// GPG4Browsers - An OpenPGP implementation in javascript // Copyright (C) 2011 Recurity Labs GmbH // // This library is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; either // version 2.1 of the License, or (at your option) any later version. // // This library is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU // Lesser General Public License for more details. // // You should have received a copy of the GNU Lesser General Public // License along with this library; if not, write to the Free Software // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA /** * @requires config * @requires encoding/armor * @requires enums * @requires packet * @module key */ var packet = require('./packet'), enums = require('./enums.js'), armor = require('./encoding/armor.js'), config = require('./config'); /** * @class * @classdesc Class that represents an OpenPGP key. Must contain a primary key. * Can contain additional subkeys, signatures, user ids, user attributes. * @param {module:packet/packetlist} packetlist The packets that form this key */ function Key(packetlist) { if (!(this instanceof Key)) { return new Key(packetlist); } // same data as in packetlist but in structured form this.primaryKey = null; this.revocationSignature = null; this.directSignatures = null; this.users = null; this.subKeys = null; this.packetlist2structure(packetlist); if (!this.primaryKey || !this.users) { throw new Error('Invalid key: need at least key and user ID packet'); } } /** * Transforms packetlist to structured key data * @param {module:packet/packetlist} packetlist The packets that form a key */ Key.prototype.packetlist2structure = function(packetlist) { var user, primaryKeyId, subKey; for (var i = 0; i < packetlist.length; i++) { switch (packetlist[i].tag) { case enums.packet.public_key: case enums.packet.secret_key: this.primaryKey = packetlist[i]; primaryKeyId = this.primaryKey.getKeyId(); break; case enums.packet.userid: case enums.packet.user_attribute: user = new User(packetlist[i]); if (!this.users) this.users = []; this.users.push(user); break; case enums.packet.public_subkey: case enums.packet.secret_subkey: user = null; if (!this.subKeys) this.subKeys = []; subKey = new SubKey(packetlist[i]); this.subKeys.push(subKey); break; case enums.packet.signature: switch (packetlist[i].signatureType) { case enums.signature.cert_generic: case enums.signature.cert_persona: case enums.signature.cert_casual: case enums.signature.cert_positive: if (packetlist[i].issuerKeyId.equals(primaryKeyId)) { if (!user.selfCertifications) user.selfCertifications = []; user.selfCertifications.push(packetlist[i]); } else { if (!user.otherCertifications) user.otherCertifications = []; user.otherCertifications.push(packetlist[i]); } break; case enums.signature.cert_revocation: if (user) { if (!user.revocationCertifications) user.revocationCertifications = []; user.revocationCertifications.push(packetlist[i]); } else { if (!this.directSignatures) this.directSignatures = []; this.directSignatures.push(packetlist[i]); } break; case enums.signature.key: if (!this.directSignatures) this.directSignatures = []; this.directSignatures.push(packetlist[i]); break; case enums.signature.subkey_binding: subKey.bindingSignature = packetlist[i]; break; case enums.signature.key_revocation: this.revocationSignature = packetlist[i]; break; case enums.signature.subkey_revocation: subKey.revocationSignature = packetlist[i]; break; } break; } } }; /** * Transforms structured key data to packetlist * @return {module:packet/packetlist} The packets that form a key */ Key.prototype.toPacketlist = function() { var packetlist = new packet.list(); packetlist.push(this.primaryKey); packetlist.push(this.revocationSignature); packetlist.concat(this.directSignatures); var i; for (i = 0; i < this.users.length; i++) { packetlist.concat(this.users[i].toPacketlist()); } if (this.subKeys) { for (i = 0; i < this.subKeys.length; i++) { packetlist.concat(this.subKeys[i].toPacketlist()); } } return packetlist; }; /** * Returns