suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Release new version

Browse Source
This commit is contained in:
Daniel Huigens 2020-08-28 16:42:25 +02:00
parent 2eab8a1ebc
commit aa89893773
15 changed files with 269 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bower.json
View File

@ -1,6 +1,6 @@
{
"name": "openpgp",
"version": "4.10.7",
"version": "4.10.8",
"license": "LGPL-3.0+",
"homepage": "https://openpgpjs.org/",
"authors": [

163
dist/compat/openpgp.js vendored
View File

@ -1,4 +1,4 @@
/*! OpenPGP.js v4.10.7 - 2020-07-21 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
/*! OpenPGP.js v4.10.8 - 2020-08-28 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.openpgp = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(_dereq_,module,exports){
(function (global){
"use strict";
@ -31452,6 +31452,14 @@ exports.default = {
* @property {Boolean} revocations_expire If true, expired revocation signatures are ignored
*/
revocations_expire: false,
/**
* Allow decryption using RSA keys without `encrypt` flag.
* This setting is potentially insecure, but it is needed to get around an old openpgpjs bug
* where key flags were ignored when selecting a key for encryption.
* @memberof module:config
* @property {Boolean} allow_insecure_decryption_with_signing_keys
*/
allow_insecure_decryption_with_signing_keys: false,
/**
* @memberof module:config
@ -31493,7 +31501,7 @@ exports.default = {
* @memberof module:config
* @property {String} versionstring A version string to be included in armored messages
*/
versionstring: "OpenPGP.js v4.10.7",
versionstring: "OpenPGP.js v4.10.8",
/**
* @memberof module:config
* @property {String} commentstring A comment string to be included in armored messages
@ -44733,6 +44741,7 @@ exports.getExpirationTime = getExpirationTime;
exports.sanitizeKeyOptions = sanitizeKeyOptions;
exports.isValidSigningKeyPacket = isValidSigningKeyPacket;
exports.isValidEncryptionKeyPacket = isValidEncryptionKeyPacket;
exports.isValidDecryptionKeyPacket = isValidDecryptionKeyPacket;
var _packet = _dereq_('../packet');
@ -44821,6 +44830,20 @@ function isValidEncryptionKeyPacket(keyPacket, signature) {
return keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.dsa) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.rsa_sign) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.ecdsa) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.eddsa) && (!signature.keyFlags || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_communication) !== 0 || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_storage) !== 0);
}
function isValidDecryptionKeyPacket(signature) {
if (!signature.verified) {
// Sanity check
throw new Error('Signature not verified');
}
if (_config2.default.allow_insecure_decryption_with_signing_keys) {
// This is only relevant for RSA keys, all other signing ciphers cannot decrypt
return true;
}
return !signature.keyFlags || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_communication) !== 0 || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_storage) !== 0;
}
},{"../config":350,"../crypto":365,"../enums":384,"../packet":402,"../util":429,"babel-runtime/core-js/object/assign":22,"babel-runtime/core-js/object/get-prototype-of":28,"babel-runtime/core-js/object/values":30,"babel-runtime/core-js/promise":31,"babel-runtime/helpers/asyncToGenerator":35,"babel-runtime/helpers/slicedToArray":40,"babel-runtime/regenerator":43}],389:[function(_dereq_,module,exports){
'use strict';
@ -45412,71 +45435,63 @@ Key.prototype.getDecryptionKeys = function () {
while (1) {
switch (_context3.prev = _context3.next) {
case 0:
_context3.next = 2;
return this.verifyPrimaryKey(date, userId);
case 2:
primaryKey = this.keyPacket;
keys = [];
i = 0;
case 5:
case 3:
if (!(i < this.subKeys.length)) {
_context3.next = 22;
_context3.next = 18;
break;
}
if (!(!keyId || this.subKeys[i].getKeyId().equals(keyId, true))) {
_context3.next = 19;
_context3.next = 15;
break;
}
_context3.prev = 7;
_context3.next = 10;
return this.subKeys[i].verify(primaryKey, date);
case 10:
_context3.prev = 5;
dataToVerify = { key: primaryKey, bind: this.subKeys[i].keyPacket };
_context3.next = 13;
_context3.next = 9;
return helper.getLatestValidSignature(this.subKeys[i].bindingSignatures, primaryKey, _enums2.default.signature.subkey_binding, dataToVerify, date);
case 13:
case 9:
bindingSignature = _context3.sent;
if (bindingSignature && helper.isValidEncryptionKeyPacket(this.subKeys[i].keyPacket, bindingSignature)) {
if (bindingSignature && helper.isValidDecryptionKeyPacket(bindingSignature)) {
keys.push(this.subKeys[i]);
}
_context3.next = 19;
_context3.next = 15;
break;
case 17:
_context3.prev = 17;
_context3.t0 = _context3['catch'](7);
case 13:
_context3.prev = 13;
_context3.t0 = _context3['catch'](5);
case 19:
case 15:
i++;
_context3.next = 5;
_context3.next = 3;
break;
case 22:
_context3.next = 24;
case 18:
_context3.next = 20;
return this.getPrimaryUser(date, userId);
case 24:
case 20:
primaryUser = _context3.sent;
if ((!keyId || primaryKey.getKeyId().equals(keyId, true)) && helper.isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) {
if ((!keyId || primaryKey.getKeyId().equals(keyId, true)) && helper.isValidDecryptionKeyPacket(primaryUser.selfCertification)) {
keys.push(this);
}
return _context3.abrupt('return', keys);
case 27:
case 23:
case 'end':
return _context3.stop();
}
}
}, _callee3, this, [[7, 17]]);
}, _callee3, this, [[5, 13]]);
}));
return function (_x9) {
@ -45720,7 +45735,7 @@ Key.prototype.validate = (0, _asyncToGenerator3.default)( /*#__PURE__*/_regenera
case 2:
signingKeyPacket = void 0;
if (this.keyPacket.isDummy()) {
if (this.primaryKey.isDummy()) {
