */
-export function generateKey({ userIds=[], passphrase, numBits=2048, unlocked=false } = {}) {
-  const options = formatUserIds({ userIds, passphrase, numBits, unlocked });
+export function generateKey({ userIds=[], passphrase, numBits=2048, unlocked=false, keyExpirationTime=0 } = {}) {
+  const options = formatUserIds({ userIds, passphrase, numBits, unlocked, keyExpirationTime });

  if (!util.getWebCryptoAll() && asyncProxy) { // use web worker if web crypto apis are not supported
    return asyncProxy.delegate('generateKey', options);
@ -485,4 +486,4 @@ function onError(message, error) {
 */
 function nativeAEAD() {
  return util.getWebCrypto() && config.aead_protect;
-}
+}
--- a/test/general/key.js
+++ b/test/general/key.js
@ -873,6 +873,23 @@ var pgp_desktop_priv =
      done();
    }).catch(done);
  });
+  it('Generate key - ensure keyExpirationTime works', function(done) {
+    var expect_delta = 365 * 24 * 60 * 60;
+    var userId = 'test <a@b.com>';
+    var opt = {numBits: 512, userIds: userId, passphrase: '123', keyExpirationTime: expect_delta};
+    if (openpgp.util.getWebCryptoAll()) { opt.numBits = 2048; } // webkit webcrypto accepts minimum 2048 bit keys
+    openpgp.generateKey(opt).then(function(key) {
+      key = key.key;
+
+      const expiration = key.getExpirationTime();
+      expect(expiration).to.exist;
+
+      const actual_delta = (new Date(expiration) - new Date()) / 1000;
+      expect(Math.abs(actual_delta - expect_delta)).to.be.below(60);
+
+      done();
+    }).catch(done);
+  });

 });

--- a/test/general/openpgp.js
+++ b/test/general/openpgp.js
@ -289,7 +289,7 @@ describe('OpenPGP.js public api tests', function() {
      var opt = {
        userIds: { name: 'Test User' }
      };
-      openpgp.generateKey(opt).then(function() { done(); });
+      openpgp.generateKey(opt).then(function() { done(); })
    });

    it('should have default params set', function(done) {
@ -303,13 +303,14 @@ describe('OpenPGP.js public api tests', function() {
          userIds: ['Test User <text@example.com>'],
          passphrase: 'secret',
          numBits: 2048,
-          unlocked: true
+          unlocked: true,
+          keyExpirationTime: 0
        }).calledOnce).to.be.true;
        expect(newKey.key).to.exist;
        expect(newKey.privateKeyArmored).to.exist;
        expect(newKey.publicKeyArmored).to.exist;
        done();
-      });
+      })
    });

    it('should work for no params', function(done) {
@ -318,7 +319,8 @@ describe('OpenPGP.js public api tests', function() {
          userIds: [],
          passphrase: undefined,
          numBits: 2048,
-          unlocked: false
+          unlocked: false,
+          keyExpirationTime: 0
        }).calledOnce).to.be.true;
        expect(newKey.key).to.exist;
        done();