From fbbeaa3cd98d6b422867a38576b019731933bf54 Mon Sep 17 00:00:00 2001 From: Daniel Huigens Date: Wed, 18 Sep 2019 13:40:44 +0200 Subject: [PATCH] Rename `numBits` and `bits` to `rsaBits` (#970) Keep supporting the old names as well though in `openpgp.generateKey` and `getAlgorithmInfo`, but not in `openpgp.key.generate` (as it is recommended that developers use `openpgp.generateKey` instead, and it now throws when using `numBits` instead of `rsaBits`, so there's no risk of silent key security downgrade). The old names are now deprecated, and might be removed in v5. --- README.md | 2 +- src/key.js | 15 +++++++-------- src/openpgp.js | 10 +++++----- src/packet/public_key.js | 5 +++-- test/general/key.js | 3 +++ test/general/openpgp.js | 2 +- test/security/subkey_trust.js | 4 ++-- 7 files changed, 22 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index c1aeec23..3e11df09 100644 --- a/README.md +++ b/README.md @@ -350,7 +350,7 @@ RSA keys: ```js var options = { userIds: [{ name:'Jon Smith', email:'jon@example.com' }], // multiple user IDs - numBits: 4096, // RSA key size + rsaBits: 4096, // RSA key size passphrase: 'super long and hard to guess secret' // protects the private key }; ``` diff --git a/src/key.js b/src/key.js index be8e1552..e681a5ad 100644 --- a/src/key.js +++ b/src/key.js @@ -829,7 +829,7 @@ Key.prototype.verifyAllUsers = async function(keys) { /** * Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added. * Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. - * @param {Integer} options.numBits number of bits for the key creation. + * @param {Integer} options.rsaBits number of bits for the key creation. * @param {Number} [options.keyExpirationTime=0] * The number of seconds after the key creation time that the key expires * @param {String} curve (optional) Elliptic curve for ECC keys @@ -842,12 +842,11 @@ Key.prototype.addSubkey = async function(options = {}) { if (!this.isPrivate()) { throw new Error("Cannot add a subkey to a public key"); } - const defaultOptions = this.primaryKey.getAlgorithmInfo(); - defaultOptions.numBits = defaultOptions.bits; const secretKeyPacket = this.primaryKey; if (!secretKeyPacket.isDecrypted()) { throw new Error("Key is not decrypted"); } + const defaultOptions = secretKeyPacket.getAlgorithmInfo(); options = sanitizeKeyOptions(options, defaultOptions); const keyPacket = await generateSecretSubkey(options); const bindingSignature = await createBindingSignature(keyPacket, secretKeyPacket, options); @@ -1336,7 +1335,7 @@ export async function readArmored(armoredText) { * @param {module:enums.publicKey} [options.keyType=module:enums.publicKey.rsa_encrypt_sign] * To indicate what type of key to make. * RSA is 1. See {@link https://tools.ietf.org/html/rfc4880#section-9.1} - * @param {Integer} options.numBits number of bits for the key creation. + * @param {Integer} options.rsaBits number of bits for the key creation. * @param {String|Array} options.userIds * Assumes already in form of "User Name " * If array is used, the first userId is set as primary user Id @@ -1363,7 +1362,7 @@ export async function generate(options) { function sanitizeKeyOptions(options, subkeyDefaults = {}) { options.curve = options.curve || subkeyDefaults.curve; - options.numBits = options.numBits || subkeyDefaults.numBits; + options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits; options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime; options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase; options.date = options.date || subkeyDefaults.date; @@ -1384,7 +1383,7 @@ function sanitizeKeyOptions(options, subkeyDefaults = {}) { } else { options.algorithm = enums.publicKey.ecdh; } - } else if (options.numBits) { + } else if (options.rsaBits) { options.algorithm = enums.publicKey.rsa_encrypt_sign; } else { throw new Error('Unrecognized key type'); @@ -1396,7 +1395,7 @@ async function generateSecretKey(options) { const secretKeyPacket = new packet.SecretKey(options.date); secretKeyPacket.packets = null; secretKeyPacket.algorithm = enums.read(enums.publicKey, options.algorithm); - await secretKeyPacket.generate(options.numBits, options.curve); + await secretKeyPacket.generate(options.rsaBits, options.curve); return secretKeyPacket; } @@ -1404,7 +1403,7 @@ async function generateSecretSubkey(options) { const secretSubkeyPacket = new packet.SecretSubkey(options.date); secretSubkeyPacket.packets = null; secretSubkeyPacket.algorithm = enums.read(enums.publicKey, options.algorithm); - await secretSubkeyPacket.generate(options.numBits, options.curve); + await secretSubkeyPacket.generate(options.rsaBits, options.curve); return secretSubkeyPacket; } diff --git a/src/openpgp.js b/src/openpgp.js index 9cbbcb00..55aac1cd 100644 --- a/src/openpgp.js +++ b/src/openpgp.js @@ -105,7 +105,7 @@ export function destroyWorker() { * Generates a new OpenPGP key pair. Supports RSA and ECC keys. Primary