Drop enums.publicKey.eddsa in favour of enums.publicKey.eddsaLegacy

The crypto-refresh has standardised a new key format for EdDSA, whose algorithm identifier are `enums.publicKey.ed25519` and `.ed448`
2025-06-06 14:16:42 +00:00 · 2023-09-07 19:36:42 +02:00 · 2023-09-07 19:36:42 +02:00 · 0b7a5f69fa
commit 0b7a5f69fa
parent 24c644207d
5 changed files with 14 additions and 20 deletions
--- a/openpgp.d.ts
+++ b/openpgp.d.ts
@ -816,7 +816,7 @@ export namespace enums {
    aeadEncryptedData = 20,
  }

-  export type publicKeyNames = 'rsaEncryptSign' | 'rsaEncrypt' | 'rsaSign' | 'elgamal' | 'dsa' | 'ecdh' | 'ecdsa' | 'eddsa' | 'ed25519Legacy' | 'aedh' | 'aedsa' | 'ed25519' | 'x25519' | 'ed448' | 'x448';
+  export type publicKeyNames = 'rsaEncryptSign' | 'rsaEncrypt' | 'rsaSign' | 'elgamal' | 'dsa' | 'ecdh' | 'ecdsa' | 'eddsaLegacy' | 'aedh' | 'aedsa' | 'ed25519' | 'x25519' | 'ed448' | 'x448';
  enum publicKey {
    rsaEncryptSign = 1,
    rsaEncrypt = 2,
@ -825,8 +825,6 @@ export namespace enums {
    dsa = 17,
    ecdh = 18,
    ecdsa = 19,
-    /** @deprecated use `eddsaLegacy` instead */
-    eddsa = 22,
    eddsaLegacy = 22,
    aedh = 23,
    aedsa = 24,
--- a/src/enums.js
+++ b/src/enums.js
@ -116,11 +116,7 @@ export default {
    ecdsa: 19,
    /** EdDSA (Sign only) - deprecated by crypto-refresh (replaced by `ed25519` identifier below)
     * [{@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}] */
-    eddsaLegacy: 22, // NB: this is declared before `eddsa` to translate 22 to 'eddsa' for backwards compatibility
-    /** @deprecated use `eddsaLegacy` instead */
-    ed25519Legacy: 22,
-    /** @deprecated use `eddsaLegacy` instead */
-    eddsa: 22,
+    eddsaLegacy: 22,
    /** Reserved for AEDH */
    aedh: 23,
    /** Reserved for AEDSA */
--- a/test/general/config.js
+++ b/test/general/config.js
@ -369,10 +369,10 @@ n9/quqtmyOtYOA6gXNCw0Fal3iANKBmsPmYI

    await expect(openpgp.sign({
      message, signingKeys: [key], config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.eddsaLegacy]) }
-    })).to.be.eventually.rejectedWith(/eddsa keys are considered too weak/);
+    })).to.be.eventually.rejectedWith(/eddsaLegacy keys are considered too weak/);
    await expect(openpgp.sign({
      message, signingKeys: [key], config: { rejectCurves: new Set([openpgp.enums.curve.ed25519Legacy]) }
-    })).to.be.eventually.rejectedWith(/Support for eddsa keys using curve ed25519 is disabled/);
+    })).to.be.eventually.rejectedWith(/Support for eddsaLegacy keys using curve ed25519 is disabled/);
  });

  it('openpgp.verify', async function() {
@ -416,7 +416,7 @@ n9/quqtmyOtYOA6gXNCw0Fal3iANKBmsPmYI
      config: { rejectPublicKeyAlgorithms: new Set([openpgp.enums.publicKey.eddsaLegacy]) }
    };
    const { signatures: [sig4] } = await openpgp.verify(opt4);
-    await expect(sig4.verified).to.be.rejectedWith(/eddsa keys are considered too weak/);
+    await expect(sig4.verified).to.be.rejectedWith(/eddsaLegacy keys are considered too weak/);

    const opt5 = {
      message: await openpgp.readMessage({ armoredMessage: signed }),
@ -424,7 +424,7 @@ n9/quqtmyOtYOA6gXNCw0Fal3iANKBmsPmYI
      config: { rejectCurves: new Set([openpgp.enums.curve.ed25519Legacy]) }
    };
    const { signatures: [sig5] } = await openpgp.verify(opt5);
-    await expect(sig5.verified).to.be.eventually.rejectedWith(/Support for eddsa keys using curve ed25519 is disabled/);
+    await expect(sig5.verified).to.be.eventually.rejectedWith(/Support for eddsaLegacy keys using curve ed25519 is disabled/);
  });