_context10.next = 7;
break;
}
@ -47016,9 +47031,9 @@ SubKey.prototype.isRevoked = function () {
* Verify subkey. Checks for revocation signatures, expiration time
* and valid binding signature. Throws if the subkey is invalid.
* @param {module:packet.SecretKey|
* module:packet.PublicKey} primaryKey The primary key packet
* @param {Date} date Use the given date instead of the current time
* @returns {Promise<true>} The status of the subkey
* module:packet.PublicKey} primaryKey The primary key packet
* @param {Date} date Use the given date instead of the current time
* @returns {Promise<undefined>}
* @async
*/
SubKey.prototype.verify = function () {
@ -54920,36 +54935,47 @@ PublicKeyEncryptedSessionKey.prototype.encrypt = function () {
*/
PublicKeyEncryptedSessionKey.prototype.decrypt = function () {
var _ref2 = (0, _asyncToGenerator3.default)( /*#__PURE__*/_regenerator2.default.mark(function _callee2(key) {
var algo, decoded, checksum;
var algo, keyAlgo, decoded, checksum;
return _regenerator2.default.wrap(function _callee2$(_context2) {
while (1) {
switch (_context2.prev = _context2.next) {
case 0:
algo = _enums2.default.write(_enums2.default.publicKey, this.publicKeyAlgorithm);
_context2.next = 3;
keyAlgo = _enums2.default.write(_enums2.default.publicKey, key.algorithm);
// check that session key algo matches the secret key algo
if (!(algo !== keyAlgo)) {
_context2.next = 4;
break;
}
throw new Error('Decryption error');
case 4:
_context2.next = 6;
return _crypto2.default.publicKeyDecrypt(algo, key.params, this.encrypted, key.getFingerprintBytes());
case 3:
case 6:
decoded = _context2.sent;
checksum = _util2.default.str_to_Uint8Array(decoded.substr(decoded.length - 2));
key = _util2.default.str_to_Uint8Array(decoded.substring(1, decoded.length - 2));
if (_util2.default.equalsUint8Array(checksum, _util2.default.write_checksum(key))) {
_context2.next = 10;
_context2.next = 13;
break;
}
throw new Error('Decryption error');
case 10:
case 13:
this.sessionKey = key;
this.sessionKeyAlgorithm = _enums2.default.read(_enums2.default.symmetric, decoded.charCodeAt(0));
case 12:
case 15:
return _context2.abrupt('return', true);
case 13:
case 16:
case 'end':
return _context2.stop();
}
@ -55368,6 +55394,26 @@ SecretKey.prototype.isDummy = function () {
return !!(this.s2k && this.s2k.type === 'gnu-dummy');
};
/**
* Remove private key material, converting the key to a dummy one
* The resulting key cannot be used for signing/decrypting but can still verify signatures
*/
SecretKey.prototype.makeDummy = function () {
if (this.isDummy()) {
return;
}
if (!this.isDecrypted()) {
// this is technically not needed, but makes the conversion simpler
throw new Error("Key is not decrypted");
}
this.clearPrivateParams();
this.isEncrypted = false;
this.s2k = new _s2k2.default();
this.s2k.algorithm = 0;
this.s2k.c = 0;
this.s2k.type = 'gnu-dummy';
};
/**
* Encrypt the payload. By default, we use aes256 and iterated, salted string
* to key specifier. If the key is in a decrypted state (isEncrypted === false)
@ -55926,7 +55972,8 @@ function Signature() {
this.revocationKeyAlgorithm = null;
this.revocationKeyFingerprint = null;
this.issuerKeyId = new _keyid2.default();
this.notations = [];
this.rawNotations = [];
this.notations = {};
this.preferredHashAlgorithms = null;
this.preferredCompressionAlgorithms = null;
this.keyServerPreferences = null;
@ -56159,17 +56206,20 @@ Signature.prototype.write_hashed_sub_packets = function () {
bytes = _util2.default.concat([bytes, this.revocationKeyFingerprint]);
arr.push(write_sub_packet(sub.revocation_key, bytes));
}
this.notations.forEach(function (_ref3) {
var _ref4 = (0, _slicedToArray3.default)(_ref3, 2),
name = _ref4[0],
value = _ref4[1];
this.rawNotations.forEach(function (_ref3) {
var _ref4 = (0, _slicedToArray3.default)(_ref3, 1),
_ref4$ = _ref4[0],
name = _ref4$.name,
value = _ref4$.value,
humanReadable = _ref4$.humanReadable;
bytes = [new Uint8Array([0x80, 0, 0, 0])];
bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];
// 2 octets of name length
bytes.push(_util2.default.writeNumber(name.length, 2));
// 2 octets of value length
bytes.push(_util2.default.writeNumber(value.length, 2));
bytes.push(_util2.default.str_to_Uint8Array(name + value));
bytes.push(_util2.default.str_to_Uint8Array(name));
bytes.push(value);
bytes = _util2.default.concat(bytes);
arr.push(write_sub_packet(sub.notation_data, bytes));
});
@ -56369,9 +56419,10 @@ Signature.prototype.read_sub_packet = function (bytes) {
break;
case 20:
// Notation Data
// We don't know how to handle anything but a text flagged data.
if (bytes[mypos] === 0x80) {
{
// Notation Data
var humanReadable = !!(bytes[mypos] & 0x80);
// We extract key/value tuple from the byte stream.
mypos += 4;
var m = _util2.default.readNumber(bytes.subarray(mypos, mypos + 2));
@ -56380,17 +56431,19 @@ Signature.prototype.read_sub_packet = function (bytes) {
mypos += 2;
var name = _util2.default.Uint8Array_to_str(bytes.subarray(mypos, mypos + m));
var value = _util2.default.Uint8Array_to_str(bytes.subarray(mypos + m, mypos + m + n));
var value = bytes.subarray(mypos + m, mypos + m + n);
this.notations.push([name, value]);
this.rawNotations.push({ name: name, humanReadable: humanReadable, value: value });
if (humanReadable) {
this.notations[name] = _util2.default.Uint8Array_to_str(value);
}
if (critical && _config2.default.known_notations.indexOf(name) === -1) {
throw new Error("Unknown critical notation: " + name);
}
} else {
_util2.default.print_debug("Unsupported notation flag " + bytes[mypos]);
break;
}
break;
case 21:
// Preferred Hash Algorithms
read_array('preferredHashAlgorithms', bytes.subarray(mypos, bytes.length));

