suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,940 Commits 1 Branch 0 Tags 39 MiB
9b51349ce3
Commit Graph

1940 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Huigens
9b51349ce3
Unpublish npm-shrinkwrap.json (#1079) 2020-04-15 11:25:27 +02:00
larabr
6119dbb08e
Support verification of text signatures on non-UTF-8 messages (#1071) 2020-03-30 12:51:07 +02:00
larabr
34f9f705e9
Update dependencies (#1061) 2020-03-26 18:05:07 +01:00
Ilya Chesnokov
69f14023f2
Update grunt; fix lodash vulnerability warning (#1060) 2020-03-17 13:39:30 +01:00
chenlhlinux
b76c67aba8
Fix signature verification examples in the README (#1058) 2020-03-12 20:13:22 +01:00
Makoto Sakaguchi
66d83db51b
Fix "TypeError: fetch is not a function" in Node.js environment (#1052) 2020-03-03 14:50:28 +01:00
Daniel Huigens
b6a6f52ad8 Release new version 2020-02-27 17:17:23 +01:00
Daniel Huigens
e986c47ed5 Remove no-op revocationCertificate option from reformatKey 2020-02-27 16:04:06 +01:00
Daniel Huigens
60822d87d9 Fix generating keys with a date in the future 
This was broken in 8c3bcd1.

(Before then, the revocation certificate was already broken when
generating a key with a date in the future.)
 2020-02-27 16:04:07 +01:00
Daniel Huigens
f6507c30e1 Release new version 2020-02-25 15:58:04 +01:00
Daniel Huigens
2131fb0978 Fix error message for legacy encrypted private keys 2020-02-25 15:07:43 +01:00
Daniel Huigens
c6ed05d2c3 Optimize crc24 calculation 2020-02-25 15:06:38 +01:00
Daniel Huigens
2ff4fbb0e8 Optimize base64 encoding and decoding 2020-02-25 15:06:38 +01:00
Daniel Huigens
15202d9d40 Don't use polyfilled Set in compat build 
All methods of sets we need are available in all browsers we support.
 2020-02-25 15:06:15 +01:00
Daniel Huigens
4bd22eb17a Unit tests: eval config query parameters instead of parsing as JSON 2020-02-25 15:06:15 +01:00
Daniel Huigens
8c3bcd1f21 Reject signatures using insecure hash algorithms 
Also, switch from returning false to throwing errors in most verify*()
functions, as well as in `await signatures[*].verified`, in order to be
able to show more informative error messages.
 2020-02-25 15:06:15 +01:00
Daniel Huigens
3af8e32bf0 Release new version 2020-02-17 14:40:22 +01:00
Daniel Huigens
92eda27e61 Binary signature on text message: sign and verify text as UTF-8 2020-02-17 12:49:20 +01:00
Daniel Huigens
de6ab1db49 Add inline sourceMap in minified files in grunt build --dev 2020-02-07 20:41:44 +01:00
Stig P
21c7d69f56
Fix typo in symmetric encryption example in README.md (#1042) 2020-02-03 15:10:19 +01:00
Daniel Huigens
93c5bed64b Release new version 2020-02-02 20:15:24 +01:00
Daniel Huigens
dc9660f2ae Add tests with old and new Blowfish encrypted messages 2020-02-02 16:51:56 +01:00
Daniel Huigens
84a1287e50 Fix Blowfish block size 2020-02-02 16:51:56 +01:00
Daniel Huigens
801b44f2e7 Don't use Node symmetric crypto when !config.use_native 2020-02-02 16:51:56 +01:00
Daniel Huigens
fc0052e35a Implement streaming non-AES encryption and decryption 2020-02-02 16:51:56 +01:00
Daniel Huigens
2ec8831abf Use native Node crypto for non-AES encryption and decryption 2020-02-02 16:51:56 +01:00
Daniel Huigens
e14a3c78b7 Add instructions to pipe unarmored encrypted data on Node.js 2020-02-02 16:51:01 +01:00
Daniel Huigens
b49e787ba9 Update setup instructions 2020-02-02 16:51:01 +01:00
Daniel Huigens
7000d9db4b Clean up README.md 2020-02-02 16:51:01 +01:00
Daniel Huigens
09e818763e Release new version 2020-01-24 20:05:16 +01:00
Daniel Huigens
786d909f79 Fix worker tests in compat browsers 2020-01-24 19:16:15 +01:00
Daniel Huigens
e8ee70b2a8 Fix UnhandledPromiseRejectionWarnings in Node.js 
These were introduced in 9bdeaa9 by `await`ing Promises later than
they're created.
 2020-01-24 18:05:50 +01:00
Daniel Huigens
382c05df6f Remove accidental .only in test suite 2020-01-24 17:59:35 +01:00
Daniel Huigens
9bdeaa927a Don't keep entire decrypted message in memory while streaming 
(When config.allow_unauthenticated_stream is set or the message is
AEAD-encrypted.)

