Class: Key

Key(packetlist)

Class that represents an OpenPGP key. Must contain a primary key. Can contain additional subkeys, signatures, user ids, user attributes.

Constructor

new Key(packetlist)

Parameters:
Name Type Description
packetlist PacketList

The packets that form this key
Source:

Methods

(async) addSubkey() → {Promise.<Key>}

Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added. Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.

Parameters:
Name Type Description
options.type ecc | rsa

The subkey algorithm: ECC or RSA
options.curve String

(optional) Elliptic curve for ECC keys
options.rsaBits Integer

(optional) Number of bits for RSA subkeys
options.keyExpirationTime Number

(optional) Number of seconds from the key creation time after which the key expires
options.date Date

(optional) Override the creation date of the key and the key signatures
options.sign Boolean

(optional) Indicates whether the subkey should sign rather than encrypt. Defaults to false
options.config Object

(optional) custom configuration settings to overwrite those in openpgp.config
Source:
Returns:
Type
Promise.<Key>

(async) applyRevocationCertificate(revocationCertificate, config) → {Promise.<Key>}

Applies a revocation certificate to a key This adds the first signature packet in the armored text to the key, if it is a valid revocation signature.

Parameters:
Name Type Description
revocationCertificate String

armored revocation certificate
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

new revoked key

Type
Promise.<Key>

armor(config) → {ReadableStream.<String>}

Returns ASCII armored text of key

Parameters:
Name Type Description
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

ASCII armor

Type
ReadableStream.<String>

clearPrivateParams()

Clear private key parameters

Source:

(async) clone() → {Promise.<Key>}

Clones the key object

Source:
Returns:

shallow clone of the key

Type
Promise.<Key>

(async) decrypt(passphrases, keyId, config)

Decrypts all secret key and subkey packets matching keyId

Parameters:
Name Type Default Description
passphrases String | Array.<String>
keyId module:type/keyid~Keyid null
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Throws:

if any matching key or subkey packets did not decrypt successfully

Type
Error

(async) encrypt(passphrases, keyId, config)

Encrypts all secret key and subkey packets matching keyId

Parameters:
Name Type Default Description
passphrases String | Array.<String>

if multiple passphrases, then should be in same order as packets each should encrypt
keyId module:type/keyid~Keyid null
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Throws:

if encryption failed for any key or subkey

Type
Error

getAlgorithmInfo() → {Object}

Returns algorithm information

Source:
Returns:

An object of the form {algorithm: String, bits:int, curve:String}

Type
Object

getAlgorithmInfo() → {Object}

Returns algorithm information

Source:
Returns:

An object of the form {algorithm: String, bits:int, curve:String}

Type
Object

getCreationTime() → {Date}

Returns the creation time of the key

Source:
Returns:
Type
Date

getCreationTime() → {Date}

Returns the creation time of the key

Source:
Returns:
Type
Date

(async) getDecryptionKeys(keyId,, date,, userId,, config) → {Promise.<Array.<(Key|SubKey)>>}

Returns all keys that are available for decryption, matching the keyId when given This is useful to retrieve keys for session key decryption

Parameters:
Name Type Description
keyId, module:type/keyid~Keyid

optional
date, Date

optional
userId, String

optional
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

array of decryption keys

Type
Promise.<Array.<(Key|SubKey)>>

(async) getEncryptionKey(keyId,, date,, userId,, config) → {Promise.<(Key|SubKey|null)>}

Returns last created key or key by given keyId that is available for encryption or decryption

Parameters:
Name Type Description
keyId, module:type/keyid~Keyid

optional
date, Date

optional
userId, String

optional
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

key or null if no encryption key has been found

Type
Promise.<(Key|SubKey|null)>

(async) getExpirationTime(capabilities,, keyId,, userId,, config) → {Promise.<(Date|Infinity|null)>}

Returns the latest date when the key can be used for encrypting, signing, or both, depending on the capabilities paramater. When capabilities is null, defaults to returning the expiry date of the primary key. Returns null if capabilities is passed and the key does not have the specified capabilities or is revoked or invalid. Returns Infinity if the key doesn't expire.