4
dist/compat/openpgp.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
dist/compat/openpgp.worker.js vendored
View File

@ -1,4 +1,4 @@
/*! OpenPGP.js v4.10.7 - 2020-07-21 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
/*! OpenPGP.js v4.10.8 - 2020-08-28 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
(function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){
(function (global){
// GPG4Browsers - An OpenPGP implementation in javascript

2
dist/compat/openpgp.worker.min.js vendored
View File

@ -1,2 +1,2 @@
/*! OpenPGP.js v4.10.7 - 2020-07-21 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
/*! OpenPGP.js v4.10.8 - 2020-08-28 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
!function(){return function e(n,r,t){function o(i,s){if(!r[i]){if(!n[i]){var c="function"==typeof require&&require;if(!s&&c)return c(i,!0);if(a)return a(i,!0);var f=new Error("Cannot find module '"+i+"'");throw f.code="MODULE_NOT_FOUND",f}var u=r[i]={exports:{}};n[i][0].call(u.exports,function(e){return o(n[i][1][e]||e)},u,u.exports,e,n,r,t)}return r[i].exports}for(var a="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}}()({1:[function(e,n,r){(function(e){importScripts("openpgp.min.js");var n=e.openpgp,r=[],t=6e4;n.crypto.random.randomBuffer.init(t,function(){return r.length||self.postMessage({event:"request-seed",amount:t}),new Promise(function(e){r.push(e)})}),self.onmessage=function(e){var t,s=e.data||{};switch(s.event){case"configure":t=s.config,Object.keys(t).forEach(function(e){n.config[e]=t[e]});break;case"seed-random":!function(e){e instanceof Uint8Array||(e=new Uint8Array(e));n.crypto.random.randomBuffer.set(e)}(s.buf);var c=r;r=[];for(var f=0;f<c.length;f++)c[f]();break;default:!function(e,r,t){if("clear-key-cache"===r)return Array.from(o.values()).forEach(e=>{e.isPrivate()&&e.clearPrivateParams()}),o.clear(),void i({id:e,event:"method-return"});if("function"!=typeof n[r])return void i({id:e,event:"method-return",err:"Unknown Worker Event"});n.util.restoreStreams(t),(t=n.packet.clone.parseClonedPackets(t,r)).publicKeys&&(t.publicKeys=t.publicKeys.map(a));t.privateKeys&&(t.privateKeys=t.privateKeys.map(a));n[r](t).then(function(r){i({id:e,event:"method-return",data:n.packet.clone.clonePackets(r)})}).catch(function(r){n.util.print_debug_error(r),i({id:e,event:"method-return",err:r.message,stack:r.stack})})}(s.id,s.event,s.options||{})}};const o=new Map;function a(e){const n=e.armor();return o.has(n)?o.get(n):(o.set(n,e),e)}function i(e){self.postMessage(e,n.util.getTransferables(e.data,n.config.zero_copy))}postMessage({event:"loaded"})}).call(this,"undefined"!=typeof global?global:"undefined"!=typeof self?self:"undefined"!=typeof window?window:{})},{}]},{},[1]);

