suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
43fb58404d
fork-openpgpjs/src/config/config.js
larabr 43fb58404d
Simplify algorithm preference selection and normalize config names (#1262) 
- Rename `config.compression` to `config.preferredCompressionAlgorithm`
- Rename `config.encryptionCipher` to `config.preferredSymmetricAlgorithm`
- Rename `config.preferHashAlgorithm` to `config.preferredHashAlgorithm`
- Rename `config.aeadMode` to `config.preferredAeadAlgorithm`
- When encrypting to public keys, the compression/aead/symmetric algorithm is selected by:
  - taking the preferred algorithm specified in config, if it is supported by all recipients
  - otherwise, taking the "MUST implement" algorithm specified by rfc4880bis
- When encrypting to passphrases only (no public keys), the preferred algorithms from `config` are always used
- EdDSA signing with a hash algorithm weaker than sha256 is explicitly disallowed (https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2)
2021-03-10 18:06:03 +01:00

193 lines
7.2 KiB
JavaScript
Raw Blame History

// GPG4Browsers - An OpenPGP implementation in javascript
// Copyright (C) 2011 Recurity Labs GmbH
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 3.0 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
/**
* Global configuration values.
*/
import enums from '../enums';
export default {
/**
* @memberof module:config
* @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}
*/
preferredHashAlgorithm: enums.hash.sha256,
/**
* @memberof module:config
* @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}
*/
preferredSymmetricAlgorithm: enums.symmetric.aes256,
/**
* @memberof module:config
* @property {Integer} compression Default compression algorithm {@link module:enums.compression}
*/
preferredCompressionAlgorithm: enums.compression.uncompressed,
/**
* @memberof module:config
* @property {Integer} deflateLevel Default zip/zlib compression level, between 1 and 9
*/
deflateLevel: 6,
/**
* Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.
* Note: not all OpenPGP implementations are compatible with this option.
* **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**
* @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-07|RFC4880bis-07}
* @memberof module:config
* @property {Boolean} aeadProtect
*/
aeadProtect: false,
/**
* Default Authenticated Encryption with Additional Data (AEAD) encryption mode
* Only has an effect when aeadProtect is set to true.
* @memberof module:config
* @property {Integer} preferredAeadAlgorithm Default AEAD mode {@link module:enums.aead}
*/
preferredAeadAlgorithm: enums.aead.eax,
/**
* Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode
* Only has an effect when aeadProtect is set to true.
* Must be an integer value from 0 to 56.
* @memberof module:config
* @property {Integer} aeadChunkSizeByte
*/
aeadChunkSizeByte: 12,
/**
* Use V5 keys.
* Note: not all OpenPGP implementations are compatible with this option.
* **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**
* @memberof module:config
* @property {Boolean} v5Keys
*/
v5Keys: false,
/**
* {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}:
* Iteration Count Byte for S2K (String to Key)
* @memberof module:config
* @property {Integer} s2kIterationCountByte
*/
s2kIterationCountByte: 224,
/**
* Allow decryption of messages without integrity protection.
* This is an **insecure** setting:
* - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.
* - it enables downgrade attacks against integrity-protected messages.
* @memberof module:config
* @property {Boolean} allowUnauthenticatedMessages
*/
allowUnauthenticatedMessages: false,
/**
* Allow streaming unauthenticated data before its integrity has been checked.
* This setting is **insecure** if the partially decrypted message is processed further or displayed to the user.
* @memberof module:config
* @property {Boolean} allowUnauthenticatedStream
*/
allowUnauthenticatedStream: false,
/**
* @memberof module:config
* @property {Boolean} checksumRequired Do not throw error when armor is missing a checksum
*/
checksumRequired: false,
/**
* @memberof module:config
* @property {Number} minRsaBits Minimum RSA key size allowed for key generation
*/
minRsaBits: 2048,
/**
* Work-around for rare GPG decryption bug when encrypting with multiple passwords.
* **Slower and slightly less secure**
* @memberof module:config
* @property {Boolean} passwordCollisionCheck
*/
passwordCollisionCheck: false,
/**
* @memberof module:config
* @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored
*/
revocationsExpire: false,
/**
* Allow decryption using RSA keys without `encrypt` flag.
* This setting is potentially insecure, but it is needed to get around an old openpgpjs bug
* where key flags were ignored when selecting a key for encryption.
* @memberof module:config
* @property {Boolean} allowInsecureDecryptionWithSigningKeys
*/
allowInsecureDecryptionWithSigningKeys: false,
/**
* @memberof module:config
* @property {Integer} minBytesForWebCrypto The minimum amount of bytes for which to use native WebCrypto APIs when available
*/
minBytesForWebCrypto: 1000,
/**
* @memberof module:config
* @property {Boolean} tolerant Ignore unsupported/unrecognizable packets instead of throwing an error
*/
tolerant: true,
/**
* @memberof module:config
* @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages
*/
showVersion: false,
/**
* @memberof module:config
* @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages
*/
showComment: false,
/**
* @memberof module:config
* @property {String} versionString A version string to be included in armored messages
*/
versionString: "OpenPGP.js VERSION",
/**
* @memberof module:config
* @property {String} commentString A comment string to be included in armored messages
*/
commentString: "https://openpgpjs.org",
/**
* Max userid string length (used for parsing)
* @memberof module:config
* @property {Integer} maxUseridLength
*/
maxUseridLength: 1024 * 5,
/**
* Contains notatations that are considered "known". Known notations do not trigger
* validation error when the notation is marked as critical.
* @memberof module:config
* @property {Array} knownNotations
*/
knownNotations: ["preferred-email-encoding@pgp.com", "pka-address@gnupg.org"],
/**
* @memberof module:config
* @property {Boolean} useIndutnyElliptic Whether to use the indutny/elliptic library. When false, certain curves will not be supported.
*/
useIndutnyElliptic: true,
/**
* @memberof module:config
* @property {Set<Integer>} reject_hash_algorithms Reject insecure hash algorithms {@link module:enums.hash}
*/
rejectHashAlgorithms: new globalThis.Set([enums.hash.md5, enums.hash.ripemd]),
/**
* @memberof module:config
* @property {Set<Integer>} reject_message_hash_algorithms Reject insecure message hash algorithms {@link module:enums.hash}
*/
rejectMessageHashAlgorithms: new globalThis.Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1])
};
Reference in New Issue View Git Blame Copy Permalink