Parameters:
Name Type Description
capabilities, encrypt | sign | encrypt_sign

optional
keyId, module:type/keyid~Keyid

optional
userId, Object

optional user ID
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:
Type
Promise.<(Date|Infinity|null)>

getFingerprint() → {String}

Calculates the fingerprint of the key

Source:
Returns:

A string containing the fingerprint in lowercase hex

Type
String

getFingerprint() → {String}

Calculates the fingerprint of the key

Source:
Returns:

A string containing the fingerprint in lowercase hex

Type
String

getKeyId() → {module:type/keyid~Keyid}

Calculates the key id of the key

Source:
Returns:

A 8 byte key id

Type
module:type/keyid~Keyid

getKeyId() → {module:type/keyid~Keyid}

Calculates the key id of the key

Source:
Returns:

A 8 byte key id

Type
module:type/keyid~Keyid

getKeyIds() → {Array.<module:type/keyid~Keyid>}

Returns key IDs of all keys

Source:
Returns:
Type
Array.<module:type/keyid~Keyid>

getKeys(keyId) → {Array.<(Key|SubKey)>}

Returns an array containing all public or private keys matching keyId. If keyId is not present, returns all keys starting with the primary key.

Parameters:
Name Type Default Description
keyId type/keyid null
Source:
Returns:
Type
Array.<(Key|SubKey)>

(async) getPrimaryUser(date, userId, config) → {Promise.<{user: User, selfCertification: SignaturePacket}>}

Returns primary user and most significant (latest valid) self signature

  • if multiple primary users exist, returns the one with the latest self signature
  • otherwise, returns the user with the latest self signature
Parameters:
Name Type Description
date Date

(optional) use the given date for verification instead of the current time
userId Object

(optional) user ID to get instead of the primary user, if it exists
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

The primary user and the self signature

Type
Promise.<{user: User, selfCertification: SignaturePacket}>

(async) getRevocationCertificate(date, config) → {Promise.<String>}

Get revocation certificate from a revoked key. (To get a revocation certificate for an unrevoked key, call revoke() first.)

Parameters:
Name Type Description
date Date

Use the given date instead of the current time
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

armored revocation certificate

Type
Promise.<String>

(async) getSigningKey(keyId,, date, userId,, config) → {Promise.<(Key|SubKey|null)>}

Returns last created key or key by given keyId that is available for signing and verification

Parameters:
Name Type Description
keyId, module:type/keyid~Keyid

optional
date Date

(optional) use the given date for verification instead of the current time
userId, Object

optional user ID
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

key or null if no signing key has been found

Type
Promise.<(Key|SubKey|null)>

getSubkeys(keyId) → {Array.<SubKey>}

Returns an array containing all public or private subkeys matching keyId; If keyId is not present, returns all subkeys.

Parameters:
Name Type Default Description
keyId type/keyid null
Source:
Returns:
Type
Array.<SubKey>

getUserIds() → {Array.<string>}

Returns userids

Source:
Returns:

array of userids

Type
Array.<string>

hasSameFingerprintAs() → {Boolean}

Calculates whether two keys have the same fingerprint without actually calculating the fingerprint

Source:
Returns:

Whether the two keys have the same version and public key data

Type
Boolean

hasSameFingerprintAs() → {Boolean}

Calculates whether two keys have the same fingerprint without actually calculating the fingerprint

Source:
Returns:

Whether the two keys have the same version and public key data

Type
Boolean

isDecrypted()

Returns true if the primary key or any subkey is decrypted. A dummy key is considered encrypted.