95
dist/lightweight/openpgp.js vendored
View File

@ -1,4 +1,4 @@
/*! OpenPGP.js v4.10.7 - 2020-07-21 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
/*! OpenPGP.js v4.10.8 - 2020-08-28 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.openpgp = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){
(function (global){
"use strict";
@ -20624,6 +20624,14 @@ exports.default = {
* @property {Boolean} revocations_expire If true, expired revocation signatures are ignored
*/
revocations_expire: false,
/**
* Allow decryption using RSA keys without `encrypt` flag.
* This setting is potentially insecure, but it is needed to get around an old openpgpjs bug
* where key flags were ignored when selecting a key for encryption.
* @memberof module:config
* @property {Boolean} allow_insecure_decryption_with_signing_keys
*/
allow_insecure_decryption_with_signing_keys: false,
/**
* @memberof module:config
@ -20665,7 +20673,7 @@ exports.default = {
* @memberof module:config
* @property {String} versionstring A version string to be included in armored messages
*/
versionstring: "OpenPGP.js v4.10.7",
versionstring: "OpenPGP.js v4.10.8",
/**
* @memberof module:config
* @property {String} commentstring A comment string to be included in armored messages
@ -29441,6 +29449,7 @@ exports.isAeadSupported = isAeadSupported;
exports.sanitizeKeyOptions = sanitizeKeyOptions;
exports.isValidSigningKeyPacket = isValidSigningKeyPacket;
exports.isValidEncryptionKeyPacket = isValidEncryptionKeyPacket;
exports.isValidDecryptionKeyPacket = isValidDecryptionKeyPacket;
var _packet = require('../packet');
@ -29792,6 +29801,20 @@ function isValidEncryptionKeyPacket(keyPacket, signature) {
return keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.dsa) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.rsa_sign) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.ecdsa) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.eddsa) && (!signature.keyFlags || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_communication) !== 0 || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_storage) !== 0);
}
function isValidDecryptionKeyPacket(signature) {
if (!signature.verified) {
// Sanity check
throw new Error('Signature not verified');
}
if (_config2.default.allow_insecure_decryption_with_signing_keys) {
// This is only relevant for RSA keys, all other signing ciphers cannot decrypt
return true;
}
return !signature.keyFlags || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_communication) !== 0 || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_storage) !== 0;
}
},{"../config":57,"../crypto":72,"../enums":91,"../packet":109,"../util":136}],96:[function(require,module,exports){
'use strict';
@ -30197,16 +30220,14 @@ Key.prototype.getEncryptionKey = async function (keyId, date = new Date(), userI
* @async
*/
Key.prototype.getDecryptionKeys = async function (keyId, date = new Date(), userId = {}) {
await this.verifyPrimaryKey(date, userId);
const primaryKey = this.keyPacket;
const keys = [];
for (let i = 0; i < this.subKeys.length; i++) {
if (!keyId || this.subKeys[i].getKeyId().equals(keyId, true)) {
try {
await this.subKeys[i].verify(primaryKey, date);
const dataToVerify = { key: primaryKey, bind: this.subKeys[i].keyPacket };
const bindingSignature = await helper.getLatestValidSignature(this.subKeys[i].bindingSignatures, primaryKey, _enums2.default.signature.subkey_binding, dataToVerify, date);
if (bindingSignature && helper.isValidEncryptionKeyPacket(this.subKeys[i].keyPacket, bindingSignature)) {
if (bindingSignature && helper.isValidDecryptionKeyPacket(bindingSignature)) {
keys.push(this.subKeys[i]);
}
} catch (e) {}
@ -30215,7 +30236,7 @@ Key.prototype.getDecryptionKeys = async function (keyId, date = new Date(), user
// evaluate primary key
const primaryUser = await this.getPrimaryUser(date, userId);
if ((!keyId || primaryKey.getKeyId().equals(keyId, true)) && helper.isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) {
if ((!keyId || primaryKey.getKeyId().equals(keyId, true)) && helper.isValidDecryptionKeyPacket(primaryUser.selfCertification)) {
keys.push(this);
}
@ -30305,7 +30326,7 @@ Key.prototype.validate = async function () {
}
let signingKeyPacket;
if (!this.keyPacket.isDummy()) {
if (!this.primaryKey.isDummy()) {
signingKeyPacket = this.primaryKey;
} else {
/**
@ -30821,9 +30842,9 @@ SubKey.prototype.isRevoked = async function (primaryKey, signature, key, date =
* Verify subkey. Checks for revocation signatures, expiration time
* and valid binding signature. Throws if the subkey is invalid.
* @param {module:packet.SecretKey|
* module:packet.PublicKey} primaryKey The primary key packet
* @param {Date} date Use the given date instead of the current time
* @returns {Promise<true>} The status of the subkey
* module:packet.PublicKey} primaryKey The primary key packet
* @param {Date} date Use the given date instead of the current time
* @returns {Promise<undefined>}
* @async
*/
SubKey.prototype.verify = async function (primaryKey, date = new Date()) {
@ -35404,6 +35425,11 @@ PublicKeyEncryptedSessionKey.prototype.encrypt = async function (key) {
*/
PublicKeyEncryptedSessionKey.prototype.decrypt = async function (key) {
const algo = _enums2.default.write(_enums2.default.publicKey, this.publicKeyAlgorithm);
const keyAlgo = _enums2.default.write(_enums2.default.publicKey, key.algorithm);
// check that session key algo matches the secret key algo
if (algo !== keyAlgo) {
throw new Error('Decryption error');
}
const decoded = await _crypto2.default.publicKeyDecrypt(algo, key.params, this.encrypted, key.getFingerprintBytes());
const checksum = _util2.default.str_to_Uint8Array(decoded.substr(decoded.length - 2));
key = _util2.default.str_to_Uint8Array(decoded.substring(1, decoded.length - 2));
@ -35778,6 +35804,26 @@ SecretKey.prototype.isDummy = function () {
return !!(this.s2k && this.s2k.type === 'gnu-dummy');
};
/**
* Remove private key material, converting the key to a dummy one
* The resulting key cannot be used for signing/decrypting but can still verify signatures
*/
SecretKey.prototype.makeDummy = function () {
if (this.isDummy()) {
return;
}
if (!this.isDecrypted()) {
// this is technically not needed, but makes the conversion simpler
throw new Error("Key is not decrypted");
}
this.clearPrivateParams();
this.isEncrypted = false;
this.s2k = new _s2k2.default();
this.s2k.algorithm = 0;
this.s2k.c = 0;
this.s2k.type = 'gnu-dummy';
};
/**
* Encrypt the payload. By default, we use aes256 and iterated, salted string
* to key specifier. If the key is in a decrypted state (isEncrypted === false)
@ -36113,7 +36159,8 @@ function Signature(date = new Date()) {
this.revocationKeyAlgorithm = null;
this.revocationKeyFingerprint = null;
this.issuerKeyId = new _keyid2.default();
this.notations = [];
this.rawNotations = [];
this.notations = {};
this.preferredHashAlgorithms = null;
this.preferredCompressionAlgorithms = null;
this.keyServerPreferences = null;
@ -36273,13 +36320,14 @@ Signature.prototype.write_hashed_sub_packets = function () {
bytes = _util2.default.concat([bytes, this.revocationKeyFingerprint]);
arr.push(write_sub_packet(sub.revocation_key, bytes));
}
this.notations.forEach(([name, value]) => {
bytes = [new Uint8Array([0x80, 0, 0, 0])];
this.rawNotations.forEach(([{ name, value, humanReadable }]) => {
bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];
// 2 octets of name length
bytes.push(_util2.default.writeNumber(name.length, 2));
// 2 octets of value length
bytes.push(_util2.default.writeNumber(value.length, 2));
bytes.push(_util2.default.str_to_Uint8Array(name + value));
bytes.push(_util2.default.str_to_Uint8Array(name));
bytes.push(value);
bytes = _util2.default.concat(bytes);
arr.push(write_sub_packet(sub.notation_data, bytes));
});
@ -36475,9 +36523,10 @@ Signature.prototype.read_sub_packet = function (bytes, trusted = true) {
break;
case 20:
// Notation Data
// We don't know how to handle anything but a text flagged data.
if (bytes[mypos] === 0x80) {
{
// Notation Data
const humanReadable = !!(bytes[mypos] & 0x80);
// We extract key/value tuple from the byte stream.
mypos += 4;
const m = _util2.default.readNumber(bytes.subarray(mypos, mypos + 2));
@ -36486,17 +36535,19 @@ Signature.prototype.read_sub_packet = function (bytes, trusted = true) {
mypos += 2;
const name = _util2.default.Uint8Array_to_str(bytes.subarray(mypos, mypos + m));
const value = _util2.default.Uint8Array_to_str(bytes.subarray(mypos + m, mypos + m + n));
const value = bytes.subarray(mypos + m, mypos + m + n);
this.notations.push([name, value]);
this.rawNotations.push({ name, humanReadable, value });
if (humanReadable) {
this.notations[name] = _util2.default.Uint8Array_to_str(value);
}
if (critical && _config2.default.known_notations.indexOf(name) === -1) {
throw new Error("Unknown critical notation: " + name);
}
} else {
_util2.default.print_debug("Unsupported notation flag " + bytes[mypos]);
break;
}
break;
case 21:
// Preferred Hash Algorithms
read_array('preferredHashAlgorithms', bytes.subarray(mypos, bytes.length));

