- Rename `config.compression` to `config.preferredCompressionAlgorithm`
- Rename `config.encryptionCipher` to `config.preferredSymmetricAlgorithm`
- Rename `config.preferHashAlgorithm` to `config.preferredHashAlgorithm`
- Rename `config.aeadMode` to `config.preferredAeadAlgorithm`
- When encrypting to public keys, the compression/aead/symmetric algorithm is selected by:
- taking the preferred algorithm specified in config, if it is supported by all recipients
- otherwise, taking the "MUST implement" algorithm specified by rfc4880bis
- When encrypting to passphrases only (no public keys), the preferred algorithms from `config` are always used
- EdDSA signing with a hash algorithm weaker than sha256 is explicitly disallowed (https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2)
Refactor functions to take the configuration as a parameter.
This allows setting a config option for a single function call, whereas
setting `openpgp.config` could lead to concurrency-related issues when
multiple async function calls are made at the same time.
`openpgp.config` is used as default for unset config values in top-level
functions.
`openpgp.config` is used as default config object in low-level functions
(i.e., when calling a low-level function, it may be required to pass
`{ ...openpgp.config, modifiedConfig: modifiedValue }`).
Also,
- remove `config.rsaBlinding`: blinding is now always applied to RSA decryption
- remove `config.debug`: debugging mode can be enabled by setting
`process.env.NODE_ENV = 'development'`
- remove `config.useNative`: native crypto is always used when available
- `openpgp.generateKey` now expects `userIds` in object format
(strings are no longer supported)
- Remove `util.parseUserId` and `util.formatUserId`
- Replace `UserIDPacket#format` with `UserIDPacket.fromObject`
- Changes `openpgp.generateKey` to accept an explicit `type` parameter,
instead of inferring its value from the `curve` or `rsaBits` params
- Introduces `config.minRsaBits` to set minimum key size of RSA key generation
Instead of as modules.
Replace *.read with read*, *.readArmored with readArmored*, etc.
Replace cleartext.readArmored with readArmoredCleartextMessage.
Replace message.fromText with Message.fromText, etc.
openpgp.encrypt, sign, encryptSessionKey, encryptKey and decryptKey now
return their result directly without wrapping it in a "result" object.
Also, remove the `detached` and `returnSessionKey` options of
openpgp.encrypt.
Also, switch from returning false to throwing errors in most verify*()
functions, as well as in `await signatures[*].verified`, in order to be
able to show more informative error messages.
Also, when generating RSA keys in JS, generate them with p < q, as per
the spec.
Also, when generating RSA keys using Web Crypto or Node crypto, swap the
generated p and q around, so that will satisfy p < q in most browsers
(but not old Microsoft Edge, 50% of the time) and so that we can use the
generated u coefficient (p^-1 mod q in OpenPGP, q^-1 mod p in RFC3447).
Then, when signing and verifying, swap p and q again, so that the key
hopefully satisfies Safari's requirement that p > q, and so that we can
keep using u again.
Keep supporting the old names as well though in `openpgp.generateKey`
and `getAlgorithmInfo`, but not in `openpgp.key.generate` (as it is
recommended that developers use `openpgp.generateKey` instead, and
it now throws when using `numBits` instead of `rsaBits`, so there's
no risk of silent key security downgrade).
The old names are now deprecated, and might be removed in v5.
