mirror of
https://github.com/openpgpjs/openpgpjs.git
synced 2025-11-24 06:25:50 +00:00
Add support for key encryption, decryption and validation
This commit is contained in:
larabr
parent
84d7d12c83
commit
366d2c8eee
@ -142,7 +142,7 @@ class PrivateKey extends PublicKey {
|
||||
}
|
||||
|
||||
let signingKeyPacket;
|
||||
if (!this.keyPacket.isDummy()) {
|
||||
if (!helper.isPublicOrDummyKeyPacket(this.keyPacket)) {
|
||||
signingKeyPacket = this.keyPacket;
|
||||
} else {
|
||||
/**
|
||||
@ -151,7 +151,7 @@ class PrivateKey extends PublicKey {
|
||||
*/
|
||||
const signingKey = await this.getSigningKey(null, null, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRSABits: 0 });
|
||||
// This could again be a dummy key
|
||||
if (signingKey && !signingKey.keyPacket.isDummy()) {
|
||||
if (signingKey && !helper.isPublicOrDummyKeyPacket(signingKey.keyPacket)) {
|
||||
signingKeyPacket = signingKey.keyPacket;
|
||||
}
|
||||
}
|
||||
@ -160,12 +160,12 @@ class PrivateKey extends PublicKey {
|
||||
return signingKeyPacket.validate();
|
||||
} else {
|
||||
const keys = this.getKeys();
|
||||
const allDummies = keys.map(key => key.keyPacket.isDummy()).every(Boolean);
|
||||
if (allDummies) {
|
||||
throw new Error('Cannot validate an all-gnu-dummy key');
|
||||
const allPublicOrDummies = keys.map(key => helper.isPublicOrDummyKeyPacket(key.keyPacket)).every(Boolean);
|
||||
if (allPublicOrDummies) {
|
||||
throw new Error('Cannot validate key without secret key material');
|
||||
}
|
||||
|
||||
return Promise.all(keys.map(async key => key.keyPacket.validate()));
|
||||
return Promise.all(keys.map(async key => helper.isPublicOrDummyKeyPacket(key.keyPacket) || key.keyPacket.validate()));
|
||||
}
|
||||
}
|
||||
|
||||
@ -235,14 +235,14 @@ class PrivateKey extends PublicKey {
|
||||
if (options.rsaBits < config.minRSABits) {
|
||||
throw new Error(`rsaBits should be at least ${config.minRSABits}, got: ${options.rsaBits}`);
|
||||
}
|
||||
const secretKeyPacket = this.keyPacket;
|
||||
if (secretKeyPacket.isDummy()) {
|
||||
throw new Error('Cannot add subkey to gnu-dummy primary key');
|
||||
const primaryKeyPacket = this.keyPacket;
|
||||
if (helper.isPublicOrDummyKeyPacket(primaryKeyPacket)) {
|
||||
throw new Error('Cannot add subkey to gnu-dummy or public primary key');
|
||||
}
|
||||
if (!secretKeyPacket.isDecrypted()) {
|
||||
if (!primaryKeyPacket.isDecrypted()) {
|
||||
throw new Error('Key is not decrypted');
|
||||
}
|
||||
const defaultOptions = secretKeyPacket.getAlgorithmInfo();
|
||||
const defaultOptions = primaryKeyPacket.getAlgorithmInfo();
|
||||
defaultOptions.type = getDefaultSubkeyType(defaultOptions.algorithm);
|
||||
defaultOptions.rsaBits = defaultOptions.bits || 4096;
|
||||
defaultOptions.curve = defaultOptions.curve || 'curve25519Legacy';
|
||||
@ -253,7 +253,7 @@ class PrivateKey extends PublicKey {
|
||||
// The config is always overwritten since we cannot tell if the defaultConfig was changed by the user.