4
dist/lightweight/openpgp.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
dist/lightweight/openpgp.worker.js vendored
View File

@ -1,4 +1,4 @@
/*! OpenPGP.js v4.10.7 - 2020-07-21 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
/*! OpenPGP.js v4.10.8 - 2020-08-28 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
(function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){
(function (global){
// GPG4Browsers - An OpenPGP implementation in javascript

2
dist/lightweight/openpgp.worker.min.js vendored
View File

@ -1,2 +1,2 @@
/*! OpenPGP.js v4.10.7 - 2020-07-21 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
/*! OpenPGP.js v4.10.8 - 2020-08-28 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
!function(){return function e(n,r,t){function o(i,s){if(!r[i]){if(!n[i]){var c="function"==typeof require&&require;if(!s&&c)return c(i,!0);if(a)return a(i,!0);var f=new Error("Cannot find module '"+i+"'");throw f.code="MODULE_NOT_FOUND",f}var u=r[i]={exports:{}};n[i][0].call(u.exports,function(e){return o(n[i][1][e]||e)},u,u.exports,e,n,r,t)}return r[i].exports}for(var a="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}}()({1:[function(e,n,r){(function(e){importScripts("openpgp.min.js");var n=e.openpgp,r=[],t=6e4;n.crypto.random.randomBuffer.init(t,function(){return r.length||self.postMessage({event:"request-seed",amount:t}),new Promise(function(e){r.push(e)})}),self.onmessage=function(e){var t,s=e.data||{};switch(s.event){case"configure":t=s.config,Object.keys(t).forEach(function(e){n.config[e]=t[e]});break;case"seed-random":!function(e){e instanceof Uint8Array||(e=new Uint8Array(e));n.crypto.random.randomBuffer.set(e)}(s.buf);var c=r;r=[];for(var f=0;f<c.length;f++)c[f]();break;default:!function(e,r,t){if("clear-key-cache"===r)return Array.from(o.values()).forEach(e=>{e.isPrivate()&&e.clearPrivateParams()}),o.clear(),void i({id:e,event:"method-return"});if("function"!=typeof n[r])return void i({id:e,event:"method-return",err:"Unknown Worker Event"});n.util.restoreStreams(t),(t=n.packet.clone.parseClonedPackets(t,r)).publicKeys&&(t.publicKeys=t.publicKeys.map(a));t.privateKeys&&(t.privateKeys=t.privateKeys.map(a));n[r](t).then(function(r){i({id:e,event:"method-return",data:n.packet.clone.clonePackets(r)})}).catch(function(r){n.util.print_debug_error(r),i({id:e,event:"method-return",err:r.message,stack:r.stack})})}(s.id,s.event,s.options||{})}};const o=new Map;function a(e){const n=e.armor();return o.has(n)?o.get(n):(o.set(n,e),e)}function i(e){self.postMessage(e,n.util.getTransferables(e.data,n.config.zero_copy))}postMessage({event:"loaded"})}).call(this,"undefined"!=typeof global?global:"undefined"!=typeof self?self:"undefined"!=typeof window?window:{})},{}]},{},[1]);