the primary key packet (secret or public) * @returns {(module:packet/secret_key|module:packet/public_key|null)} */ Key.prototype.getKeyPacket = function() { return this.primaryKey; }; /** * Returns all the private and public subkey packets * @returns {Array<(module:packet/public_subkey|module:packet/secret_subkey)>} */ Key.prototype.getSubkeyPackets = function() { var subKeys = []; if (this.subKeys) { for (var i = 0; i < this.subKeys.length; i++) { subKeys.push(this.subKeys[i].subKey); } } return subKeys; }; /** * Returns all the private and public key and subkey packets * @returns {Array<(module:packet/public_subkey|module:packet/secret_subkey|module:packet/secret_key|module:packet/public_key)>} */ Key.prototype.getAllKeyPackets = function() { return [this.getKeyPacket()].concat(this.getSubkeyPackets()); }; /** * Returns key IDs of all key packets * @returns {Array} */ Key.prototype.getKeyIds = function() { var keyIds = []; var keys = this.getAllKeyPackets(); for (var i = 0; i < keys.length; i++) { keyIds.push(keys[i].getKeyId()); } return keyIds; }; function findKey(keys, keyIds) { for (var i = 0; i < keys.length; i++) { var keyId = keys[i].getKeyId(); for (var j = 0; j < keyIds.length; j++) { if (keyId.equals(keyIds[j])) { return keys[i]; } } } return null; } /** * Returns first public key packet for given array of key IDs * @param {Array} keyIds * @return {(module:packet/public_subkey|module:packet/public_key|null)} */ Key.prototype.getPublicKeyPacket = function(keyIds) { if (this.primaryKey.tag == enums.packet.public_key) { return findKey(this.getAllKeyPackets(), keyIds); } else { return null; } }; /** * Returns first private key packet for given array of key IDs * @param {Array} keyIds * @return {(module:packet/secret_subkey|module:packet/secret_key|null)} */ Key.prototype.getPrivateKeyPacket = function(keyIds) { if (this.primaryKey.tag == enums.packet.secret_key) { return findKey(this.getAllKeyPackets(), keyIds); } else { return null; } }; /** * Returns userids * @return {Array} array of userids */ Key.prototype.getUserIds = function() { var userids = []; for (var i = 0; i < this.users.length; i++) { if (this.users[i].userId) { userids.push(this.users[i].userId.write()); } } return userids; }; /** * Returns true if this is a public key * @return {Boolean} */ Key.prototype.isPublic = function() { return this.primaryKey.tag == enums.packet.public_key; }; /** * Returns true if this is a private key * @return {Boolean} */ Key.prototype.isPrivate = function() { return this.primaryKey.tag == enums.packet.secret_key; }; /** * Returns key as public key (shallow copy) * @return {module:key~Key} new public Key */ Key.prototype.toPublic = function() { var packetlist = new packet.list(); var keyPackets = this.toPacketlist(); var bytes; for (var i = 0; i < keyPackets.length; i++) { switch (keyPackets[i].tag) { case enums.packet.secret_key: bytes = keyPackets[i].writePublicKey(); var pubKeyPacket = new packet.public_key(); pubKeyPacket.read(bytes); packetlist.push(pubKeyPacket); break; case enums.packet.secret_subkey: bytes = keyPackets[i].writePublicKey(); var pubSubkeyPacket = new packet.public_subkey(); pubSubkeyPacket.read(bytes); packetlist.push(pubSubkeyPacket); break; default: packetlist.push(keyPackets[i]); } } return new Key(packetlist); }; /** * Returns ASCII armored text of key * @return {String} ASCII armor */ Key.prototype.armor = function() { var type = this.isPublic() ? enums.armor.public_key : enums.armor.private_key; return armor.encode(type, this.toPacketlist().write()); }; /** * Returns first key packet that is available for signing * @return {(module:packet/secret_subkey|module:packet/secret_key|null)} key packet or null if no signing key has been found */ Key.prototype.getSigningKeyPacket = function() { if (this.isPublic()) { throw new Error('Need private key for signing'); } var primaryUser = this.getPrimaryUser(); if (primaryUser && isValidSigningKeyPacket(this.primaryKey, primaryUser.selfCertificate)) { return this.primaryKey; } if (this.subKeys) { for (var i = 0; i < this.subKeys.length; i++) { if (this.subKeys[i].isValidSigningKey(this.primaryKey)) { return this.subKeys[i].subKey; } } } return null; }; /** * Returns preferred signature hash algorithm of this key * @return {String} */ Key.prototype.getPreferredHashAlgorithm = function() { var primaryUser = this.getPrimaryUser(); if (primaryUser && primaryUser.selfCertificate.preferredHashAlgorithms) { return primaryUser.selfCertificate.preferredHashAlgorithms[0]; } return config.prefer_hash_algorithm; }; function isValidEncryptionKeyPacket(keyPacket, signature) { return keyPacket.algorithm !== enums.read(enums.publicKey, enums.publicKey.dsa) && keyPacket.algorithm !== enums.read(enums.publicKey, enums.publicKey.rsa_sign) && ((signature.keyFlags & enums.keyFlags.encrypt_communication) !== 0 || (signature.keyFlags & enums.keyFlags.encrypt_storage) !== 0 || !signature.keyFlags); } function isValidSigningKeyPacket(keyPacket, signature) { return (keyPacket.algorithm == enums.read(enums.publicKey, enums.publicKey.dsa) || keyPacket.algorithm == enums.read(enums.publicKey, enums.publicKey.rsa_sign) || keyPacket.algorithm == enums.read(enums.publicKey, enums.publicKey.rsa_encrypt_sign)) && ((signature.keyFlags & enums.keyFlags.sign_data) !== 0 || !signature.keyFlags); } /** * Returns the first valid encryption key packet for this key * @returns {(module:packet/public_subkey|module:packet/secret_subkey|module:packet/secret_key|module:packet/public_key|null)} key packet or null if no encryption key has been found */ Key.prototype.getEncryptionKeyPacket = function() { // V4: by convention subkeys are prefered for encryption service // V3: keys MUST NOT have subkeys if (this.subKeys) { for (var i = 0; i < this.subKeys.length; i++) { if (this.subKeys[i].isValidEncryptionKey(this.primaryKey)) { return this.subKeys[i].subKey; } } } // if no valid subkey for encryption, evaluate primary key var primaryUser = this.getPrimaryUser(); if (primaryUser && isValidEncryptionKeyPacket(this.primaryKey, primaryUser.selfCertificate)) { return this.primaryKey; } return null; }; /** * Decrypts all secret key and subkey packets * @param {String} passphrase * @return {Boolean} true if all key and subkey packets decrypted successfully */ Key.prototype.decrypt = function(passphrase) { if (this.isPrivate()) { var keys = this.getAllKeyPackets(); for (var i = 0; i < keys.length; i++) { var success = keys[i].decrypt(passphrase); if (!success) return false; } } else { throw new Error("Nothing to decrypt in a public key"); } return true; }; /** * Decrypts specific key packets by key ID * @param {Array} keyIds * @param {String} passphrase * @return {Boolean} true if all key packets decrypted successfully */ Key.prototype.decryptKeyPacket = function(keyIds, passphrase) { if (this.isPrivate()) { var keys = this.getAllKeyPackets(); for (var i = 0; i < keys.length; i++) { var keyId = keys[i].getKeyId(); for (var j = 0; j < keyIds.length; j++) { if (keyId.equals(keyIds[j])) { var success = keys[i].decrypt(passphrase); if (!success) return false; } } } } else { throw new Error("Nothing to decrypt in a public key"); } return true; }; /** * Verify primary key. Checks for revocation signatures, expiration time * and valid self signature * @return {module:enums.keyStatus} The status of the primary key */ Key.prototype.verifyPrimaryKey = function() { // check revocation signature if (this.revocationSignature && !this.revocationSignature.isExpired() && (this.revocationSignature.verified || this.revocationSignature.verify(this.primaryKey, {key: this.primaryKey}))) { return enums.keyStatus.revoked; } // check V3 expiration time if (this.primaryKey.version == 3 && this.primaryKey.expirationTimeV3 !