  describe('detects unknown config property', async function() {
--- a/test/general/key.js
+++ b/test/general/key.js
@ -2467,7 +2467,7 @@ function versionSpecificTests() {
    const opt = { userIDs: [userID], format: 'object' };
    return openpgp.generateKey(opt).then(function({ privateKey: key }) {
      expect(key.isDecrypted()).to.be.true;
-      expect(key.getAlgorithmInfo().algorithm).to.equal('eddsa');
+      expect(key.getAlgorithmInfo().algorithm).to.equal('eddsaLegacy');
      expect(key.users.length).to.equal(1);
      expect(key.users[0].userID.userID).to.equal('test <a@b.com>');
      expect(key.users[0].selfCertifications[0].isPrimaryUserID).to.be.true;
@ -2567,7 +2567,7 @@ function versionSpecificTests() {
      expect(key.subkeys).to.have.length(2);
      expect(key.subkeys[0].getAlgorithmInfo().algorithm).to.equal('ecdh');
      expect(await key.getEncryptionKey()).to.equal(key.subkeys[0]);
-      expect(key.subkeys[1].getAlgorithmInfo().algorithm).to.equal('eddsa');
+      expect(key.subkeys[1].getAlgorithmInfo().algorithm).to.equal('eddsaLegacy');
      expect(await key.getSigningKey()).to.equal(key.subkeys[1]);
    });
  });
@ -2585,7 +2585,7 @@ function versionSpecificTests() {
      expect(key.subkeys).to.have.length(2);
      expect(key.subkeys[0].getAlgorithmInfo().algorithm).to.equal('ecdh');
      expect(await key.getEncryptionKey()).to.equal(key.subkeys[0]);
-      expect(key.subkeys[1].getAlgorithmInfo().algorithm).to.equal('eddsa');
+      expect(key.subkeys[1].getAlgorithmInfo().algorithm).to.equal('eddsaLegacy');
      expect(await key.getSigningKey()).to.equal(key.subkeys[1]);
    });
  });
@ -4344,7 +4344,7 @@ XvmoLueOOShu01X/kaylMqaT8w==
      const subkeyOid = subkey2.keyPacket.publicParams.oid;
      const pkOid = privateKey.keyPacket.publicParams.oid;
      expect(subkeyOid.getName()).to.be.equal(pkOid.getName());
-      expect(subkey2.getAlgorithmInfo().algorithm).to.be.equal('eddsa');
+      expect(subkey2.getAlgorithmInfo().algorithm).to.be.equal('eddsaLegacy');
      await subkey2.verify();
    });

@ -4359,7 +4359,7 @@ XvmoLueOOShu01X/kaylMqaT8w==
      expect(newPrivateKey.subkeys.length).to.be.equal(total + 1);
      expect(newPrivateKey.getAlgorithmInfo().curve).to.be.equal('ed25519');
      expect(subkey.getAlgorithmInfo().curve).to.be.equal('p256');
-      expect(newPrivateKey.getAlgorithmInfo().algorithm).to.be.equal('eddsa');
+      expect(newPrivateKey.getAlgorithmInfo().algorithm).to.be.equal('eddsaLegacy');
      expect(subkey.getAlgorithmInfo().algorithm).to.be.equal('ecdsa');

      await subkey.verify();
@ -4427,7 +4427,7 @@ XvmoLueOOShu01X/kaylMqaT8w==
      const subkeyOid = subkey.keyPacket.publicParams.oid;
      const pkOid = newPrivateKey.keyPacket.publicParams.oid;
      expect(subkeyOid.getName()).to.be.equal(pkOid.getName());
-      expect(subkey.getAlgorithmInfo().algorithm).to.be.equal('eddsa');
+      expect(subkey.getAlgorithmInfo().algorithm).to.be.equal('eddsaLegacy');
      await subkey.verify();
      expect(await newPrivateKey.getSigningKey()).to.be.equal(subkey);
      const signed = await openpgp.sign({ message: await openpgp.createMessage({ text: 'the data to signed' }), signingKeys: newPrivateKey, format: 'binary' });
--- a/test/general/x25519.js
+++ b/test/general/x25519.js
@ -396,7 +396,7 @@ function omnibus() {
      const primaryKey = hi.keyPacket;
      const subkey = hi.subkeys[0];
      expect(hi.getAlgorithmInfo().curve).to.equal('ed25519');
-      expect(hi.getAlgorithmInfo().algorithm).to.equal('eddsa');
+      expect(hi.getAlgorithmInfo().algorithm).to.equal('eddsaLegacy');
      expect(subkey.getAlgorithmInfo().curve).to.equal('curve25519');
      expect(subkey.getAlgorithmInfo().algorithm).to.equal('ecdh');

@ -416,7 +416,7 @@ function omnibus() {

      return openpgp.generateKey(options).then(async function({ privateKey: bye }) {
        expect(bye.getAlgorithmInfo().curve).to.equal('ed25519');
-        expect(bye.getAlgorithmInfo().algorithm).to.equal('eddsa');
+        expect(bye.getAlgorithmInfo().algorithm).to.equal('eddsaLegacy');
        expect(bye.subkeys[0].getAlgorithmInfo().curve).to.equal('curve25519');
        expect(bye.subkeys[0].getAlgorithmInfo().algorithm).to.equal('ecdh');