diff --git a/.eslintrc.js b/.eslintrc.cjs
similarity index 67%
rename from .eslintrc.js
rename to .eslintrc.cjs
index 6a58bb27..1be7c193 100644
--- a/.eslintrc.js
+++ b/.eslintrc.cjs
@@ -1,8 +1,15 @@
module.exports = {
- 'extends': 'airbnb-base',
+ 'extends': [
+ 'airbnb-base',
+ 'airbnb-typescript/base'
+ ],
+
+ 'parser': '@typescript-eslint/parser',
+
'parserOptions': {
'ecmaVersion': 11,
- 'sourceType': 'module'
+ 'sourceType': 'module',
+ 'project': 'tsconfig.json'
},
'env': {
@@ -12,10 +19,18 @@ module.exports = {
},
'plugins': [
+ '@typescript-eslint',
'chai-friendly',
- 'import'
+ 'import',
+ 'unicorn'
],
+ 'settings': {
+ 'import/resolver': {
+ 'typescript': {}
+ }
+ },
+
'globals': { // TODO are all these necessary?
'globalThis': true,
'console': true,
@@ -42,11 +57,11 @@ module.exports = {
'arrow-body-style': 'off',
'arrow-parens': ['error','as-needed'],
'class-methods-use-this': 'off',
- 'comma-dangle': ['error', 'never'],
- 'comma-spacing': 'off',
+ '@typescript-eslint/comma-dangle': ['error', 'never'],
+ '@typescript-eslint/comma-spacing': 'off',
'consistent-return': 'off',
'default-case': 'off',
- 'default-param-last': 'off',
+ '@typescript-eslint/default-param-last': 'off',
'eol-last': ['error', 'always'],
'function-call-argument-newline': 'off',
'func-names': ['error', 'never'],
@@ -67,7 +82,7 @@ module.exports = {
'no-plusplus': 'off',
'no-restricted-syntax': ['error', 'ForInStatement', 'LabeledStatement', 'WithStatement'],
'object-curly-newline': 'off',
- 'no-shadow': 'off', // TODO get rid of this
+ '@typescript-eslint/no-shadow': 'off', // TODO get rid of this
'object-property-newline': [
'error',
{
@@ -88,31 +103,38 @@ module.exports = {
'prefer-template': 'off',
'quote-props': 'off',
'quotes': ['error', 'single', { 'avoidEscape': true }],
- 'space-before-function-paren': 'off',
+ '@typescript-eslint/space-before-function-paren': ['error', { 'anonymous': 'ignore', 'named': 'never', 'asyncArrow': 'always' }],
'spaced-comment': 'off',
- 'indent': ['error', 2, { 'SwitchCase': 1 }],
- 'no-unused-vars': 'error',
+ 'indent': 'off',
+ '@typescript-eslint/indent': ['error', 2, { 'SwitchCase': 1 }],
+ 'no-unused-vars': 'off',
+ '@typescript-eslint/no-unused-vars': 'error',
// eslint-plugin-import rules:
'import/named': 'error',
- 'import/extensions': 'error',
+ 'import/extensions': 'off', // temporary: we use them in tests (ESM compliant), but not in the lib (to limit diff)
+ 'import/first': 'off',
'import/no-extraneous-dependencies': ['error', { 'devDependencies': true, 'optionalDependencies': false, 'peerDependencies': false }],
'import/no-unassigned-import': 'error',
+ 'import/no-unresolved': 'error',
'import/prefer-default-export': 'off',
// Custom silencers:
- 'camelcase': 'off', // used in tests, need to fix separately
'no-multi-assign': 'off',
'no-underscore-dangle': 'off',
'no-await-in-loop': 'off',
+ 'camelcase': 'off', // snake_case used in tests, need to fix separately
+ '@typescript-eslint/naming-convention': 'off', // supersedes 'camelcase' rule
+ '@typescript-eslint/lines-between-class-members': 'off',
// Custom errors:
- 'no-use-before-define': [2, { 'functions': false, 'classes': true, 'variables': false }],
+ '@typescript-eslint/no-use-before-define': ['error', { 'functions': false, 'classes': true, 'variables': false, 'allowNamedExports': true }],
'no-constant-condition': [2, { 'checkLoops': false }],
'new-cap': [2, { 'properties': false, 'capIsNewExceptionPattern': 'EAX|OCB|GCM|CMAC|CBC|OMAC|CTR', 'newIsCapExceptionPattern': 'type|hash*' }],
'max-lines': [2, { 'max': 620, 'skipBlankLines': true, 'skipComments': true }],
- 'no-unused-expressions': 0,
+ '@typescript-eslint/no-unused-expressions': 0,
'chai-friendly/no-unused-expressions': [2, { 'allowShortCircuit': true }],
+ 'unicorn/switch-case-braces': ['error', 'avoid'],
// Custom warnings:
'no-console': 1
diff --git a/.github/.dependabot.yml b/.github/.dependabot.yml
new file mode 100644
index 00000000..fd6f4c38
--- /dev/null
+++ b/.github/.dependabot.yml
@@ -0,0 +1,29 @@
+version: 2
+updates:
+ - package-ecosystem: "npm"
+ directory: "/"
+ schedule:
+ interval: "daily"
+ allow:
+ - dependency-name: "playwright"
+ versioning-strategy: increase
+
+ - package-ecosystem: "npm"
+ directory: "/"
+ schedule:
+ interval: "weekly"
+ allow:
+ - dependency-name: "@noble*"
+ - dependency-name: "fflate"
+ versioning-strategy: increase
+ groups:
+ # Any packages matching the pattern @noble* where the highest resolvable
+ # version is minor or patch will be grouped together.
+ # Grouping rules apply to version updates only.