== 0 && Date.now() > (this.primaryKey.created.getTime() + this.primaryKey.expirationTimeV3*24*3600*1000)) { return enums.keyStatus.expired; } // check for at least one self signature. Self signature of user ID not mandatory // See http://tools.ietf.org/html/rfc4880#section-11.1 var selfSigned = false; for (var i = 0; i < this.users.length; i++) { if (this.users[i].userId && this.users[i].selfCertifications) { selfSigned = true; } } if (!selfSigned) { return enums.keyStatus.no_self_cert; } // check for valid self signature var primaryUser = this.getPrimaryUser(); if (!primaryUser) { return enums.keyStatus.invalid; } // check V4 expiration time if (this.primaryKey.version == 4 && primaryUser.selfCertificate.keyNeverExpires === false && Date.now() > (primaryUser.selfCertificate.created.getTime() + primaryUser.selfCertificate.keyExpirationTime*1000)) { return enums.keyStatus.expired; } return enums.keyStatus.valid; }; /** * Returns primary user and most significant (latest valid) self signature * - if multiple users are marked as primary users returns the one with the latest self signature * - if no primary user is found returns the user with the latest self signature * @return {{user: Array, selfCertificate: Array}} The primary user and the self signature */ Key.prototype.getPrimaryUser = function() { var user = null; var userSelfCert; for (var i = 0; i < this.users.length; i++) { if (!this.users[i].userId) { continue; } var selfCert = this.users[i].getValidSelfCertificate(this.primaryKey); if (!selfCert) { continue; } if (!user || !userSelfCert.isPrimaryUserID && selfCert.isPrimaryUserID || userSelfCert.created < selfCert.created) { user = this.users[i]; userSelfCert = selfCert; } } return user ? {user: user, selfCertificate: userSelfCert} : null; }; // TODO Key.prototype.revoke = function() { }; /** * @class * @classdesc Class that represents an user ID or attribute packet and the relevant signatures. */ function User(userPacket) { if (!(this instanceof User)) { return new User(userPacket); } this.userId = userPacket.tag == enums.packet.userid ? userPacket : null; this.userAttribute = userPacket.tag == enums.packet.user_attribute ? userPacket : null; this.selfCertifications = null; this.otherCertifications = null; this.revocationCertifications = null; } /** * Transforms structured user data to packetlist * @return {module:packet/packetlist} */ User.prototype.toPacketlist = function() { var packetlist = new packet.list(); packetlist.push(this.userId || this.userAttribute); packetlist.concat(this.revocationCertifications); packetlist.concat(this.selfCertifications); packetlist.concat(this.otherCertifications); return packetlist; }; /** * Checks if a self signature of the user is revoked * @param {module:packet/signature} certificate * @param {module:packet/secret_key|module:packet/public_key} primaryKey The primary key packet * @return {Boolean} True if the certificate is revoked */ User.prototype.isRevoked = function(certificate, primaryKey) { if (this.revocationCertifications) { var that = this; return this.revocationCertifications.some(function(revCert) { return revCert.issuerKeyId.equals(certificate.issuerKeyId) && !revCert.isExpired() && (revCert.verified || revCert.verify(primaryKey, {userid: that.userId || that.userAttribute, key: primaryKey})); }); } else { return false; } }; /** * Returns the most significant (latest valid) self signature of the user * @param {module:packet/secret_key|module:packet/public_key} primaryKey The primary key packet * @return {module:packet/signature} The self signature */ User.prototype.getValidSelfCertificate = function(primaryKey) { if (!this.selfCertifications) { return null; } var validCert = []; for (var i = 0; i < this.selfCertifications.length; i++) { if (this.isRevoked(this.selfCertifications[i], primaryKey)) { continue; } if (!this.selfCertifications[i].isExpired() && (this.selfCertifications[i].verified || this.selfCertifications[i].verify(primaryKey, {userid: this.userId || this.userAttribute, key: primaryKey}))) { validCert.push(this.selfCertifications[i]); } } // most recent first validCert = validCert.sort(function(a, b) { a = a.created; b = b.created; return a>b ? -1 : a (this.subKey.created.getTime() + this.subKey.expirationTimeV3*24*3600*1000)) { return enums.keyStatus.expired; } // check subkey binding signature if (!this.bindingSignature) { return enums.keyStatus.invalid; } if (this.bindingSignature.isExpired()) { return enums.keyStatus.expired; } if (!