suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,956 Commits 1 Branch 0 Tags 39 MiB
1c41c72520
Commit Graph

1145 Commits

Author SHA1 Message Date
Daniel Huigens
a6d7c466e2 Use serialized EdDSA public key when signing instead of deriving it 2019-11-08 17:10:47 +01:00
Daniel Huigens
fd9371a2a4 Mask curve25519 keys during generation (before serializing them) 
This was broken in #922 (merged as part of #956).

This would cause GPG to be unable to parse unencrypted secret keys,
thinking they were encrypted.

rfc4880bis-08 hints at this requirement, saying:

o  MPI of an integer representing the secret key, which is a scalar
   of the public EC point.

Since scalar multiplication happens after masking the private key,
this implies that we should serialize the private key after masking,
as well.
 2019-11-07 21:34:07 +01:00
Daniel Huigens
563b397391 Don't mask curve25519 private key twice 
Also, fix handling of private keys with leading zeros for certain
curves.
 2019-10-25 17:32:43 +02:00
Daniel Huigens
a06bf91f35 Fix queued bytes calculation for AEAD concurrency 2019-10-25 16:14:59 +02:00
Ilya Chesnokov
08b7725b8c Create lightweight build that can lazily load indutny/elliptic if needed (#956) 
This PR adds four config options to configure whether and how to load
indutny/elliptic: use_indutny_elliptic, external_indutny_elliptic,
indutny_elliptic_path and indutny_elliptic_fetch_options.

Also:

- Use tweetnacl.js instead of indutny/elliptic for curve25519 key generation

- Don't initialize indutny's curve25519, improving performance when using that curve

- Verify NIST signatures using Web Crypto instead of indutny/elliptic when not streaming

- Move KeyPair.sign/verify to ecdsa.js

- Move KeyPair.derive to ecdh.js

- Move keyFromPrivate and keyFromPublic to a new indutnyKey.js file
 2019-10-25 16:07:57 +02:00
Ilya Chesnokov
528fbfb017 Switch back to using upstream email-address library (#998) 2019-10-25 13:25:03 +02:00
descampsk
810b8daab2 Fix crypto.random.getRandomBytes when loading openpgp.js inside a worker (#997) 2019-10-25 13:20:54 +02:00
Ilya Chesnokov
114184c6f2 Split up key.js (#972) 2019-10-15 18:42:14 +02:00
Daniel Huigens
3ee77f9e50 AEAD: Fix high water mark calculation based on chunk size 
Use current packet's chunk size instead of default chunk size.
 2019-10-15 18:24:14 +02:00
Daniel Huigens
192893ecf0 Fix util.Uint8Array_to_b64 to not return lone \r characters 2019-10-15 14:24:58 +02:00
Daniel Huigens
9f8a139624 Fix openpgp.revokeKey().publicKey when using the Worker 2019-10-15 14:15:41 +02:00
Ilya Chesnokov
1e37b27673 Use rsaBits=2048 in addSubkey tests when using Web Crypto (#971) 
Fix tests failing in old browsers due to too low rsaBits.

Also, always throw in addSubkey when rsaBits is too low.
 2019-09-24 13:53:12 +02:00
Daniel Huigens
fbbeaa3cd9
Rename numBits and bits to rsaBits (#970) 
Keep supporting the old names as well though in `openpgp.generateKey`
and `getAlgorithmInfo`, but not in `openpgp.key.generate` (as it is
recommended that developers use `openpgp.generateKey` instead, and
it now throws when using `numBits` instead of `rsaBits`, so there's
no risk of silent key security downgrade).

The old names are now deprecated, and might be removed in v5.
 2019-09-18 13:40:44 +02:00
Ilya Chesnokov
7f40ab0940 Implement Key.prototype.addSubkey (#963) 2019-09-16 15:53:19 +02:00
Daniel Huigens
91aa8b0d4c Only store newly created signatures as valid in the non-streaming case 
When streaming, we're not actually sure yet that signing won't fail.
 2019-09-12 14:03:29 +02:00
Daniel Huigens
aa8d37a82c
Fix verifying one-pass signatures in the compat build (#968) 
This was broken in 735d6d0.

