Web Crypto AES-GCM in Edge seems to require non-empty ADATA and an
explicit tagLength.
AES-CTR doesn't seem to be supported at all, so this disables Web Crypto
for EAX in Edge.
This enables parallelism for streaming AEAD chunked encryption.
The reason we can't do so at the very end of the pipe chain
(e.g., in `readToEnd`) is because requests for increased
buffering (i.e. `desiredSize > 1`) do not propagate backwards,
only requests for backpressure (i.e. `desiredSize <= 0`) do.
When not requested, we convert the streams to Uint8Arrays.
This makes the generated key safe to pass to a Worker more than once.
Partially reverts 735aa1da.
When encrypting/signing a stream, this allows you to indicate whether it's a
stream of Strings or Uint8Arrays (using message.fromText or message.fromBinary,
respectively.)
When signing text, this allows you to control whether to create a cleartext
message or a regular armored text message.
When creating a detached signature, it allows you to control whether it's "meant
for" (verifying against) a cleartext message. A cleartext message has trailing
whitespace trimmed before signing. This fixes the case of passing a detached
signature from sign() to encrypt(). Since encrypt() doesn't create a cleartext
message, the signature would be invalid if the text contained lines with
trailing whitespace.
- The caller might not await them, in which case you get an "unhandled rejection"
- The caller might await them but only after reading the data, in which case you
get an unhandled rejection if there's an error before the end of the data
If the type of the signature passed to openpgp.encrypt() did not
match the "expected" type (text for literal text packets, etc)
the signature type would be set incorrectly.
We now close streams after reading them, so we can no longer use
stream.locked for a proxy for "has been read". What we want is the
internal [[disturbed]] property, but we can't access it for native
streams.
Since we always read the stream when calling getText(), it's not
an issue.
Also, add a "asStream" parameter to high-level functions to control
whether the return value is a Stream; defaulting to whether the
parameter passed was a Stream.
- Allow leading spaces in headers (since we were already accepting
leading spaces everywhere else in the armored text).
- Read ReadableStreams before passing them to a Worker
This change corrects verification of certifications over User Attributes
(such as photos).
Before this change the code did not differentiate between User IDs and
User Attributes as both of them were stored in `data.userid` [0] and
incorrectly used the User ID constant (0xB4) for both cases.
This change fixes the bug by storing User IDs in `userId` property and
User Attributes in `userAttribute` property. The check for property
existence has been modified to avoid comparisons with `undefined` as the
`User` class sets `null` for not assigned packets instead of
`undefined`.
Only data structures for signing and verification were modified and not
the properties used in the `User` class.
[0]: 11b2d2de3c/src/key.js (L872)
During tests of weird keys [0] it was found out that OpenPGP.js does not
handle keys without valid UIDs well.
There are two issues that this change corrects, first one is adding
filtering of user IDs in `getPrimaryUser` such as only users with self
certifications are considered. Without that change using
`getPrimaryUser` on a key without valid UIDs would throw an exception
(`Cannot read property 'verified' of undefined` [1]).
Second issue is correcting condition whether to throw if no UID was
found. Previous condition checked for `userId` variable, but this is
initialized by default and as such is almost always set. This causes
`key.getPrimaryUser()` (without condition) to throw `Could not find user
that matches that user ID`. The condition has been modified to match the
filter condition (checking if any property of `userId` has been
initialized).
[0]: https://gitlab.com/sequoia-pgp/weird-keys/tree/master/openpgpjs
[1]: 576ed08a54/openpgpjs/results/no-bound-uid.pgp.txt
This bug caused all signersUserIds strings to be prefixed with `"null"`
string. Changed to use only the last value for this packet type.
Previous implementation probably assumed that there will be more than one
signersUserId packet but I haven't been able to generate such signature
using gpg (only last user id was embedded). Moreover signature
serialization function `write_all_sub_packets` writes only one value of
this packet as a UTF-8 string.
This change implements Web Key Directory lookup using user's e-mail
address. The target host is the same as the e-mail's domain and the
local-part is hashed with SHA-1 and encoded using Z-Base32 encoding.
Implemented is basic flow of version 06 of OpenPGP Web Key Directory
draft [0].
It was necessary to update node-fetch package to allow returning array
buffers from HTTP responses.
If openpgpjs is used in the browser all keys retrieved from Web Key
Directory should have `Access-Control-Allow-Origin` header set to `*`
(including 404 Not found responses).
[0]: https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/
- In anticipation of streaming decryption
- Firefox 34 does not support chunk_size_byte > 24
256KiB is almost as fast as no chunks (although both of those can be up to
~1.5x slower than optimally using threads for very large message sizes).
The optimal chunk size would be something like:
max(data.length / navigator.hardwareConcurrency, 128KiB)
But we don't do so currently because
- We don't know the hardwareConcurrency of the decrypting machine
- Smaller chunk sizes are better for streaming decryption
Instead of creating a text signature for text packets and a binary signature for
binary packets, we determine the signature type based on whether a String or
Uint8Array was originally passed. This is useful for the new MIME data packet
type (implemented in the next commit) which you can pass in either format.
This also partly reverts a22c9e4. Instead of canonicalizing the literal data
packet, we canonicalize the data when signing. This fixes a hypothetical case
where an uncanonicalized text packet has both a text and a binary signature.
This also partly reverts c28f7ad. GPG does not strip trailing whitespace when
creating text signatures of literal data packets.