+ noble:
+ applies-to: version-updates
+ patterns:
+ - "@noble*"
+ update-types:
+ - "minor"
+ - "patch"
\ No newline at end of file
diff --git a/.github/test-suite/config.json.template b/.github/test-suite/config.json.template
index 7dd7e3fb..8e9a9d3f 100644
--- a/.github/test-suite/config.json.template
+++ b/.github/test-suite/config.json.template
@@ -11,7 +11,8 @@
"id": "sop-openpgpjs-main",
"path": "__SOP_OPENPGPJS__",
"env": {
- "OPENPGPJS_PATH": "__OPENPGPJS_MAIN__"
+ "OPENPGPJS_PATH": "__OPENPGPJS_MAIN__",
+ "DISABLE_PROFILES": "true"
}
},
{
@@ -21,10 +22,14 @@
"path": "__GPGME_SOP__"
},
{
- "path": "__GOSOP__"
+ "id": "gosop-v2",
+ "path": "__GOSOP_V2__"
},
{
"path": "__RNP_SOP__"
+ },
+ {
+ "path": "__RSOP__"
}
],
"rlimits": {
diff --git a/.github/test-suite/prepare_config.sh b/.github/test-suite/prepare_config.sh
index debe9add..7cd12984 100755
--- a/.github/test-suite/prepare_config.sh
+++ b/.github/test-suite/prepare_config.sh
@@ -7,7 +7,8 @@ cat $CONFIG_TEMPLATE \
| sed "s@__OPENPGPJS_MAIN__@${OPENPGPJS_MAIN}@g" \
| sed "s@__SQOP__@${SQOP}@g" \
| sed "s@__GPGME_SOP__@${GPGME_SOP}@g" \
- | sed "s@__GOSOP__@${GOSOP}@g" \
- | sed "s@__SOP_OPENPGPJS__@${SOP_OPENPGPJS}@g" \
+ | sed "s@__GOSOP_V2__@${GOSOP_V2}@g" \
+ | sed "s@__SOP_OPENPGPJS__@${SOP_OPENPGPJS_V2}@g" \
| sed "s@__RNP_SOP__@${RNP_SOP}@g" \
+ | sed "s@__RSOP__@${RSOP}@g" \
> $CONFIG_OUTPUT
\ No newline at end of file
diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml
index 8f537a60..81f6145f 100644
--- a/.github/workflows/benchmark.yml
+++ b/.github/workflows/benchmark.yml
@@ -2,7 +2,7 @@ name: Performance Regression Test
on:
pull_request:
- branches: [main]
+ branches: [main, v6]
jobs:
benchmark:
@@ -11,15 +11,17 @@ jobs:
steps:
# check out pull request branch
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
with:
path: pr
# check out main branch (to compare performance)
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
with:
ref: main
path: main
- - uses: actions/setup-node@v3
+ - uses: actions/setup-node@v4
+ with:
+ node-version: '>=20.6.0'
- name: Run pull request time benchmark
run: cd pr && npm install && npm run --silent benchmark-time > benchmarks.txt && cat benchmarks.txt
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 0a9e8c96..a8b7941c 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -4,7 +4,7 @@ on:
push:
branches: [main]
pull_request:
- branches: [main]
+ branches: [main, v6]
jobs:
lint:
@@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-node@v3
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
- run: npm ci --ignore-scripts
- run: npm run docs
diff --git a/.github/workflows/sop-test-suite.yml b/.github/workflows/sop-test-suite.yml
index 39f26c1a..16b56829 100644
--- a/.github/workflows/sop-test-suite.yml
+++ b/.github/workflows/sop-test-suite.yml
@@ -2,7 +2,7 @@ name: SOP interoperability test suite
on:
pull_request:
- branches: [ main ]
+ branches: [ main, v6 ]
jobs:
@@ -10,34 +10,34 @@ jobs:
name: Run interoperability test suite
runs-on: ubuntu-latest
container:
- image: ghcr.io/protonmail/openpgp-interop-test-docker:v1.1.1
+ image: ghcr.io/protonmail/openpgp-interop-test-docker:v1.1.12
credentials:
username: ${{ github.actor }}
password: ${{ secrets.github_token }}
steps:
# check out repo for scripts
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
# check out pull request branch
- name: Checkout openpgpjs-branch
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
path: openpgpjs-branch
- name: Install openpgpjs-branch
run: cd openpgpjs-branch && npm install
- name: Print openpgpjs-branch version
- run: $SOP_OPENPGPJS version --extended
+ run: $SOP_OPENPGPJS_V2 version --extended
env:
OPENPGPJS_PATH: ${{ github.workspace }}/openpgpjs-branch
# check out main branch
- name: Checkout openpgpjs-main
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
with:
ref: main
path: openpgpjs-main
- name: Install openpgpjs-main
run: cd openpgpjs-main && npm install
- name: Print openpgpjs-main version
- run: $SOP_OPENPGPJS version --extended
+ run: $SOP_OPENPGPJS_V2 version --extended
env:
OPENPGPJS_PATH: ${{ github.workspace }}/openpgpjs-main
# Run test suite
@@ -56,12 +56,12 @@ jobs:
RESULTS_HTML: .github/test-suite/test-suite-results.html
# Upload results
- name: Upload test results json artifact
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
name: test-suite-results.json
path: .github/test-suite/test-suite-results.json
- name: Upload test results html artifact
- uses: actions/upload-artifact@v3
+ uses: actions/upload-artifact@v4
with:
name: test-suite-results.html
path: .github/test-suite/test-suite-results.html
@@ -72,16 +72,16 @@ jobs:
needs: test-suite
steps:
- name: Checkout
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Download test results json artifact
id: download-test-results
- uses: actions/download-artifact@v3
+ uses: actions/download-artifact@v4
with:
name: test-suite-results.json
- name: Compare with baseline
- uses: ProtonMail/openpgp-interop-test-analyzer@v1
+ uses: ProtonMail/openpgp-interop-test-analyzer@v2
with:
results: ${{ steps.download-test-results.outputs.download-path }}/test-suite-results.json
output: baseline-comparison.json
baseline: sop-openpgpjs-main
- target: sop-openpgpjs-main
+ target: sop-openpgpjs-branch
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index feed0fbe..291c02b3 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -4,18 +4,18 @@ on:
push:
branches: [main]
pull_request:
- branches: [main]
+ branches: [main, v6]
jobs:
build: # cache both dist and tests (non-lightweight only), based on commit hash
name: Build
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-node@v3
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
- name: Check for cached folders
id: cache-full
- uses: actions/cache@v3
+ uses: actions/cache@v4
with:
path: |
dist
@@ -29,21 +29,22 @@ jobs:
node:
strategy:
+ fail-fast: false # if tests for one version fail, continue with the rest
matrix:
- node-version: [14.x, 16.x, 18.x, 20.x]
+ node-version: [18.x, 20.x, 22.x]
# See supported Node.js release schedule at https://nodejs.org/en/about/releases/
name: Node ${{ matrix.node-version }}
runs-on: ubuntu-latest
needs: build
steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-node@v3
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- run: npm ci --ignore-scripts # for mocha
- name: Retrieve cached folders
- uses: actions/cache/restore@v3
+ uses: actions/cache/restore@v4
id: cache-full
with:
# test/lib is not needed, but the path must be specified fully for a cache-hit
@@ -56,15 +57,22 @@ jobs:
test-browsers-latest:
name: Browsers (latest)
- runs-on: ubuntu-latest
needs: build
+ strategy:
+ fail-fast: false # if tests for one version fail, continue with the rest
+ matrix:
+ # run on all main platforms to test platform-specific code, if present
+ # (e.g. webkit's WebCrypto API implementation is different in macOS vs Linux)
+ # TODO: windows-latest fails to fetch resources from the wtr server; investigate if the problem is with path declaration or permissions
+ runner: ['ubuntu-latest', 'macos-latest']
+ runs-on: ${{ matrix.runner }}
steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-node@v3
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
- name: Retrieve cached built folders
- uses: actions/cache/restore@v3
+ uses: actions/cache/restore@v4
id: cache-full
with:
path: |
@@ -78,33 +86,35 @@ jobs:
npm pkg delete scripts.prepare
npm ci
- - name: Get Playwright version
+ - name: Get Playwright version and cache location
id: playwright-version
run: |
- PLAYWRIGHT_VERSION=$(npm ls playwright | grep playwright | sed 's/.*@//')
+ PLAYWRIGHT_VERSION=$(npm ls playwright --depth=0 | grep playwright | sed 's/.*@//')
echo "version=$PLAYWRIGHT_VERSION" >> $GITHUB_OUTPUT
+ PLAYWRIGHT_CACHE=${{ fromJSON('{"ubuntu-latest": "~/.cache/ms-playwright", "macos-latest": "~/Library/Caches/ms-playwright"}')[matrix.runner] }}
+ echo "playwright_cache=$PLAYWRIGHT_CACHE" >> $GITHUB_OUTPUT
- name: Check for cached browsers
id: cache-playwright-browsers
- uses: actions/cache@v3
+ uses: actions/cache@v4
with:
- path: ~/.cache/ms-playwright
- key: playwright-browsers-${{ steps.playwright-version.outputs.version }}
+ path: ${{ steps.playwright-version.outputs.playwright_cache }}
+ key: playwright-browsers-${{ matrix.runner }}-${{ steps.playwright-version.outputs.version }}
- name: Install browsers
if: steps.cache-playwright-browsers.outputs.cache-hit != 'true'
run: |
- npx playwright install-deps chrome
- npx playwright install-deps firefox
+ npx playwright install --with-deps chromium
+ npx playwright install --with-deps firefox
- name: Install WebKit # caching not possible, external shared libraries required
- run: npx playwright install-deps webkit
+ run: npx playwright install --with-deps webkit
- name: Run browser tests
- run: npm run test-browser
+ run: npm run test-browser:ci -- --static-logging
- name: Run browser tests (lightweight) # overwrite test/lib
run: |
npm run build-test --lightweight
- npm run test-browser
+ npm run test-browser:ci -- --static-logging
test-browsers-compatibility:
name: Browsers (older, on Browserstack)
@@ -115,14 +125,23 @@ jobs:
BROWSERSTACK_ACCESS_KEY: VjgBVRMxNVBj7SjJFiau
steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-node@v3
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
+
+ - name: Generate self-signed HTTPS certificates for web-test-runner server
+ uses: kofemann/action-create-certificate@v0.0.4
+ with:
+ hostcert: '127.0.0.1.pem'
+ hostkey: '127.0.0.1-key.pem'
+ cachain: 'ca-chain.pem'
+ - name: Adjust HTTPS certificates permissions
+ run: sudo chown runner:docker *.pem
- name: Install dependencies
run: npm ci --ignore-scripts
- name: Retrieve cached dist folder
- uses: actions/cache/restore@v3
+ uses: actions/cache/restore@v4
id: cache-full
with:
path: |
@@ -138,12 +157,12 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Run browserstack tests
- run: npm run test-browserstack
+ run: npm run test-browserstack -- --static-logging
- name: Run browserstack tests (lightweight) # overwrite test/lib
run: |
npm run build-test --lightweight
- npm run test-browserstack
+ npm run test-browserstack -- --static-logging
env:
LIGHTWEIGHT: true
@@ -153,11 +172,11 @@ jobs:
needs: build
steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-node@v3
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
- run: npm ci --ignore-scripts # TS
- name: Retrieve cached folders
- uses: actions/cache/restore@v3
+ uses: actions/cache/restore@v4
id: cache-full
with:
path: |
@@ -172,11 +191,11 @@ jobs:
needs: build
steps:
- - uses: actions/checkout@v3
- - uses: actions/setup-node@v3
+ - uses: actions/checkout@v4
+ - uses: actions/setup-node@v4
- run: npm ci --ignore-scripts # linter
- name: Retrieve cached folders
- uses: actions/cache/restore@v3
+ uses: actions/cache/restore@v4
id: cache-full
with:
path: |
diff --git a/.gitignore b/.gitignore
index 805fe8d3..5781473f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,4 @@ test/lib/
test/typescript/definitions.js
dist/
openpgp.store/
-.nyc_output/
+coverage
diff --git a/.jsdocrc.js b/.jsdocrc.cjs
similarity index 100%
rename from .jsdocrc.js
rename to .jsdocrc.cjs
diff --git a/.mocharc.json b/.mocharc.json
new file mode 100644
index 00000000..7b963c2d
--- /dev/null
+++ b/.mocharc.json
@@ -0,0 +1,6 @@
+{
+ "node-option": [
+ "experimental-specifier-resolution=node",
+ "loader=ts-node/esm"
+ ]
+}
diff --git a/README.md b/README.md
index 1f719ee4..deddede6 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
-OpenPGP.js [](https://automate.browserstack.com/public-build/N1l2eHFOanVBMU9wYWxJM3ZnWERnc1lidkt5UkRqa3BralV3SWVhOGpGTT0tLVljSjE4Z3dzVmdiQjl6RWgxb2c3T2c9PQ==--5864052cd523f751b6b907d547ac9c4c5f88c8a3) [](https://gitter.im/openpgpjs/openpgpjs?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+OpenPGP.js [](https://gitter.im/openpgpjs/openpgpjs?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
==========
-[OpenPGP.js](https://openpgpjs.org/) is a JavaScript implementation of the OpenPGP protocol. It implements [RFC4880](https://tools.ietf.org/html/rfc4880) and parts of [RFC4880bis](https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10).
+[OpenPGP.js](https://openpgpjs.org/) is a JavaScript implementation of the OpenPGP protocol. It implements [RFC9580](https://datatracker.ietf.org/doc/rfc9580/) (superseding [RFC4880](https://tools.ietf.org/html/rfc4880) and [RFC4880bis](https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10)).
**Table of Contents**
@@ -33,61 +33,59 @@ OpenPGP.js [ bundle works with recent versions of Chrome, Firefox, Edge and Safari 14+.
-* The `dist/node/openpgp.min.js` bundle works well in Node.js. It is used by default when you `require('openpgp')` in Node.js.
+* The `dist/node/openpgp.min.mjs` (or `.cjs`) bundle works in Node.js v18+: it is used by default when you `import ... from 'openpgp'` (resp. `require('openpgp')`).
-* Currently, Chrome, Safari and Edge have partial implementations of the
-[Streams specification](https://streams.spec.whatwg.org/), and Firefox
-has a partial implementation behind feature flags. Chrome is the only
-browser that implements `TransformStream`s, which we need, so we include
-a [polyfill](https://github.com/MattiasBuelens/web-streams-polyfill) for
-all other browsers. Please note that in those browsers, the global
-`ReadableStream` property gets overwritten with the polyfill version if
-it exists. In some edge cases, you might need to use the native
+* Streaming support:
+ * in browsers: the latest versions of Chrome, Firefox, Edge and Safari implement the
+[Streams specification](https://streams.spec.whatwg.org/), including `TransformStream`s.
+These are needed if you use the library with streamed inputs.
+In previous versions of OpenPGP.js, WebStreams were automatically polyfilled by the library,
+but from v6 this task is left up to the library user, due to the more extensive browser support, and the
+polyfilling side-effects. If you're working with [older browsers versions which do not implement e.g. TransformStreams](https://developer.mozilla.org/en-US/docs/Web/API/TransformStream), you can manually
+load [WebStream polyfill](https://github.com/MattiasBuelens/web-streams-polyfills).