See babel/babel#10431.
 2019-09-12 00:42:35 +02:00
Daniel Huigens
18474bdfb6 Fix decrypting newly generated key object when using the Worker 2019-09-11 18:11:16 +02:00
Daniel Huigens
a731a607ce Fix writing newly generated embedded primary key binding signatures 2019-09-11 18:11:15 +02:00
Ilya Chesnokov
5d9629d6a3 Style fixes; add spaces around all infix operators, remove new Buffer (#954) 
* Add "space-infix-ops": "error" rule

* Remove deprecated Buffer constructor

* Resolve new-cap eslint rule

* @twiss: Clarify code that selects curve and algorithm
 2019-08-30 12:27:30 +02:00
Daniel Huigens
a7cc71e35e
Throw when trying to encrypt a key that's already encrypted (#950) 2019-08-19 13:27:52 +02:00
Tom J
d27060e508 Use native Node crypto for RSA key generation (#947) 2019-08-16 13:11:04 +02:00
Daniel Huigens
a184ef6ec4 Remove support for the previous draft00 AEAD 2019-08-12 17:46:37 +02:00
Daniel Huigens
80c535eeb7 Separate config option to use V5 keys from AEAD config option 2019-08-12 17:46:37 +02:00
Daniel Huigens
9bb1710a9f Remove unused writeOldHeader function 2019-08-12 17:46:37 +02:00
Daniel Huigens
8312399f9d Update V5 key hashing for signatures to rfc4880bis-07 2019-08-12 17:46:37 +02:00
Daniel Huigens
c8729a0295 Fix serializing GNU stripped-keys 2019-08-12 17:46:37 +02:00
Daniel Huigens
735d6d088f Implement V5 signatures 2019-08-12 17:46:37 +02:00
Daniel Huigens
f629ddcb31 Fix reading and writing unencrypted V5 secret key packets 2019-08-12 17:46:37 +02:00
Ilya Chesnokov
a0e9c608ba DSA: Fix intermittent generation of invalid signatures (#938) 2019-08-07 17:42:55 +02:00
Tom J
3be779e0a1 Fix comment describing RSA coefficient u (#937) 2019-08-07 17:39:57 +02:00
Daniel Huigens
562783df01 Fix armor checksum mismatch error message with allow_unauthenticated_stream 2019-07-19 19:06:19 +02:00
Daniel Huigens
2a5ab75fca Decrypt message with multiple keys in parallel 
Don't keep the entire message in memory.

This also fixes an unhandled promise rejection when the input
stream contains an error (e.g. an armor checksum mismatch).
 2019-07-19 19:05:26 +02:00
Daniel Huigens
237db2c7f3 Fix armor checksum errors being ignored when not streaming 2019-07-19 19:05:26 +02:00
Ilya Chesnokov
29d67415e2 Accept @ in User ID names (#930) 2019-07-18 15:45:54 +02:00
Ilya Chesnokov
70cf2d60ff Implement ECDH using Node crypto (#921) 2019-07-09 20:45:28 +02:00
Ilya Chesnokov
6d626ea70c Style fixes and new style rules for eslint (#919) 2019-06-28 15:33:18 +02:00
chesnokovilya
1bd5689d75 Implement ECDH using Web Crypto for supported (NIST) curves (#914) 2019-06-27 19:21:32 +02:00
Sam
c7fb8d8fe7 Node detection: base on process instead of window (#911) 2019-06-21 15:43:56 +02:00
Daniel Huigens
5a17648922 Fix error message when reformatting a GNU stripped-key with a passphrase 2019-06-06 16:08:22 +02:00
Daniel Huigens
43441bfe0d openpgp.reformatKey: Fix key preferences for signing subkeys 2019-05-23 17:37:20 +02:00
Wiktor Kwapisiewicz
82799390de
Fix signatures with critical notations 
Previously the signature parsing function ignored critical bit on
notations.

This change checks for notations that are marked "critical" but are not
on the known notations list (controlled by config array
`openpgp.config.known_notations`) and triggers parse error if such
a notation have been encountered.

See: #897.
 2019-05-16 09:57:58 +02:00
Wiktor Kwapisiewicz
16b12d7f55
Expose all signature notations 
Previous implementation used an object to hold notations so if multiple
notations had the same key name only the last one was visible.

After this change notations are exposed as an array of key-value pairs
that can be converted to a map through `new Map(notations)`.