95
dist/openpgp.js vendored
View File

@ -1,4 +1,4 @@
/*! OpenPGP.js v4.10.7 - 2020-07-21 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
/*! OpenPGP.js v4.10.8 - 2020-08-28 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.openpgp = f()}})(function(){var define,module,exports;return (function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){
(function (global){
"use strict";
@ -25011,6 +25011,14 @@ exports.default = {
* @property {Boolean} revocations_expire If true, expired revocation signatures are ignored
*/
revocations_expire: false,
/**
* Allow decryption using RSA keys without `encrypt` flag.
* This setting is potentially insecure, but it is needed to get around an old openpgpjs bug
* where key flags were ignored when selecting a key for encryption.
* @memberof module:config
* @property {Boolean} allow_insecure_decryption_with_signing_keys
*/
allow_insecure_decryption_with_signing_keys: false,
/**
* @memberof module:config
@ -25052,7 +25060,7 @@ exports.default = {
* @memberof module:config
* @property {String} versionstring A version string to be included in armored messages
*/
versionstring: "OpenPGP.js v4.10.7",
versionstring: "OpenPGP.js v4.10.8",
/**
* @memberof module:config
* @property {String} commentstring A comment string to be included in armored messages
@ -33828,6 +33836,7 @@ exports.isAeadSupported = isAeadSupported;
exports.sanitizeKeyOptions = sanitizeKeyOptions;
exports.isValidSigningKeyPacket = isValidSigningKeyPacket;
exports.isValidEncryptionKeyPacket = isValidEncryptionKeyPacket;
exports.isValidDecryptionKeyPacket = isValidDecryptionKeyPacket;
var _packet = require('../packet');
@ -34179,6 +34188,20 @@ function isValidEncryptionKeyPacket(keyPacket, signature) {
return keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.dsa) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.rsa_sign) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.ecdsa) && keyPacket.algorithm !== _enums2.default.read(_enums2.default.publicKey, _enums2.default.publicKey.eddsa) && (!signature.keyFlags || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_communication) !== 0 || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_storage) !== 0);
}
function isValidDecryptionKeyPacket(signature) {
if (!signature.verified) {
// Sanity check
throw new Error('Signature not verified');
}
if (_config2.default.allow_insecure_decryption_with_signing_keys) {
// This is only relevant for RSA keys, all other signing ciphers cannot decrypt
return true;
}
return !signature.keyFlags || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_communication) !== 0 || (signature.keyFlags[0] & _enums2.default.keyFlags.encrypt_storage) !== 0;
}
},{"../config":79,"../crypto":94,"../enums":113,"../packet":131,"../util":158}],118:[function(require,module,exports){
'use strict';
@ -34584,16 +34607,14 @@ Key.prototype.getEncryptionKey = async function (keyId, date = new Date(), userI
* @async
*/
Key.prototype.getDecryptionKeys = async function (keyId, date = new Date(), userId = {}) {
await this.verifyPrimaryKey(date, userId);
const primaryKey = this.keyPacket;
const keys = [];
for (let i = 0; i < this.subKeys.length; i++) {
if (!keyId || this.subKeys[i].getKeyId().equals(keyId, true)) {
try {
await this.subKeys[i].verify(primaryKey, date);
const dataToVerify = { key: primaryKey, bind: this.subKeys[i].keyPacket };
const bindingSignature = await helper.getLatestValidSignature(this.subKeys[i].bindingSignatures, primaryKey, _enums2.default.signature.subkey_binding, dataToVerify, date);
if (bindingSignature && helper.isValidEncryptionKeyPacket(this.subKeys[i].keyPacket, bindingSignature)) {
if (bindingSignature && helper.isValidDecryptionKeyPacket(bindingSignature)) {
keys.push(this.subKeys[i]);
}
} catch (e) {}
@ -34602,7 +34623,7 @@ Key.prototype.getDecryptionKeys = async function (keyId, date = new Date(), user
// evaluate primary key
const primaryUser = await this.getPrimaryUser(date, userId);
if ((!keyId || primaryKey.getKeyId().equals(keyId, true)) && helper.isValidEncryptionKeyPacket(primaryKey, primaryUser.selfCertification)) {
if ((!keyId || primaryKey.getKeyId().equals(keyId, true)) && helper.isValidDecryptionKeyPacket(primaryUser.selfCertification)) {
keys.push(this);
}
@ -34692,7 +34713,7 @@ Key.prototype.validate = async function () {
}
let signingKeyPacket;
if (!this.keyPacket.isDummy()) {
if (!this.primaryKey.isDummy()) {
signingKeyPacket = this.primaryKey;
} else {
/**
@ -35208,9 +35229,9 @@ SubKey.prototype.isRevoked = async function (primaryKey, signature, key, date =