Source:

isPrivate() → {Boolean}

Returns true if this is a private key

Source:
Returns:
Type
Boolean

isPublic() → {Boolean}

Returns true if this is a public key

Source:
Returns:
Type
Boolean

(async) isRevoked(signature, key,, date, config) → {Promise.<Boolean>}

Checks if a signature on a key is revoked

Parameters:
Name Type Description
signature SignaturePacket

The signature to verify
key, PublicSubkeyPacket | SecretSubkeyPacket | PublicKeyPacket | SecretKeyPacket

optional The key to verify the signature
date Date

Use the given date instead of the current time
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

True if the certificate is revoked

Type
Promise.<Boolean>

packetlist2structure(packetlist)

Transforms packetlist to structured key data

Parameters:
Name Type Description
packetlist PacketList

The packets that form a key
Source:

(async) revoke(reasonForRevocation, date, config) → {Promise.<Key>}

Revokes the key

Parameters:
Name Type Description
reasonForRevocation Object

optional, object indicating the reason for revocation

Properties
Name Type Description
flag module:enums.reasonForRevocation

optional, flag indicating the reason for revocation
string String

optional, string explaining the reason for revocation
date Date

optional, override the creationtime of the revocation signature
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

new key with revocation signature

Type
Promise.<Key>

(async) signAllUsers(privateKeys, config) → {Promise.<Key>}

Signs all users of key

Parameters:
Name Type Description
privateKeys Array.<Key>

decrypted private keys for signing
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

new public key with new certificate signature

Type
Promise.<Key>

(async) signPrimaryUser(privateKeys, date, userId, config) → {Promise.<Key>}

Signs primary user of key

Parameters:
Name Type Description
privateKeys Array.<Key>

decrypted private keys for signing
date Date

(optional) use the given date for verification instead of the current time
userId Object

(optional) user ID to get instead of the primary user, if it exists
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

new public key with new certificate signature

Type
Promise.<Key>

toPacketlist() → {PacketList}

Transforms structured key data to packetlist

Source:
Returns:

The packets that form a key

Type
PacketList

toPublic(config) → {Key}

Returns key as public key (shallow copy)

Parameters:
Name Type Description
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

new public Key

Type
Key

(async) update(key, config) → {Promise.<undefined>}

Update key with new components from specified key with same key ID: users, subkeys, certificates are merged into the destination key, duplicates and expired signatures are ignored.

If the specified key is a private key and the destination key is public, the destination key is transformed to a private key.

Parameters:
Name Type Description
key Key

Source key to merge
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:
Type
Promise.<undefined>

(async) validate(config)

Check whether the private and public primary key parameters correspond Together with verification of binding signatures, this guarantees key integrity In case of gnu-dummy primary key, it is enough to validate any signing subkeys otherwise all encryption subkeys are validated If only gnu-dummy keys are found, we cannot properly validate so we throw an error

Parameters:
Name Type Description
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Throws:

if validation was not successful and the key cannot be trusted

Type
Error

(async) verifyAllUsers(keys, config) → {Promise.<Array.<{userid: String, keyid: module:type/keyid~Keyid, valid: Boolean}>>}

Verifies all users of key

  • if no arguments are given, verifies the self certificates;
  • otherwise, verifies all certificates signed with given keys.
Parameters:
Name Type Description
keys Array.<Key>

array of keys to verify certificate signatures
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

list of userid, signer's keyid and validity of signature

Type
Promise.<Array.<{userid: String, keyid: module:type/keyid~Keyid, valid: Boolean}>>

(async) verifyPrimaryKey(date, userId, config)

Verify primary key. Checks for revocation signatures, expiration time and valid self signature. Throws if the primary key is invalid.

Parameters:
Name Type Description
date Date

(optional) use the given date for verification instead of the current time
userId Object

(optional) user ID
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Throws:

If key verification failed

Type
Error

(async) verifyPrimaryUser(keys, date, userId, config) → {Promise.<Array.<{keyid: module:type/keyid~Keyid, valid: Boolean}>>}

Verifies primary user of key

  • if no arguments are given, verifies the self certificates;
  • otherwise, verifies all certificates signed with given keys.
Parameters:
Name Type Description
keys Array.<Key>

array of keys to verify certificate signatures
date Date

(optional) use the given date for verification instead of the current time
userId Object

(optional) user ID to get instead of the primary user, if it exists
config Object

(optional) full configuration, defaults to openpgp.config
Source:
Returns:

List of signer's keyid and validity of signature

Type
Promise.<Array.<{keyid: module:type/keyid~Keyid, valid: Boolean}>>