Use `key.keyPacket.validate` instead of `crypto.publicKey.validateParams`, see
https://github.com/openpgpjs/openpgpjs/pull/1116#discussion_r447781386.
Also, `key.decrypt` now only throws on error, no other value is returned.
Also, fix typo (rebase error) that caused tests to fail in Safari for p521.
openpgp.encrypt, sign, encryptSessionKey, encryptKey and decryptKey now
return their result directly without wrapping it in a "result" object.
Also, remove the `detached` and `returnSessionKey` options of
openpgp.encrypt.
This change adds support for binary (non-human-readable) values in
signature notations through `rawNotations` property on signature objects.
Human-readable notations will additionally appear in `notations` object
where the value of the notation will be deserialized into a string.
Additionally the check for human-readable flag was modified to check the
existence of the flag instead of comparison with the whole value.
Also, switch from returning false to throwing errors in most verify*()
functions, as well as in `await signatures[*].verified`, in order to be
able to show more informative error messages.
This function checks whether the private and public key parameters
of the primary key match.
This check is necessary when using your own private key to encrypt
data if the private key was stored on an untrusted medium, and
trust is derived from being able to decrypt the private key.
This also has the effect that we only throw on them when trying to use
the key, instead of when parsing it, and that we don't throw when the
authorized revocation key is specified in a separate direct-key
signature instead of a User ID self-signature (the spec only specifies
including it in a direct-key signature, so that means that we
effectively don't reject them anymore. This is because users that
wanted to use the key, could remove this separate signature, anyway.)
Also, when generating RSA keys in JS, generate them with p < q, as per
the spec.
Also, when generating RSA keys using Web Crypto or Node crypto, swap the
generated p and q around, so that will satisfy p < q in most browsers
(but not old Microsoft Edge, 50% of the time) and so that we can use the
generated u coefficient (p^-1 mod q in OpenPGP, q^-1 mod p in RFC3447).
Then, when signing and verifying, swap p and q again, so that the key
hopefully satisfies Safari's requirement that p > q, and so that we can
keep using u again.
This PR adds four config options to configure whether and how to load
indutny/elliptic: use_indutny_elliptic, external_indutny_elliptic,
indutny_elliptic_path and indutny_elliptic_fetch_options.
Also:
- Use tweetnacl.js instead of indutny/elliptic for curve25519 key generation
- Don't initialize indutny's curve25519, improving performance when using that curve
- Verify NIST signatures using Web Crypto instead of indutny/elliptic when not streaming
- Move KeyPair.sign/verify to ecdsa.js
- Move KeyPair.derive to ecdh.js
- Move keyFromPrivate and keyFromPublic to a new indutnyKey.js file
Keep supporting the old names as well though in `openpgp.generateKey`
and `getAlgorithmInfo`, but not in `openpgp.key.generate` (as it is
recommended that developers use `openpgp.generateKey` instead, and
it now throws when using `numBits` instead of `rsaBits`, so there's
no risk of silent key security downgrade).
The old names are now deprecated, and might be removed in v5.
Previously the signature parsing function ignored critical bit on
notations.
This change checks for notations that are marked "critical" but are not
on the known notations list (controlled by config array
`openpgp.config.known_notations`) and triggers parse error if such
a notation have been encountered.
See: #897.
Previous implementation used an object to hold notations so if multiple
notations had the same key name only the last one was visible.
After this change notations are exposed as an array of key-value pairs
that can be converted to a map through `new Map(notations)`.
See #897.
* ++ Add another Domain for HKP server
the pgp.mit.edu domain is most of the time down and responds with time out...so i discovered this ubuntu domain for the same database...but its much faster and never falls....i think too much traffic over the bit one :(
* Update hkp.js
* Change HKP server url
* Defined the default HKP server
* Update README.md
Co-Authored-By: rash0 <40761345+rash0@users.noreply.github.com>
* ++ Add revocation certificate test
didn't know if i should use the revocation certificate in the test/key.js file or generate a new one...so i generated a test one and used it...
Backtracking regexes have pathological worst-case performance when
a long line contains a large amount of whitespace not followed by
a newline, since the regex engine will attempt to match the regex
at each whitespace character, read ahead to the non-whitespace non-
newline, declare no match, and try again at the next whitespace.
E.g. try running
util.removeTrailingSpaces(new Array(1e6).join(' ') + 'a').length
which would hang V8.
When the latest subkey with the requested capabilities is expired,
and the primary key has the requested capabilities, return the
primary key expiry instead.
Also, change isExpired/isDataExpired to still return false at the
date returned by getExpirationTime, so that the latter returns the
last date that the key can still be used.
However, don't throw "unhandled promise rejection" when not using these
properties at all, or when they reject before the user has a chance to
handle them.
- Don't add an extraneous newline at the end of base64-encoded data
if it is a multiple of 60 characters long.
- Generate \r\n instead of \n in base64-encoded data.
- Generate one newline instead of two after END PGP PUBLIC KEY BLOCK
for consistency with the other footers.
Since we still run the full test suite on Node.js, this would
only no longer catch bugs which are specific to
- Browser non-draft04 GCM (and don't manifest in draft04 GCM,
and don't manifest in Node.js non-draft04 GCM)
- Browser OCB (which is not natively implemented in the browser)
- Browser V5 Keys
Many tests would run for every encryption mode, or for both V4 and V5 keys,
without there being any difference between the different test runs.
`grunt coverage` before and after this commit reports almost identical
statistics, providing some confidence that no code coverage was lost.
This enables parallelism for streaming AEAD chunked encryption.
The reason we can't do so at the very end of the pipe chain
(e.g., in `readToEnd`) is because requests for increased
buffering (i.e. `desiredSize > 1`) do not propagate backwards,
only requests for backpressure (i.e. `desiredSize <= 0`) do.
When not requested, we convert the streams to Uint8Arrays.
This makes the generated key safe to pass to a Worker more than once.
Partially reverts 735aa1da.
When encrypting/signing a stream, this allows you to indicate whether it's a
stream of Strings or Uint8Arrays (using message.fromText or message.fromBinary,
respectively.)
When signing text, this allows you to control whether to create a cleartext
message or a regular armored text message.
When creating a detached signature, it allows you to control whether it's "meant
for" (verifying against) a cleartext message. A cleartext message has trailing
whitespace trimmed before signing. This fixes the case of passing a detached
signature from sign() to encrypt(). Since encrypt() doesn't create a cleartext
message, the signature would be invalid if the text contained lines with
trailing whitespace.
- The caller might not await them, in which case you get an "unhandled rejection"
- The caller might await them but only after reading the data, in which case you
get an unhandled rejection if there's an error before the end of the data
Also, add a "asStream" parameter to high-level functions to control
whether the return value is a Stream; defaulting to whether the
parameter passed was a Stream.
- Allow leading spaces in headers (since we were already accepting
leading spaces everywhere else in the armored text).
- Read ReadableStreams before passing them to a Worker