See #897.
 2019-05-09 12:12:22 +02:00
Daniel Huigens
ee01883a52
Merge pull request #894 from twiss/dont-throw-verification-errors-workers 
Fix one-pass signature verification when using a Worker
 2019-05-05 00:01:14 +02:00
Daniel Huigens
df8364930b Fix one-pass signature verification when using a Worker 2019-05-03 18:40:31 +02:00
Daniel Huigens
1090464a70 Throw more informative error when trying to use a key with missing params 
E.g. when trying to sign with a GPG stripped key without a valid signing
subkey.
 2019-05-03 14:29:43 +02:00
Daniel Huigens
bc756d0ed4 Make key.isDecrypted() and key.encrypt() consistent for gnu-dummy keys 2019-05-03 12:39:28 +02:00
Daniel Huigens
10e10effb6 Support GNU export-secret-subkeys extension 2019-05-03 12:39:28 +02:00
Daniel Huigens
34e6eacb2f Don't attempt to use workers if they fail to load 2019-05-02 12:08:08 +02:00
Daniel Huigens
ffa8344809 Only include tweetnacl functions we need 2019-05-02 12:08:08 +02:00
Daniel Huigens
e637e75891 Clean up ECDH API 2019-05-02 12:08:08 +02:00
Daniel Huigens
ca0322bbea Use tweetnacl's X25519 implementation 2019-05-02 12:08:08 +02:00
Daniel Huigens
be1b4df140 Use tweetnacl's Ed25519 implementation 2019-05-02 12:08:08 +02:00
Si Feng
d2c38693f5 Put comment before email when generating UIDs (#892) 2019-05-01 13:12:52 +02:00
Daniel Huigens
d5e87dc6f4
Move non-external dependencies to devDependencies (#888) 
They are not needed to use the dist file.
 2019-04-29 13:45:58 +02:00
Daniel Huigens
7fb2901ede
Fix detached signing of messages created from streams (#887) 2019-04-29 13:45:09 +02:00
Thomas Oberndörfer
038d8466fe Add date parameter to user.verifyAllCertifications and user.verify methods (#871) 
Also, in user.verifyCertificate, fix certificate.isExpired check for keys with future creation date.
 2019-03-08 17:33:36 +01:00
Daniel Huigens
a9599fea42
Work around go crypto bug in ECDH messages (#869) 2019-03-04 13:53:19 +01:00
Thomas Oberndörfer
b1be7d1202 Fix merging multiple subkey binding signatures (#868) 2019-02-28 10:34:46 -08:00
Daniel Huigens
76ce33d96b Use ES6 build of web-streams-polyfill in non-compat builds 2019-02-25 20:56:33 +01:00
Daniel Huigens
a291a803fb Fix reading indeterminate-length packets in IE11 
Broken in 5dcaf85.
 2019-02-25 04:41:58 +01:00
Daniel Huigens
cd6eadd6e0 Fix reading empty partial body part (again) 
Broken in 5dcaf85.
 2019-02-25 04:34:28 +01:00
Daniel Huigens
5dcaf85f5a Optimize reading large messages with lots of tiny partial body parts (#864) 
* Fix pako decompression

* Optimize base64-decoding

* Don't stream-parse packets when not stream-reading data
 2019-02-21 08:33:55 -08:00
Daniel Huigens
54fc1dde3d Throw error before decrypting in non-MDC packets 2019-02-12 11:49:38 +01:00
Daniel Huigens
40360b4955 Fix streaming/signed encryption with config.integrity_protect=false 2019-02-12 11:49:38 +01:00
rash0
3edc6e7501 ++ Add another Domain for HKP server (#855) 
* ++ Add another Domain for HKP server

the pgp.mit.edu domain is most of the time down and responds with time out...so i discovered this ubuntu domain for the same database...but its much faster and never falls....i think too much traffic over the bit one :(

* Update hkp.js

* Change HKP server url

* Defined the default HKP server

* Update README.md

Co-Authored-By: rash0 <40761345+rash0@users.noreply.github.com>

* ++ Add revocation certificate test

didn't know if i should use the revocation certificate in the test/key.js file or generate a new one...so i generated a test one and used it...
 2019-02-11 11:33:24 +01:00
Daniel Huigens
1dd168e7a2 Fix ECDH message encryption for some session keys 2019-02-05 13:46:59 +01:00
Daniel Huigens
d91b064e14 Optimize util.removeTrailingSpaces (#848) 
Backtracking regexes have pathological worst-case performance when
a long line contains a large amount of whitespace not followed by
a newline, since the regex engine will attempt to match the regex
at each whitespace character, read ahead to the non-whitespace non-
newline, declare no match, and try again at the next whitespace.

