From d5a0e18d13754a811c5c435a48fde413904ad045 Mon Sep 17 00:00:00 2001 From: Tankred Hase Date: Wed, 1 Oct 2014 21:32:23 +0200 Subject: [PATCH] Update README with documentation on promises. --- README.md | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 54dcc683..35598362 100644 --- a/README.md +++ b/README.md @@ -18,34 +18,42 @@ For use in browser, install via bower: bower install --save openpgp -Or Fetch a minified build under [releases](https://github.com/openpgpjs/openpgpjs/releases). +Or Fetch a minified build under [releases](https://github.com/openpgpjs/openpgpjs/releases). The library can be loaded via AMD/require.js or accessed globally via `window.openpgp`. +### Dependencies + +OpenPGP.js only supports browsers that implement `window.crypto.getRandomValues`. Also, if the browsers support [native WebCrypto](http://www.w3.org/TR/WebCryptoAPI/) via the `window.crypto.subtle` api, this will be used. Though this can be deactivated by setting `config.useWebCrypto = false`. In this case the library will fall back to Web Worker operations if the `initWorker(workerPath)` is set. + +OpenPGP.js uses ES6 promises which are available in [most modern browsers](http://caniuse.com/#feat=promises). If you need to support browsers that do not support Promises, fear not! There is a [polyfill](https://github.com/jakearchibald/es6-promise). + + ### Examples #### Encryption - + var openpgp = require('openpgp'); var key = '-----BEGIN PGP PUBLIC KEY BLOCK ... END PGP PUBLIC KEY BLOCK-----'; var publicKey = openpgp.key.readArmored(key); - var pgpMessage = openpgp.encryptMessage(publicKey.keys, 'Hello, World!'); + openpgp.encryptMessage(publicKey.keys, 'Hello, World!').then(function(pgpMessage) { + ... + }); #### Decryption - + var openpgp = require('openpgp'); var key = '-----BEGIN PGP PRIVATE KEY BLOCK ... END PGP PRIVATE KEY BLOCK-----'; var privateKey = openpgp.key.readArmored(key).keys[0]; privateKey.decrypt('passphrase'); var pgpMessage = '-----BEGIN PGP MESSAGE ... END PGP MESSAGE-----'; pgpMessage = openpgp.message.readArmored(pgpMessage); - var plaintext = openpgp.decryptMessage(privateKey, pgpMessage); + openpgp.decryptMessage(privateKey, pgpMessage).then(function(plaintext) { + ... + }); - -OpenPGP.js currently only fully supports browsers that implement `window.crypto.getRandomValues`. If you can help us support more browsers and runtimes, please chip in! - ### Security recommendations It should be noted that js crypto apps deployed via regular web hosting (a.k.a. [**host-based security**](https://www.schneier.com/blog/archives/2012/08/cryptocat.html)) provide users with less security than installable apps with auditable static versions. Installable apps can be deployed as a [Firefox](https://developer.mozilla.org/en-US/Marketplace/Publishing/Packaged_apps) or [Chrome](http://developer.chrome.com/apps/about_apps.html) packaged app. These apps are basically signed zip files and their runtimes typically enforce a strict [Content Security Policy (CSP)](http://www.html5rocks.com/en/tutorials/security/content-security-policy/) to protect users against [XSS](http://en.wikipedia.org/wiki/Cross-site_scripting). This [blogpost](http://tonyarcieri.com/whats-wrong-with-webcrypto) explains the trust model of the web quite well.