+Please note that when you load the polyfills, the global `ReadableStream` property (if it exists) gets overwritten with the polyfill version.
+In some edge cases, you might need to use the native
`ReadableStream` (for example when using it to create a `Response`
object), in which case you should store a reference to it before loading
-OpenPGP.js. There is also the
-[web-streams-adapter](https://github.com/MattiasBuelens/web-streams-adapter)
+the polyfills. There is also the [web-streams-adapter](https://github.com/MattiasBuelens/web-streams-adapter)
library to convert back and forth between them.
+ * in Node.js: OpenPGP.js v6 no longer supports native Node `Readable` streams in input, and instead expects (and outputs) [Node's WebStreams](https://nodejs.org/api/webstreams.html#class-readablestream). [Node v17+ includes utilities to convert from and to Web Streams](https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options).
+
### Performance
-* Version 3.0.0 of the library introduces support for public-key cryptography using [elliptic curves](https://wiki.gnupg.org/ECC). We use native implementations on browsers and Node.js when available. Elliptic curve cryptography provides stronger security per bits of key, which allows for much faster operations. Currently the following curves are supported:
+* Version 3.0.0 of the library introduced support for public-key cryptography using [elliptic curves](https://wiki.gnupg.org/ECC). We use native implementations on browsers and Node.js when available. Compared to RSA, elliptic curve cryptography provides stronger security per bits of key, which allows for much faster operations. Currently the following curves are supported:
| Curve | Encryption | Signature | NodeCrypto | WebCrypto | Constant-Time |
|:---------------:|:----------:|:---------:|:----------:|:---------:|:-----------------:|
- | curve25519 | ECDH | N/A | No | No | Algorithmically** |
- | ed25519 | N/A | EdDSA | No | No | Algorithmically** |
- | p256 | ECDH | ECDSA | Yes* | Yes* | If native*** |
- | p384 | ECDH | ECDSA | Yes* | Yes* | If native*** |
- | p521 | ECDH | ECDSA | Yes* | Yes* | If native*** |
- | brainpoolP256r1 | ECDH | ECDSA | Yes* | No | If native*** |
- | brainpoolP384r1 | ECDH | ECDSA | Yes* | No | If native*** |
- | brainpoolP512r1 | ECDH | ECDSA | Yes* | No | If native*** |
- | secp256k1 | ECDH | ECDSA | Yes* | No | If native*** |
+ | curve25519 | ECDH | N/A | No | No | Algorithmically |
+ | ed25519 | N/A | EdDSA | No | Yes* | If native** |
+ | nistP256 | ECDH | ECDSA | Yes* | Yes* | If native** |
+ | nistP384 | ECDH | ECDSA | Yes* | Yes* | If native** |
+ | nistP521 | ECDH | ECDSA | Yes* | Yes* | If native** |
+ | brainpoolP256r1 | ECDH | ECDSA | Yes* | No | If native** |
+ | brainpoolP384r1 | ECDH | ECDSA | Yes* | No | If native** |
+ | brainpoolP512r1 | ECDH | ECDSA | Yes* | No | If native** |
+ | secp256k1 | ECDH | ECDSA | Yes* | No | If native** |
- \* when available
- \** the curve25519 and ed25519 implementations are algorithmically constant-time, but may not be constant-time after optimizations of the JavaScript compiler
- \*** these curves are only constant-time if the underlying native implementation is available and constant-time
-
-* Version 2.x of the library has been built from the ground up with Uint8Arrays. This allows for much better performance and memory usage than strings.
+ \* when available
+ \** these curves are only constant-time if the underlying native implementation is available and constant-time
* If the user's browser supports [native WebCrypto](https://caniuse.com/#feat=cryptography) via the `window.crypto.subtle` API, this will be used. Under Node.js the native [crypto module](https://nodejs.org/api/crypto.html#crypto_crypto) is used.
-* The library implements the [RFC4880bis proposal](https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10) for authenticated encryption using native AES-EAX, OCB, or GCM. This makes symmetric encryption up to 30x faster on supported platforms. Since the specification has not been finalized and other OpenPGP implementations haven't adopted it yet, the feature is currently behind a flag. **Note: activating this setting can break compatibility with other OpenPGP implementations, and also with future versions of OpenPGP.js. Don't use it with messages you want to store on disk or in a database.** You can enable it by setting `openpgp.config.aeadProtect = true`.
+* The library implements authenticated encryption (AEAD) as per [RFC9580](https://datatracker.ietf.org/doc/rfc9580/) using AES-GCM, OCB, or EAX. This makes symmetric encryption faster on platforms with native implementations. However, since the specification is very recent and other OpenPGP implementations are in the process of adopting it, the feature is currently behind a flag. **Note: activating this setting can break compatibility with other OpenPGP implementations which have yet to implement the feature.** You can enable it by setting `openpgp.config.aeadProtect = true`.
+Note that this setting has a different effect from the one in OpenPGP.js v5, which implemented support for a provisional version of AEAD from [RFC4880bis](https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10), which was modified in RFC9580.
You can change the AEAD mode by setting one of the following options:
```
- openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.eax // Default, native
- openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.ocb // Non-native
- openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.experimentalGCM // **Non-standard**, fastest
+ openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.gcm; // Default, native in WebCrypto and Node.js
+ openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.ocb; // Non-native, but supported across RFC9580 implementations
+ openpgp.config.preferredAEADAlgorithm = openpgp.enums.aead.eax; // Native in Node.js
```
-* For environments that don't provide native crypto, the library falls back to [asm.js](https://caniuse.com/#feat=asmjs) implementations of AES, SHA-1, and SHA-256.
-
-
### Getting started
#### Node.js
@@ -98,18 +96,17 @@ Install OpenPGP.js using npm and save it in your dependencies:
npm install --save openpgp
```
-And import it as a CommonJS module:
+And import it as an ES module, from a .mjs file:
+```js
+import * as openpgp from 'openpgp';
+```
+
+Or as a CommonJS module:
```js
const openpgp = require('openpgp');
```
-Or as an ES6 module, from an .mjs file:
-
-```js
-import * as openpgp from 'openpgp';
-```
-
#### Deno (experimental)
Import as an ES6 module, using /dist/openpgp.mjs.
@@ -174,17 +171,17 @@ To offload cryptographic operations off the main thread, you can implement a Web
#### TypeScript
-Since TS is not fully integrated in the library, TS-only dependencies are currently listed as `devDependencies`, so to compile the project you’ll need to add `@openpgp/web-stream-tools` manually (NB: only versions below v0.12 are compatible with OpenPGP.js v5):
+Since TS is not fully integrated in the library, TS-only dependencies are currently listed as `devDependencies`, so to compile the project you’ll need to add `@openpgp/web-stream-tools` manually:
```sh
-npm install --save-dev @openpgp/web-stream-tools@0.0.11-patch-0
+npm install --save-dev @openpgp/web-stream-tools
```
If you notice missing or incorrect type definitions, feel free to open a PR.