E.g. try running

    util.removeTrailingSpaces(new Array(1e6).join(' ') + 'a').length

which would hang V8.
 2019-01-27 00:22:47 +00:00
Sanjana Rajan
b0ac142f2e
Merge pull request #847 from twiss/dont-throw-verification-errors 
Don't throw on signature verification errors in openpgp.decrypt/verify
 2019-01-27 00:18:41 +00:00
Daniel Huigens
9e4cc1acfe Don't throw on signature verification errors in openpgp.decrypt/verify 2019-01-26 11:41:44 +01:00
wussler
6b19af0a63
new BN, fix doc 2019-01-22 16:50:06 +01:00
wussler
2975e49dd0
genPublicEphemeralKey to return Uint8Array 2019-01-22 16:24:55 +01:00
wussler
6d9160dd87
Fix mistake in documentation 2019-01-22 16:22:05 +01:00
Aron Wussler
1face482ba Naming 2019-01-21 15:35:45 +01:00
Aron Wussler
4c809a4846 Fix to returns 2019-01-21 14:57:02 +01:00
Daniel Huigens
31f72fb64d
Update src/crypto/public_key/elliptic/ecdh.js 
Co-Authored-By: wussler <aron@wussler.it>
 2019-01-18 16:40:31 +01:00
Daniel Huigens
680aa03bcd
Update src/crypto/public_key/elliptic/ecdh.js 
Co-Authored-By: wussler <aron@wussler.it>
 2019-01-18 16:40:22 +01:00
Daniel Huigens
f77ebc7605
Update src/crypto/public_key/elliptic/ecdh.js 
Co-Authored-By: wussler <aron@wussler.it>
 2019-01-18 16:40:13 +01:00
Aron Wussler
06952b4e30 Make ephemeral secret available from ECDH module 2019-01-18 16:06:57 +01:00
Daniel Huigens
77055f6dfe Don't zero-copy transfer buffers in Safari 11.1 and Chrome < 56 
See https://bugs.webkit.org/show_bug.cgi?id=184254
and https://bugs.chromium.org/p/chromium/issues/detail?id=334408.
 2019-01-15 20:16:59 +01:00
Daniel Huigens
fe69cb882d Zero-copy transfer buffers when passing streams to workers 2019-01-09 15:18:59 +01:00
Daniel Huigens
625c6ea4b3 Zero-copy transfer buffers from the worker to the main thread 2019-01-09 15:18:56 +01:00
Daniel Huigens
c73b4536be Fix error handling in worker delegation 2019-01-09 15:06:15 +01:00
Sanjana Rajan
ffeb43ef04
Merge pull request #831 from twiss/web-crypto-cfb 
Web Crypto CFB encryption, revision 2
 2019-01-03 06:56:40 -08:00
Sanjana Rajan
37bc379663
Merge pull request #828 from tomholub/patch-1 
Fix various JSDoc typos etc
 2019-01-03 06:55:42 -08:00
Sanjana Rajan
9b599c86b2
Merge pull request #827 from estelendur/double_is_readonly 
Double is readonly
 2019-01-02 15:15:22 -08:00
Daniel Huigens
31931c9b0d Simplify MDC verification 2019-01-02 15:13:00 +01:00
Daniel Huigens
3f1734ae7a Move CFB optimizations into cfb.js 
So that uses of CFB other than sym_encrypted_integrity_protected.js
can benefit from them.

Also, implement CFB resync mode in terms of normal CFB rather than
separately (and duplicated).
 2019-01-02 15:12:53 +01:00
Daniel Huigens
a891e0b4ea Web Crypto CFB encryption 2019-01-02 15:12:48 +01:00
Daniel Huigens
5c5da1d86f Fix passing streams to workers in Safari 9 
Safari 9 does not expose the MessagePort object in workers
(but does expose it on window, and also exposes MessageChannel
in workers).
 2019-01-02 14:07:36 +01:00
Tom J
cf6278ddc9
Promisify hash.digest return value in jsdoc 2018-12-30 16:52:57 +00:00
Tom J
1054ed46d8
Fix util.js jsdoc Uint8Array typos 2018-12-29 11:44:26 +00:00
Esty Thomas
08fdb351d1
Renames var to prevent "double is read-only" error 
Under some build systems, the function `double` produces an error:
```SyntaxError: "double" is read-only"```
The error goes away if the variable named `double` inside the function
named `double` is renamed. This commit renames it to `double_var` for
simplicity's sake.
 2018-12-27 12:27:42 -05:00
Sanjana Rajan
836ad2805a
Revert "Web Crypto CFB encryption" 2018-12-23 18:42:24 +01:00
Sanjana Rajan
6c02b25aa5
Merge pull request #820 from twiss/web-crypto-cfb 
Web Crypto CFB encryption
 2018-12-23 17:55:25 +01:00
Sanjana Rajan
529973f2a2
Merge branch 'master' into fix/non-primary-non-revoked-sub-user 2018-12-23 17:52:01 +01:00
Sanjana Rajan
1bee091f2a
Merge pull request #815 from twiss/userIds 
Make fromUserIds/toUserIds params plural, and accept arrays of User IDs
 2018-12-23 17:50:46 +01:00
Daniel Huigens
113c4a5f1e Add CAST5 to always-allowed algorithms 
Golang's OpenPGP implementation uses CAST5 as its fallback.
(The spec mandates TripleDES as fallback.)

Fixes #819.
 2018-12-22 00:00:47 -05:00
Daniel Huigens
95cc9cecf0 Disable Web Workers on browsers without MessageChannel support 
For compatibility with old Firefox / Pale Moon 27
 2018-12-21 23:09:41 -05:00
Daniel Huigens
2c5cb6ad9f Fix armor parsing in edge case where reader.readToEnd() returns new Uint8Array([]) 2018-12-21 17:00:45 -05:00
Daniel Huigens
cfe7ff9bb8 Simplify MDC verification 2018-12-21 13:04:23 -05:00