and subkey will be of same type. * @param {Array} userIds array of user IDs e.g. [{ name:'Phil Zimmermann', email:'phil@openpgp.org' }] * @param {String} passphrase (optional) The passphrase used to encrypt the resulting private key - * @param {Number} numBits (optional) number of bits for RSA keys: 2048 or 4096. + * @param {Number} rsaBits (optional) number of bits for RSA keys: 2048 or 4096. * @param {Number} keyExpirationTime (optional) The number of seconds after the key creation time that the key expires * @param {String} curve (optional) elliptic curve for ECC keys: * curve25519, p256, p384, p521, secp256k1, @@ -119,11 +119,11 @@ export function destroyWorker() { * @static */ -export function generateKey({ userIds = [], passphrase = "", numBits = 2048, keyExpirationTime = 0, curve = "", date = new Date(), subkeys = [{}] }) { +export function generateKey({ userIds = [], passphrase = "", numBits = 2048, rsaBits = numBits, keyExpirationTime = 0, curve = "", date = new Date(), subkeys = [{}] }) { userIds = toArray(userIds); - const options = { userIds, passphrase, numBits, keyExpirationTime, curve, date, subkeys }; - if (util.getWebCryptoAll() && numBits < 2048) { - throw new Error('numBits should be 2048 or 4096, found: ' + numBits); + const options = { userIds, passphrase, rsaBits, keyExpirationTime, curve, date, subkeys }; + if (util.getWebCryptoAll() && rsaBits < 2048) { + throw new Error('rsaBits should be 2048 or 4096, found: ' + rsaBits); } if (!util.getWebCryptoAll() && asyncProxy) { // use web worker if web crypto apis are not supported diff --git a/src/packet/public_key.js b/src/packet/public_key.js index 6d89e09f..db16b81e 100644 --- a/src/packet/public_key.js +++ b/src/packet/public_key.js @@ -248,13 +248,14 @@ PublicKey.prototype.hasSameFingerprintAs = function(other) { /** * Returns algorithm information - * @returns {Object} An object of the form {algorithm: String, bits:int, curve:String} + * @returns {Object} An object of the form {algorithm: String, rsaBits:int, curve:String} */ PublicKey.prototype.getAlgorithmInfo = function () { const result = {}; result.algorithm = this.algorithm; if (this.params[0] instanceof type_mpi) { - result.bits = this.params[0].byteLength() * 8; + result.rsaBits = this.params[0].byteLength() * 8; + result.bits = result.rsaBits; // Deprecated. } else { result.curve = this.params[0].getName(); } diff --git a/test/general/key.js b/test/general/key.js index 9aa6f76d..7295c107 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -1895,6 +1895,7 @@ function versionSpecificTests() { expect(key.users[0].userId.userid).to.equal(userId); expect(key.users[0].selfCertifications[0].isPrimaryUserID).to.be.true; expect(key.getAlgorithmInfo().algorithm).to.equal('rsa_encrypt_sign'); + expect(key.getAlgorithmInfo().bits).to.equal(opt.numBits); expect(key.subKeys[0].getAlgorithmInfo().algorithm).to.equal('ecdh'); }); }); @@ -2881,6 +2882,7 @@ describe('addSubkey functionality testing', function(){ const pkN = privateKey.primaryKey.params[0]; expect(subkeyN.byteLength()).to.be.equal(pkN.byteLength()); expect(subKey.getAlgorithmInfo().algorithm).to.be.equal('rsa_encrypt_sign'); + expect(subKey.getAlgorithmInfo().rsaBits).to.be.equal(1024); expect(await subKey.verify(newPrivateKey.primaryKey)).to.be.equal(openpgp.enums.keyStatus.valid); }); @@ -2901,6 +2903,7 @@ describe('addSubkey functionality testing', function(){ const pkN = privateKey.primaryKey.params[0]; expect(subkeyN.byteLength()).to.be.equal(pkN.byteLength()); expect(subKey.getAlgorithmInfo().algorithm).to.be.equal('rsa_encrypt_sign'); + expect(subKey.getAlgorithmInfo().rsaBits).to.be.equal(1024); expect(await subKey.verify(importedPrivateKey.primaryKey)).to.be.equal(openpgp.enums.keyStatus.valid); }); diff --git a/test/general/openpgp.js b/test/general/openpgp.js index 84096396..ea07066d 100644 --- a/test/general/openpgp.js +++ b/test/general/openpgp.js @@ -586,7 +586,7 @@ describe('OpenPGP.js public api tests', function() { expect(keyGenStub.withArgs({ userIds: [{ name: 'Test User', email: 'text@example.com' }], passphrase: 'secret', - numBits: 2048, + rsaBits: 2048, keyExpirationTime: 0, curve: "", date: now, diff --git a/test/security/subkey_trust.js b/test/security/subkey_trust.js index 75267545..601ee6b1 100644 --- a/test/security/subkey_trust.js +++ b/test/security/subkey_trust.js @@ -10,7 +10,7 @@ const expect = chai.expect; async function generateTestData() { const victimPrivKey = await key.generate({ userIds: ['Victim '], - numBits: openpgp.util.getWebCryptoAll() ? 2048 : 1024, + rsaBits: openpgp.util.getWebCryptoAll() ? 2048 : 1024, subkeys: [{ sign: true }] @@ -19,7 +19,7 @@ async function generateTestData() { const attackerPrivKey = await key.generate({ userIds: ['Attacker '], - numBits: openpgp.util.getWebCryptoAll() ? 2048 : 1024, + rsaBits: openpgp.util.getWebCryptoAll() ? 2048 : 1024, subkeys: [], sign: false });