### Examples
-Here are some examples of how to use OpenPGP.js v5. For more elaborate examples and working code, please check out the [public API unit tests](https://github.com/openpgpjs/openpgpjs/blob/main/test/general/openpgp.js). If you're upgrading from v4 it might help to check out the [changelog](https://github.com/openpgpjs/openpgpjs/wiki/V5-Changelog) and [documentation](https://github.com/openpgpjs/openpgpjs#documentation).
+Here are some examples of how to use OpenPGP.js v6. For more elaborate examples and working code, please check out the [public API unit tests](https://github.com/openpgpjs/openpgpjs/blob/main/test/general/openpgp.js). If you're upgrading from v4 it might help to check out the [changelog](https://github.com/openpgpjs/openpgpjs/wiki/v6-Changelog) and [documentation](https://github.com/openpgpjs/openpgpjs#documentation).
#### Encrypt and decrypt *Uint8Array* data with a password
@@ -389,14 +386,8 @@ Where the value can be any of:
})();
```
-For more information on using ReadableStreams, see [the MDN Documentation on the
-Streams API](https://developer.mozilla.org/en-US/docs/Web/API/Streams_API).
-
-You can also pass a [Node.js `Readable`
-stream](https://nodejs.org/api/stream.html#stream_class_stream_readable), in
-which case OpenPGP.js will return a Node.js `Readable` stream as well, which you
-can `.pipe()` to a `Writable` stream, for example.
-
+For more information on using ReadableStreams (both in browsers and Node.js), see [the MDN Documentation on the
+Streams API](https://developer.mozilla.org/en-US/docs/Web/API/Streams_API) .
#### Streaming encrypt and decrypt *String* data with PGP keys
@@ -453,7 +444,7 @@ can `.pipe()` to a `Writable` stream, for example.
ECC keys (smaller and faster to generate):
-Possible values for `curve` are: `curve25519`, `ed25519`, `p256`, `p384`, `p521`,
+Possible values for `curve` are: `curve25519`, `ed25519`, `nistP256`, `nistP384`, `nistP521`,
`brainpoolP256r1`, `brainpoolP384r1`, `brainpoolP512r1`, and `secp256k1`.
Note that both the `curve25519` and `ed25519` options generate a primary key for signing using Ed25519
and a subkey for encryption using Curve25519.
@@ -670,7 +661,7 @@ To create your own build of the library, just run the following command after cl
npm install && npm test
-For debugging browser errors, you can run `npm start` and open [`http://localhost:8080/test/unittests.html`](http://localhost:8080/test/unittests.html) in a browser, or run the following command:
+For debugging browser errors, run the following command:
npm run browsertest
diff --git a/docs/AEADEncryptedDataPacket.html b/docs/AEADEncryptedDataPacket.html
index 7c33af4c..1e1678fe 100644
--- a/docs/AEADEncryptedDataPacket.html
+++ b/docs/AEADEncryptedDataPacket.html
@@ -98,7 +98,7 @@ AEAD Protected Data Packet
For V4 keys, returns the self-signature of the primary user.
+For V5 keys, returns the latest valid direct-key self-signature.
+This self-signature is to be used to check the key expiration,
+algorithm preferences, and so on.
+
+
+
+
+
+
+
+
+
+
+
Parameters:
+
+
+
+
+
+
+
Name
+
+
+
Type
+
+
+
Attributes
+
+
+
+
+
Description
+
+
+
+
+
+
+
+
+
date
+
+
+
+
+
+Date
+
+
+
+
+
+
+
+
+ <optional>
+
+
+
+
+
+
+
+
+
+
+
Use the given date for verification instead of the current time
+
+
+
+
+
+
+
userID
+
+
+
+
+
+Object
+
+
+
+
+
+
+
+
+ <optional>
+
+
+
+
+
+
+
+
+
+
+
User ID to get instead of the primary user for V4 keys, if it exists
@@ -5140,7 +5382,7 @@ Signature validity is null if the verification keys do not correspond to the cer
diff --git a/docs/LiteralDataPacket.html b/docs/LiteralDataPacket.html
index d86e7ca9..70c71a40 100644
--- a/docs/LiteralDataPacket.html
+++ b/docs/LiteralDataPacket.html
@@ -147,7 +147,7 @@ further interpreted.
@@ -1575,7 +1575,7 @@ will be normalized to \r\n and by default text is converted to UTF8
diff --git a/docs/MarkerPacket.html b/docs/MarkerPacket.html
index 906e493f..28d65ca3 100644
--- a/docs/MarkerPacket.html
+++ b/docs/MarkerPacket.html
@@ -106,7 +106,7 @@ software is necessary to process the message.
@@ -333,7 +333,7 @@ software is necessary to process the message.
diff --git a/docs/Message.html b/docs/Message.html
index 7bace1e7..f93d7717 100644
--- a/docs/Message.html
+++ b/docs/Message.html
@@ -146,7 +146,7 @@ See https://tools.iet
@@ -876,7 +1004,7 @@ Signature types are described in
diff --git a/docs/PacketList.html b/docs/PacketList.html
index 7d2af1a5..f4ad9a85 100644
--- a/docs/PacketList.html
+++ b/docs/PacketList.html
@@ -97,7 +97,7 @@ are stored as numerical indices.
Generates a new OpenPGP subkey, and returns a clone of the Key object with the new subkey added.
-Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.
+Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519.
+Defaults to the algorithm and bit size/curve of the primary key. DSA primary keys default to RSA subkeys.
@@ -255,6 +256,12 @@ Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the p
|
rsa
+|
+
+curve25519
+|
+
+curve448
@@ -264,7 +271,8 @@ Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the p
-
The subkey algorithm: ECC or RSA
+
The subkey algorithm: ECC, RSA, Curve448 or Curve25519 (new format).
+Note: Curve448 and Curve25519 are not widely supported yet.
@@ -445,7 +453,7 @@ Supports RSA and ECC keys. Defaults to the algorithm and bit size/curve of the p
@@ -1841,7 +1878,7 @@ If only gnu-dummy keys are found, we cannot properly validate so we throw an err
diff --git a/docs/PublicKey.html b/docs/PublicKey.html
index d8ec91cf..f6717ddd 100644
--- a/docs/PublicKey.html
+++ b/docs/PublicKey.html
@@ -144,7 +144,7 @@
@@ -952,7 +952,7 @@ This is needed for constant-time processing. Expected object of the form: { sess
diff --git a/docs/PublicKeyPacket.html b/docs/PublicKeyPacket.html
index a09d1466..d6cc0850 100644
--- a/docs/PublicKeyPacket.html
+++ b/docs/PublicKeyPacket.html
@@ -195,7 +195,7 @@ key (sometimes called an OpenPGP certificate).
@@ -2571,7 +2571,7 @@ services.
diff --git a/docs/SecretKeyPacket.html b/docs/SecretKeyPacket.html
index b7b90a6a..065f5ef8 100644
--- a/docs/SecretKeyPacket.html
+++ b/docs/SecretKeyPacket.html
@@ -191,7 +191,7 @@ includes the secret-key material after all the public-key fields.