(this.bindingSignature.verified || this.bindingSignature.verify(primaryKey, {key: primaryKey, bind: this.subKey}))) { return enums.keyStatus.invalid; } // check V4 expiration time if (this.subKey.version == 4 && this.bindingSignature.keyNeverExpires === false && Date.now() > (this.subKey.created.getTime() + this.bindingSignature.keyExpirationTime*1000)) { return enums.keyStatus.expired; } return enums.keyStatus.valid; }; /** * Reads an OpenPGP armored text and returns one or multiple key objects * @param {String} armoredText text to be parsed * @return {{keys: Array, err: (Array|null)}} result object with key and error arrays * @static */ function readArmored(armoredText) { var result = {}; result.keys = []; try { var input = armor.decode(armoredText); if (!(input.type == enums.armor.public_key || input.type == enums.armor.private_key)) { throw new Error('Armored text not of type key'); } var packetlist = new packet.list(); packetlist.read(input.data); var keyIndex = packetlist.indexOfTag(enums.packet.public_key, enums.packet.secret_key); if (keyIndex.length === 0) { throw new Error('No key packet found in armored text'); } for (var i = 0; i < keyIndex.length; i++) { var oneKeyList = packetlist.slice(keyIndex[i], keyIndex[i + 1]); try { var newKey = new Key(oneKeyList); result.keys.push(newKey); } catch (e) { result.err = result.err || []; result.err.push(e); } } } catch (e) { result.err = result.err || []; result.err.push(e); } return result; } /** * Generates a new OpenPGP key. Currently only supports RSA keys. * Primary and subkey will be of same type. * @param {Integer} keyType to indicate what type of key to make. * RSA is 1. See http://tools.ietf.org/html/rfc4880#section-9.1 * @param {Integer} numBits number of bits for the key creation. * @param {String} userId assumes already in form of "User Name " * @param {String} passphrase The passphrase used to encrypt the resulting private key * @return {module:key~Key} * @static */ function generate(keyType, numBits, userId, passphrase) { var packetlist = new packet.list(); var secretKeyPacket = new packet.secret_key(); secretKeyPacket.algorithm = enums.read(enums.publicKey, keyType); secretKeyPacket.generate(numBits); secretKeyPacket.encrypt(passphrase); var userIdPacket = new packet.userid(); userIdPacket.read(userId); var dataToSign = {}; dataToSign.userid = userIdPacket; dataToSign.key = secretKeyPacket; var signaturePacket = new packet.signature(); signaturePacket.signatureType = enums.signature.cert_generic; signaturePacket.publicKeyAlgorithm = keyType; //TODO we should load preferred hash from config, or as input to this function signaturePacket.hashAlgorithm = enums.hash.sha256; signaturePacket.keyFlags = [enums.keyFlags.certify_keys | enums.keyFlags.sign_data]; signaturePacket.sign(secretKeyPacket, dataToSign); var secretSubkeyPacket = new packet.secret_subkey(); secretSubkeyPacket.algorithm = enums.read(enums.publicKey, keyType); secretSubkeyPacket.generate(numBits); secretSubkeyPacket.encrypt(passphrase); dataToSign = {}; dataToSign.key = secretKeyPacket; dataToSign.bind = secretSubkeyPacket; var subkeySignaturePacket = new packet.signature(); subkeySignaturePacket.signatureType = enums.signature.subkey_binding; subkeySignaturePacket.publicKeyAlgorithm = keyType; //TODO we should load preferred hash from config, or as input to this function subkeySignaturePacket.hashAlgorithm = enums.hash.sha256; subkeySignaturePacket.keyFlags = [enums.keyFlags.encrypt_communication | enums.keyFlags.encrypt_storage]; subkeySignaturePacket.sign(secretKeyPacket, dataToSign); packetlist.push(secretKeyPacket); packetlist.push(userIdPacket); packetlist.push(signaturePacket); packetlist.push(secretSubkeyPacket); packetlist.push(subkeySignaturePacket); return new Key(packetlist); } exports.Key = Key; exports.readArmored = readArmored; exports.generate = generate;