The issue was that, when hashing the data for verification, we would
only start hashing at the very end (and keep the message in memory)
because nobody was "pulling" the stream containing the hash yet, so
backpressure was keeping the data from being hashed.

Note that, of the two patches in this commit, only the onePassSig.hashed
property actually mattered, for some reason. Also, the minimum
highWaterMark of 1 should have pulled the hashed stream anyway, I think.
I'm not sure why that didn't happen.
 2020-01-24 17:58:17 +01:00
Daniel Huigens
6e13604a64 Replace 'window' with 'global' 
In order to use Web Crypto in application workers, among other things.
 2020-01-24 17:58:04 +01:00
Daniel Huigens
81d6b45ba8 Test loading OpenPGP.js from a Worker in the application 2020-01-24 17:58:04 +01:00
Daniel Huigens
66acd979bf Clear worker key caches in openpgp.destroyWorker() 2020-01-24 17:57:39 +01:00
Daniel Huigens
fb666f0624 Implement openpgp.getWorker().clearKeyCache() 2020-01-24 17:57:39 +01:00
Daniel Huigens
523432334f Implement Key.prototype.clearPrivateParams 2020-01-24 17:57:39 +01:00
Daniel Huigens
26d107b856 Zero out private key parameters in clearPrivateParams 2020-01-24 17:57:39 +01:00
Daniel Huigens
889e0c4930 Allow calling clearPrivateParams on decrypted keys 
Calling it on unencrypted keys was already allowed, so this safety check
didn't do much.
 2020-01-24 17:57:39 +01:00
Daniel Huigens
6ae6012786 Terminate workers in openpgp.destroyWorker() 2020-01-24 17:57:39 +01:00
Ilya Chesnokov
94a04eaa5c Switch code coverage reporter to nyc (#1005) 2020-01-15 15:46:37 +01:00
Daniel Huigens
1462affe88 Release new version 2020-01-14 18:10:37 +01:00
Daniel Huigens
44a90d9465
Cache key objects in Workers by armor (#1030) 
This allows us to use the cached `verified` property on self-signatures,
so that we don't have to repeatedly verify them.
 2020-01-14 18:06:09 +01:00
Daniel Huigens
fd6d7b6088
Remove support for legacy encrypted private keys (#1029) 
Both those with a 2-byte hash (instead of SHA1 or an AEAD authentication
tag) and those without an S2K specifier (i.e., using MD5 for S2K) -
support for the latter was already broken.

Vulnerabilities can arise not just from generating keys like this, but
from using them as well (if an attacker can tamper with them), hence why
we're removing support.
 2020-01-07 18:17:00 +01:00
Daniel Huigens
8f355a75da
Implement key.validate() (#1028) 
This function checks whether the private and public key parameters
of the primary key match.

This check is necessary when using your own private key to encrypt
data if the private key was stored on an untrusted medium, and
trust is derived from being able to decrypt the private key.
 2020-01-07 18:16:45 +01:00
Ilya Chesnokov
26502e36cd
update asmcrypto.js (#1023) 
update asmcrypto.js to version 2.3.2
 2019-12-30 14:14:27 +07:00
Alexandre Perrin
0a32f4d5e7 Comment typo fixes (#1022) 2019-12-27 12:47:37 +01:00
Daniel Huigens
ba944c8948 Release new version 2019-12-20 17:39:24 +01:00