@@ -3837,7 +3837,7 @@ The resulting key cannot be used for signing/decrypting but can still verify sig
diff --git a/docs/SecretSubkeyPacket.html b/docs/SecretSubkeyPacket.html
index 2020daa9..567923fa 100644
--- a/docs/SecretSubkeyPacket.html
+++ b/docs/SecretSubkeyPacket.html
@@ -190,7 +190,7 @@ Key packet and has exactly the same format.
@@ -3906,7 +3906,7 @@ The resulting key cannot be used for signing/decrypting but can still verify sig
diff --git a/docs/Signature.html b/docs/Signature.html
index 1de23bea..60ea8fd1 100644
--- a/docs/Signature.html
+++ b/docs/Signature.html
@@ -144,7 +144,7 @@
@@ -614,7 +614,7 @@
diff --git a/docs/SignaturePacket.html b/docs/SignaturePacket.html
index 4c6ce868..a44a3a8b 100644
--- a/docs/SignaturePacket.html
+++ b/docs/SignaturePacket.html
@@ -99,7 +99,7 @@ block of text, and a signature that is a certification of a User ID.
@@ -1833,7 +1833,7 @@ block of text, and a signature that is a certification of a User ID.
diff --git a/docs/SymEncryptedIntegrityProtectedDataPacket.html b/docs/SymEncryptedIntegrityProtectedDataPacket.html
index 8c35b427..9e1863d8 100644
--- a/docs/SymEncryptedIntegrityProtectedDataPacket.html
+++ b/docs/SymEncryptedIntegrityProtectedDataPacket.html
@@ -101,7 +101,7 @@ packet.
@@ -795,7 +795,7 @@ See RFC 4880 9.2 f
diff --git a/docs/TrustPacket.html b/docs/TrustPacket.html
index e6e775f9..ba1e690f 100644
--- a/docs/TrustPacket.html
+++ b/docs/TrustPacket.html
@@ -105,7 +105,7 @@ other than local keyring files.
@@ -262,7 +262,7 @@ Currently not implemented as we ignore trust packets
diff --git a/docs/UserAttributePacket.html b/docs/UserAttributePacket.html
index 43640c78..9781021c 100644
--- a/docs/UserAttributePacket.html
+++ b/docs/UserAttributePacket.html
@@ -107,7 +107,7 @@ an implementation may use any method desired.
@@ -585,7 +585,7 @@ an implementation may use any method desired.
diff --git a/docs/UserIDPacket.html b/docs/UserIDPacket.html
index f81007d5..ea8111cd 100644
--- a/docs/UserIDPacket.html
+++ b/docs/UserIDPacket.html
@@ -100,7 +100,7 @@ specifies the length of the User ID.
@@ -404,6 +313,73 @@ This is used as fallback if the native Crypto APIs are not available.
+
+
+
+
emitChecksum
+
+
+
+
+
+Boolean
+
+
+
+
+
+
+
+
+ <optional>
+
+
+
+
+
+
+
+
+
+
+
Whether to compute and include the CRC checksum
+(NB: some types of data must not include it, but compliance is left as responsibility of the caller: this function does not carry out any checks)
+
+
+
+
+
+
+
config
+
+
+
+
+
+Object
+
+
+
+
+
+
+
+
+ <optional>
+
+
+
+
+
+
+
+
+
+
+
Full configuration, defaults to openpgp.config
+
+
+
@@ -443,7 +419,7 @@ This is used as fallback if the native Crypto APIs are not available.
@@ -4443,7 +4419,8 @@ At least one of encryptionKeys or passwords must be sp
-
Generates a new OpenPGP key pair. Supports RSA and ECC keys. By default, primary and subkeys will be of same type.
+
Generates a new OpenPGP key pair. Supports RSA and ECC keys, as well as the newer Curve448 and Curve25519 keys.
+By default, primary and subkeys will be of same type.
The generated primary key will have signing capabilities. By default, one subkey with encryption capabilities is also generated.
@@ -4574,6 +4551,12 @@ The generated primary key will have signing capabilities. By default, one subkey
|
'rsa'
+|
+
+'curve448'
+|
+
+'curve25519'
@@ -4599,7 +4582,8 @@ The generated primary key will have signing capabilities. By default, one subkey
-
The primary key algorithm type: ECC (default) or RSA
+
The primary key algorithm type: ECC (default for v4 keys), RSA, Curve448 or Curve25519 (new format, default for v6 keys).
+Note: Curve448 and Curve25519 (new format) are not widely supported yet.
@@ -4711,13 +4695,13 @@ The generated primary key will have signing capabilities. By default, one subkey
Get Compression Stream API instatiators if the constructors are implemented.
+NB: the return instatiator functions will throw when called if the provided compressionFormat is not supported
+(supported formats cannot be determined in advance).
+
+
+
+
+
+
+
+
@@ -10000,7 +11644,7 @@ The new key includes a revocation certificate that must be removed before return
diff --git a/docs/index.html b/docs/index.html
index 59ac47bd..6144c371 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -44,7 +44,7 @@
OpenPGP.js
-
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. It implements RFC4880 and parts of RFC4880bis.
The dist/openpgp.min.js bundle works well with recent versions of Chrome, Firefox, Safari and Edge.
+
The dist/openpgp.min.js (or .mjs) bundle works with recent versions of Chrome, Firefox, Edge and Safari 14+.
-
The dist/node/openpgp.min.js bundle works well in Node.js. It is used by default when you require('openpgp') in Node.js.
+
The dist/node/openpgp.min.mjs (or .cjs) bundle works in Node.js v18+: it is used by default when you import ... from 'openpgp' (resp. require('openpgp')).
-
Currently, Chrome, Safari and Edge have partial implementations of the
-Streams specification, and Firefox
-has a partial implementation behind feature flags. Chrome is the only
-browser that implements TransformStreams, which we need, so we include
-a polyfill for
-all other browsers. Please note that in those browsers, the global
-ReadableStream property gets overwritten with the polyfill version if
-it exists. In some edge cases, you might need to use the native
+
Streaming support: the latest versions of Chrome, Firefox, Edge and Safari implement the
+Streams specification, including TransformStreams.
+These are needed if you use the library with streamed inputs.
+In previous versions of OpenPGP.js, WebStreams were automatically polyfilled by the library,
+but from v6 this task is left up to the library user, due to the more extensive browser support, and the
+polyfilling side-effects. If you're working with older browsers versions which do not implement e.g. TransformStreams, you can manually
+load WebStream polyfill.
+Please note that when you load the polyfills, the global ReadableStream property (if it exists) gets overwritten with the polyfill version.
+In some edge cases, you might need to use the native
ReadableStream (for example when using it to create a Response
object), in which case you should store a reference to it before loading
-OpenPGP.js. There is also the
-web-streams-adapter
+the polyfills. There is also the web-streams-adapter
library to convert back and forth between them.
@@ -127,40 +127,40 @@ library to convert back and forth between them.