* Verify subkey. Checks for revocation signatures, expiration time
* and valid binding signature. Throws if the subkey is invalid.
* @param {module:packet.SecretKey|
* module:packet.PublicKey} primaryKey The primary key packet
* @param {Date} date Use the given date instead of the current time
* @returns {Promise<true>} The status of the subkey
* module:packet.PublicKey} primaryKey The primary key packet
* @param {Date} date Use the given date instead of the current time
* @returns {Promise<undefined>}
* @async
*/
SubKey.prototype.verify = async function (primaryKey, date = new Date()) {
@ -39791,6 +39812,11 @@ PublicKeyEncryptedSessionKey.prototype.encrypt = async function (key) {
*/
PublicKeyEncryptedSessionKey.prototype.decrypt = async function (key) {
const algo = _enums2.default.write(_enums2.default.publicKey, this.publicKeyAlgorithm);
const keyAlgo = _enums2.default.write(_enums2.default.publicKey, key.algorithm);
// check that session key algo matches the secret key algo
if (algo !== keyAlgo) {
throw new Error('Decryption error');
}
const decoded = await _crypto2.default.publicKeyDecrypt(algo, key.params, this.encrypted, key.getFingerprintBytes());
const checksum = _util2.default.str_to_Uint8Array(decoded.substr(decoded.length - 2));
key = _util2.default.str_to_Uint8Array(decoded.substring(1, decoded.length - 2));
@ -40165,6 +40191,26 @@ SecretKey.prototype.isDummy = function () {
return !!(this.s2k && this.s2k.type === 'gnu-dummy');
};
/**
* Remove private key material, converting the key to a dummy one
* The resulting key cannot be used for signing/decrypting but can still verify signatures
*/
SecretKey.prototype.makeDummy = function () {
if (this.isDummy()) {
return;
}
if (!this.isDecrypted()) {
// this is technically not needed, but makes the conversion simpler
throw new Error("Key is not decrypted");
}
this.clearPrivateParams();
this.isEncrypted = false;
this.s2k = new _s2k2.default();
this.s2k.algorithm = 0;
this.s2k.c = 0;
this.s2k.type = 'gnu-dummy';
};
/**
* Encrypt the payload. By default, we use aes256 and iterated, salted string
* to key specifier. If the key is in a decrypted state (isEncrypted === false)
@ -40500,7 +40546,8 @@ function Signature(date = new Date()) {
this.revocationKeyAlgorithm = null;
this.revocationKeyFingerprint = null;
this.issuerKeyId = new _keyid2.default();
this.notations = [];
this.rawNotations = [];
this.notations = {};
this.preferredHashAlgorithms = null;
this.preferredCompressionAlgorithms = null;
this.keyServerPreferences = null;
@ -40660,13 +40707,14 @@ Signature.prototype.write_hashed_sub_packets = function () {
bytes = _util2.default.concat([bytes, this.revocationKeyFingerprint]);
arr.push(write_sub_packet(sub.revocation_key, bytes));
}
this.notations.forEach(([name, value]) => {
bytes = [new Uint8Array([0x80, 0, 0, 0])];
this.rawNotations.forEach(([{ name, value, humanReadable }]) => {
bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];
// 2 octets of name length
bytes.push(_util2.default.writeNumber(name.length, 2));
// 2 octets of value length
bytes.push(_util2.default.writeNumber(value.length, 2));
bytes.push(_util2.default.str_to_Uint8Array(name + value));
bytes.push(_util2.default.str_to_Uint8Array(name));
bytes.push(value);
bytes = _util2.default.concat(bytes);
arr.push(write_sub_packet(sub.notation_data, bytes));
});
@ -40862,9 +40910,10 @@ Signature.prototype.read_sub_packet = function (bytes, trusted = true) {
break;
case 20:
// Notation Data
// We don't know how to handle anything but a text flagged data.
if (bytes[mypos] === 0x80) {
{
// Notation Data
const humanReadable = !!(bytes[mypos] & 0x80);
// We extract key/value tuple from the byte stream.
mypos += 4;
const m = _util2.default.readNumber(bytes.subarray(mypos, mypos + 2));
@ -40873,17 +40922,19 @@ Signature.prototype.read_sub_packet = function (bytes, trusted = true) {
mypos += 2;
const name = _util2.default.Uint8Array_to_str(bytes.subarray(mypos, mypos + m));
const value = _util2.default.Uint8Array_to_str(bytes.subarray(mypos + m, mypos + m + n));
const value = bytes.subarray(mypos + m, mypos + m + n);
this.notations.push([name, value]);
this.rawNotations.push({ name, humanReadable, value });
if (humanReadable) {
this.notations[name] = _util2.default.Uint8Array_to_str(value);
}
if (critical && _config2.default.known_notations.indexOf(name) === -1) {
throw new Error("Unknown critical notation: " + name);
}
} else {
_util2.default.print_debug("Unsupported notation flag " + bytes[mypos]);
break;
}
break;
case 21:
// Preferred Hash Algorithms
read_array('preferredHashAlgorithms', bytes.subarray(mypos, bytes.length));