ECDH
N/A
No
-
No
-
Algorithmically**
+
Yes*
+
If native**
ed25519
N/A
EdDSA
No
-
No
-
Algorithmically**
+
Yes*
+
If native**
-
p256
+
nistP256
ECDH
ECDSA
Yes*
Yes*
-
If native***
+
If native**
-
p384
+
nistP384
ECDH
ECDSA
Yes*
Yes*
-
If native***
+
If native**
-
p521
+
nistP521
ECDH
ECDSA
Yes*
Yes*
-
If native***
+
If native**
brainpoolP256r1
@@ -168,7 +168,7 @@ library to convert back and forth between them.
ECDSA
Yes*
No
-
If native***
+
If native**
brainpoolP384r1
@@ -176,7 +176,7 @@ library to convert back and forth between them.
ECDSA
Yes*
No
-
If native***
+
If native**
brainpoolP512r1
@@ -184,7 +184,7 @@ library to convert back and forth between them.
ECDSA
Yes*
No
-
If native***
+
If native**
secp256k1
@@ -192,30 +192,27 @@ library to convert back and forth between them.
ECDSA
Yes*
No
-
If native***
+
If native**
-
* when available
-** the curve25519 and ed25519 implementations are algorithmically constant-time, but may not be constant-time after optimizations of the JavaScript compiler
-*** these curves are only constant-time if the underlying native implementation is available and constant-time
-
-
-
Version 2.x of the library has been built from the ground up with Uint8Arrays. This allows for much better performance and memory usage than strings.
+
* when available
+** these curves are only constant-time if the underlying native implementation is available and constant-time
If the user's browser supports native WebCrypto via the window.crypto.subtle API, this will be used. Under Node.js the native crypto module is used.
-
The library implements the RFC4880bis proposal for authenticated encryption using native AES-EAX, OCB, or GCM. This makes symmetric encryption up to 30x faster on supported platforms. Since the specification has not been finalized and other OpenPGP implementations haven't adopted it yet, the feature is currently behind a flag. Note: activating this setting can break compatibility with other OpenPGP implementations, and also with future versions of OpenPGP.js. Don't use it with messages you want to store on disk or in a database. You can enable it by setting openpgp.config.aeadProtect = true.
+
The library implements authenticated encryption (AEAD) as per the "crypto refresh" draft standard using AES-OCB, EAX, or GCM. This makes symmetric encryption faster on platforms with native implementations. However, since the specification is very recent and other OpenPGP implementations are in the process of adopting it, the feature is currently behind a flag. Note: activating this setting can break compatibility with other OpenPGP implementations which have yet to implement the feature. You can enable it by setting openpgp.config.aeadProtect = true.
+Note that this setting has a different effect from the one in OpenPGP.js v6, which implemented support for a provisional version of AEAD from RFC4880bis, which was modified in a later draft of the crypto refresh.
You can change the AEAD mode by setting one of the following options:
Install OpenPGP.js using npm and save it in your dependencies:
npm install --save openpgp
-
And import it as a CommonJS module:
-
const openpgp = require('openpgp');
-
-
Or as an ES6 module, from an .mjs file:
+
And import it as an ES module, from a .mjs file:
import * as openpgp from 'openpgp';
+
Or as a CommonJS module:
+
const openpgp = require('openpgp');
+
Deno (experimental)
Import as an ES6 module, using /dist/openpgp.mjs.
import * as openpgp from './openpgpjs/dist/openpgp.mjs';
@@ -262,12 +259,12 @@ import * as openpgp from './openpgp.min.mjs';
To offload cryptographic operations off the main thread, you can implement a Web Worker in your application and load OpenPGP.js from there. For an example Worker implementation, see test/worker/worker_example.js.
TypeScript
-
Since TS is not fully integrated in the library, TS-only dependencies are currently listed as devDependencies, so to compile the project you’ll need to add @openpgp/web-stream-tools manually (NB: only versions below v0.12 are compatible with OpenPGP.js v5):
Since TS is not fully integrated in the library, TS-only dependencies are currently listed as devDependencies, so to compile the project you’ll need to add @openpgp/web-stream-tools manually:
+
npm install --save-dev @openpgp/web-stream-tools
If you notice missing or incorrect type definitions, feel free to open a PR.
Examples
-
Here are some examples of how to use OpenPGP.js v5. For more elaborate examples and working code, please check out the public API unit tests. If you're upgrading from v4 it might help to check out the changelog and documentation.
+
Here are some examples of how to use OpenPGP.js v6. For more elaborate examples and working code, please check out the public API unit tests. If you're upgrading from v4 it might help to check out the changelog and documentation.
Encrypt and decrypt Uint8Array data with a password
Encryption will use the algorithm specified in config.preferredSymmetricAlgorithm (defaults to aes256), and decryption will use the algorithm used for encryption.
(async () => {
@@ -503,7 +500,7 @@ can .pipe() to a Writable stream, for example.
Generate new key pair
ECC keys (smaller and faster to generate):
-
Possible values for curve are: curve25519, ed25519, p256, p384, p521,
+
Possible values for curve are: curve25519, ed25519, nistP256, nistP384, nistP521,
brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, and secp256k1.
Note that both the curve25519 and ed25519 options generate a primary key for signing using Ed25519
and a subkey for encryption using Curve25519.
@@ -708,7 +705,7 @@ and a subkey for encryption using Curve25519.
diff --git a/docs/module-config.html b/docs/module-config.html
index 1c159171..f0eeb13f 100644
--- a/docs/module-config.html
+++ b/docs/module-config.html
@@ -89,7 +89,7 @@
@@ -390,8 +390,14 @@ Must be an integer value from 0 to 56.
Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.
-Note: not all OpenPGP implementations are compatible with this option.
-FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION
+This option is applicable to:
+
+
key generation (encryption key preferences),
+
password-based message encryption, and
+
private key encryption.
+In the case of message encryption using public keys, the encryption key preferences are respected instead.
+Note: not all OpenPGP implementations are compatible with this option.
+
@@ -483,7 +489,7 @@ Note: not all OpenPGP implementations are compatible with this option.
Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to
process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible
and deferring checking their integrity until the decrypted stream has been read in full.
-
This setting is insecure if the partially decrypted message is processed further or displayed to the user.
+
This setting is insecure if the encrypted data has been corrupted by a malicious entity:
+
+
if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL
+(see https://efail.de/).
+
an attacker with access to traces or timing info of internal processing errors could learn some info about the data.
+
+
NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed.
@@ -967,119 +979,7 @@ and deferring checking their integrity until the decrypted stream has been read
@@ -3281,11 +2957,20 @@ Only has an effect when aeadProtect is set to true.
-
(static) revocationsExpire
+
(static) s2kArgon2Params
+
+
draft-crypto-refresh 3.7.1.4:
+Argon2 parameters for S2K (String to Key).
+Only relevant if config.s2kType is set to enums.s2k.argon2.
+Default settings correspond to the second recommendation from RFC9106 ("uniformly safe option"),
+to ensure compatibility with memory-constrained environments.
+For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4.
+
+
@@ -3318,13 +3003,13 @@ Only has an effect when aeadProtect is set to true.