4
dist/openpgp.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
dist/openpgp.worker.js vendored
View File

@ -1,4 +1,4 @@
/*! OpenPGP.js v4.10.7 - 2020-07-21 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
/*! OpenPGP.js v4.10.8 - 2020-08-28 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
(function(){function r(e,n,t){function o(i,f){if(!n[i]){if(!e[i]){var c="function"==typeof require&&require;if(!f&&c)return c(i,!0);if(u)return u(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var p=n[i]={exports:{}};e[i][0].call(p.exports,function(r){var n=e[i][1][r];return o(n||r)},p,p.exports,r,e,n,t)}return n[i].exports}for(var u="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}return r})()({1:[function(require,module,exports){
(function (global){
// GPG4Browsers - An OpenPGP implementation in javascript

2
dist/openpgp.worker.min.js vendored
View File

@ -1,2 +1,2 @@
/*! OpenPGP.js v4.10.7 - 2020-07-21 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
/*! OpenPGP.js v4.10.8 - 2020-08-28 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
!function(){return function e(n,r,t){function o(i,s){if(!r[i]){if(!n[i]){var c="function"==typeof require&&require;if(!s&&c)return c(i,!0);if(a)return a(i,!0);var f=new Error("Cannot find module '"+i+"'");throw f.code="MODULE_NOT_FOUND",f}var u=r[i]={exports:{}};n[i][0].call(u.exports,function(e){return o(n[i][1][e]||e)},u,u.exports,e,n,r,t)}return r[i].exports}for(var a="function"==typeof require&&require,i=0;i<t.length;i++)o(t[i]);return o}}()({1:[function(e,n,r){(function(e){importScripts("openpgp.min.js");var n=e.openpgp,r=[],t=6e4;n.crypto.random.randomBuffer.init(t,function(){return r.length||self.postMessage({event:"request-seed",amount:t}),new Promise(function(e){r.push(e)})}),self.onmessage=function(e){var t,s=e.data||{};switch(s.event){case"configure":t=s.config,Object.keys(t).forEach(function(e){n.config[e]=t[e]});break;case"seed-random":!function(e){e instanceof Uint8Array||(e=new Uint8Array(e));n.crypto.random.randomBuffer.set(e)}(s.buf);var c=r;r=[];for(var f=0;f<c.length;f++)c[f]();break;default:!function(e,r,t){if("clear-key-cache"===r)return Array.from(o.values()).forEach(e=>{e.isPrivate()&&e.clearPrivateParams()}),o.clear(),void i({id:e,event:"method-return"});if("function"!=typeof n[r])return void i({id:e,event:"method-return",err:"Unknown Worker Event"});n.util.restoreStreams(t),(t=n.packet.clone.parseClonedPackets(t,r)).publicKeys&&(t.publicKeys=t.publicKeys.map(a));t.privateKeys&&(t.privateKeys=t.privateKeys.map(a));n[r](t).then(function(r){i({id:e,event:"method-return",data:n.packet.clone.clonePackets(r)})}).catch(function(r){n.util.print_debug_error(r),i({id:e,event:"method-return",err:r.message,stack:r.stack})})}(s.id,s.event,s.options||{})}};const o=new Map;function a(e){const n=e.armor();return o.has(n)?o.get(n):(o.set(n,e),e)}function i(e){self.postMessage(e,n.util.getTransferables(e.data,n.config.zero_copy))}postMessage({event:"loaded"})}).call(this,"undefined"!=typeof global?global:"undefined"!=typeof self?self:"undefined"!=typeof window?window:{})},{}]},{},[1]);

2
package-lock.json generated
View File

@ -1,6 +1,6 @@
{
"name": "openpgp",
"version": "4.10.7",
"version": "4.10.8",
"lockfileVersion": 1,
"requires": true,
"dependencies": {

2
package.json
View File

@ -1,7 +1,7 @@
{
"name": "openpgp",
"description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
"version": "4.10.7",
"version": "4.10.8",
"license": "LGPL-3.0+",
"homepage": "https://openpgpjs.org/",
"engines": {