-
revocationsExpire
+
params
-Boolean
+Object
@@ -3334,7 +3019,101 @@ Only has an effect when aeadProtect is set to true.
-
If true, expired revocation signatures are ignored
+
+
Properties
+
+
+
+
+
+
Name
+
+
+
Type
+
+
+
+
+
+
Description
+
+
+
+
+
+
+
+
+
passes
+
+
+
+
+
+Integer
+
+
+
+
+
+
+
+
+
+
number of iterations t
+
+
+
+
+
+
+
parallelism
+
+
+
+
+
+Integer
+
+
+
+
+
+
+
+
+
+
degree of parallelism p
+
+
+
+
+
+
+
memoryExponent
+
+
+
+
+
+Integer
+
+
+
+
+
+
+
+
+
+
one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes.
+
+
+
+
+
+
+
@@ -3375,7 +3154,7 @@ Only has an effect when aeadProtect is set to true.
@@ -3399,8 +3178,10 @@ Only has an effect when aeadProtect is set to true.
-
RFC4880 3.7.1.3:
-Iteration Count Byte for S2K (String to Key)
+
RFC4880 3.7.1.3:
+Iteration Count Byte for Iterated and Salted S2K (String to Key).
+Only relevant if config.s2kType is set to enums.s2k.iterated.
+Note: this is the exponent value, not the final number of iterations (refer to specs for more details).
@@ -3492,7 +3273,129 @@ Iteration Count Byte for S2K (String to Key)
S2K (String to Key) type, used for key derivation in the context of secret key encryption
+and password-encrypted data. Weaker s2k options are not allowed.
+Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it
+(pending standardisation).
@@ -3734,15 +3637,14 @@ Iteration Count Byte for S2K (String to Key)
-
(static) useIndutnyElliptic
+
(static) useEllipticFallback
-
Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API.
-When false, certain standard curves will not be supported (depending on the platform).
-Note: the indutny/elliptic curve library is not designed to be constant time.
+
Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API.
+When false, certain standard curves will not be supported (depending on the platform).
@@ -3777,7 +3679,7 @@ Note: the indutny/elliptic curve library is not designed to be constant time.
-
useIndutnyElliptic
+
useEllipticFallback
@@ -3834,7 +3736,7 @@ Note: the indutny/elliptic curve library is not designed to be constant time.Source:
@@ -3852,13 +3754,13 @@ Note: the indutny/elliptic curve library is not designed to be constant time.(static) v5Keys
+
(static) v6Keys
-
Use V5 keys.
+
Use v6 keys.
Note: not all OpenPGP implementations are compatible with this option.
FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION
@@ -3895,7 +3797,7 @@ Note: not all OpenPGP implementations are compatible with this option.
-
v5Keys
+
v6Keys
@@ -3952,7 +3854,7 @@ Note: not all OpenPGP implementations are compatible with this option.
This implementation of CMAC is based on the description of OMAC in
+http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that
+document:
+
We have made a small modification to the OMAC algorithm as it was
+originally presented, changing one of its two constants.
+Specifically, the constant 4 at line 85 was the constant 1/2 (the
+multiplicative inverse of 2) in the original definition of OMAC [14].
+The OMAC authors indicate that they will promulgate this modification
+[15], which slightly simplifies implementations.
xor padding into the end of data. This function implements "the
+operation xor→ [which] xors the shorter string into the end of longer
+one". Since data is always as least as long as padding, we can
+simplify the implementation.
Generate a new random private key B bits long with public exponent E.
+
When possible, webCrypto or nodeCrypto is used. Otherwise, primes are generated using
+40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.
Parse signature in binary form to get the parameters.
+The returned values are only padded for EdDSA, since in the other cases their expected length
+depends on the key params, hence we delegate the padding to the signature verification function.
+See RFC 4880 9.1
+See RFC 4880 5.2.2.
Creates a signature on data using specified algorithms and private key parameters.
+See RFC 4880 9.1
+and RFC 4880 9.4
+for public key and hash algorithms.
Verifies the signature provided for data using specified algorithms and public key parameters.
+See RFC 4880 9.1
+and RFC 4880 9.4
+for public key and hash algorithms.
Properties to write on the signature packet before signing
+
+
+
+
+
+
+
date
+
+
+
+
+
+Date
+
+
+
+
+
+
+
+
+ <optional>
+
+
+
+
+
+
+
+
+
+
+
Override the creationtime of the signature
+
+
+
+
+
+
+
userID
+
+
+
+
+
+Object
+
+
+
+
+
+
+
+
+ <optional>
+
+
+
+
+
+
+
+
+
+
+
User ID
+
+
+
+
+
+
+
notations
+
+
+
+
+
+Array
+
+
+
+
+
+
+
+
+ <optional>
+
+
+
+
+
+
+
+
+
+
+
Notation Data to add to the signature, e.g. [{ name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false }]
Signature type to determine how to hash the data (NB: for userID signatures,
+enums.signatures.certGeneric should be given regardless of the actual trust level)
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/module-type_oid.html b/docs/module-type_oid.html
new file mode 100644
index 00000000..524d78c1
--- /dev/null
+++ b/docs/module-type_oid.html
@@ -0,0 +1,178 @@
+
+
+
+
+ JSDoc: Module: type/oid
+
+
+
+
+
+
+
+
+
+
+
+
+
Module: type/oid
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Wrapper to an OID value
+
RFC6637, section 11:
+The sequence of octets in the third column is the result of applying
+the Distinguished Encoding Rules (DER) to the ASN.1 Object Identifier
+with subsequent truncation. The truncation removes the two fields of
+encoded Object Identifier. The first omitted field is one octet
+representing the Object Identifier tag, and the second omitted field
+is the length of the Object Identifier body. For example, the
+complete ASN.1 DER encoding for the NIST P-256 curve OID is "06 08 2A
+86 48 CE 3D 03 01 07", from which the first entry in the table above
+is constructed by omitting the first two octets. Only the truncated
+sequence of octets is the valid representation of a curve OID.
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
diff --git a/docs/module-type_s2k.html b/docs/module-type_s2k.html
new file mode 100644
index 00000000..9121ad81
--- /dev/null
+++ b/docs/module-type_s2k.html
@@ -0,0 +1,180 @@
+
+
+
+
+ JSDoc: Module: type/s2k
+
+
+
+
+
+
+
+
+
+
+
+
+
Module: type/s2k
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Implementation of the String-to-key specifier
+
RFC4880 3.7:
+String-to-key (S2K) specifiers are used to convert passphrase strings
+into symmetric-key encryption/decryption keys. They are used in two
+places, currently: to encrypt the secret part of private keys in the
+private keyring, and to convert passphrases to encryption keys for
+symmetrically encrypted messages.
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/docs/module-type_x25519x448_symkey.html b/docs/module-type_x25519x448_symkey.html
index def7fac8..958650bd 100644
--- a/docs/module-type_x25519x448_symkey.html
+++ b/docs/module-type_x25519x448_symkey.html
@@ -91,7 +91,7 @@ the former includes an algorithm byte preceeding the encrypted session key.<