|
||||
const keyPacket = await helper.generateSecretSubkey(options, { ...config, v6Keys: this.keyPacket.version === 6 });
|
||||
helper.checkKeyRequirements(keyPacket, config);
|
||||
const bindingSignature = await helper.createBindingSignature(keyPacket, secretKeyPacket, options, config);
|
||||
const bindingSignature = await helper.createBindingSignature(keyPacket, primaryKeyPacket, options, config);
|
||||
const packetList = this.toPacketList();
|
||||
packetList.push(keyPacket, bindingSignature);
|
||||
return new PrivateKey(packetList);
|
||||
|
||||
@ -21,7 +21,7 @@ import { CleartextMessage } from './cleartext';
|
||||
import { generate, reformat, getPreferredCompressionAlgo } from './key';
|
||||
import defaultConfig from './config';
|
||||
import util from './util';
|
||||
import { checkKeyRequirements } from './key/helper';
|
||||
import { checkKeyRequirements, isPublicOrDummyKeyPacket } from './key/helper';
|
||||
|
||||
|
||||
//////////////////////
|
||||
@ -189,10 +189,13 @@ export async function decryptKey({ privateKey, passphrase, config, ...rest }) {
|
||||
const passphrases = util.isArray(passphrase) ? passphrase : [passphrase];
|
||||
|
||||
try {
|
||||
await Promise.all(clonedPrivateKey.getKeys().map(key => (
|
||||
await Promise.all(clonedPrivateKey.getKeys().map(key => {
|
||||
if (isPublicOrDummyKeyPacket(key.keyPacket)) {
|
||||
return;
|
||||
}
|
||||
// try to decrypt each key with any of the given passphrases
|
||||
util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)))
|
||||
)));
|
||||
return util.anyPromise(passphrases.map(passphrase => key.keyPacket.decrypt(passphrase)));
|
||||
}));
|
||||
|
||||
await clonedPrivateKey.validate(config);
|
||||
return clonedPrivateKey;
|
||||
@ -230,6 +233,9 @@ export async function encryptKey({ privateKey, passphrase, config, ...rest }) {
|
||||
try {
|
||||
await Promise.all(keys.map(async (key, i) => {
|
||||
const { keyPacket } = key;
|
||||
if (isPublicOrDummyKeyPacket(keyPacket)) {
|
||||
return;
|
||||
}
|
||||
await keyPacket.encrypt(passphrases[i], config);
|
||||
keyPacket.clearPrivateParams();
|
||||
}));
|
||||
|
||||
@ -1857,6 +1857,54 @@ S2rSjQ4JF0Ktgdr9585haknpGwr31t486KxXOY4AEsiBmRyvTbaQegwKaQ+C
|
||||
-----END PGP PRIVATE KEY BLOCK-----
|
||||
`;
|
||||
|
||||
// public primary key with:
|
||||
// - one signing private subkey
|
||||
// - one signing public subkey
|
||||
// - one encryption private subkey
|
||||
// - one encryption public subkey
|
||||
const privateKeyWithPublicKeyPackets = `-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
|
||||
xjMEZr9cyxYJKwYBBAHaRw8BAQdAlC7g7Q4UZmN5zNhFynWuEXYn1KV8Jfp4
|
||||
DMiKf8ZQ5oDNDzx0ZXN0QHRlc3QuY29tPsLAEwQTFgoAhQWCZr9cywMLCQcJ
|
||||
kPhnPZ0LDe1wRRQAAAAAABwAIHNhbHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5v
|
||||
cmeWobLLkXmgpg9Pet9xOLiKvUAGKchlrMxBubhvTpBGygUVCAoMDgQWAAIB
|
||||
AhkBApsDAh4BFiEEYmvn2jb9uzAG41Ql+Gc9nQsN7XAAAHGyAP9URiF2uq/O
|
||||
8PJkjoehixMx9h9a8L+lPd56ymbdxUb/swEA0tNWA9alk/m3rml0aTPNucuG
|
||||
Aj/FLBixvbva+SWEkgrOMwRmv1zLFgkrBgEEAdpHDwEBB0DdyjGHiVCA0Cbr
|
||||
5u5pcuZmYZylLDURujjhEWYcLKIg0MLAuwQYFgoBLQWCZr9cywmQ+Gc9nQsN
|
||||
7XBFFAAAAAAAHAAgc2FsdEBub3RhdGlvbnMub3BlbnBncGpzLm9yZ5UtjGIA
|
||||
N+2fOlsIv9vwi5MaTUxoXXc+Mw6ETjRvW3fUApsCvKAEGRYKAG0Fgma/XMsJ
|
||||
kHC3NLlxFk7wRRQAAAAAABwAIHNhbHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5v
|
||||
cme74M+JTJ/Clb0bApLqL/QGKOZbaXdL3Y/p02QX2o6AgRYhBFFraL50hRm3
|
||||
RC4PZHC3NLlxFk7wAABAgwEAhQ+EgvirBcabNlmHV6nEbqyTz85oBj8SKNM2
|
||||
d+tDQ3YBAN3jXoPGx22sVoy5rAMerwq1lhnlgCh4xfdTw1jtr2QEFiEEYmvn
|
||||
2jb9uzAG41Ql+Gc9nQsN7XAAALGsAQCCDkhWJRgiCoHIvjWwRqVWU1BsVaj5
|
||||
dr6fxkK9yaOv6QEA+JjqAgPcRo/LGHpO0dZS9qi1Zpy4u5bT2FunXqvNDQ7O
|
||||
MwRmv1zLFgkrBgEEAdpHDwEBB0A4CyxR5ZSvF8FrEhjzFO8W6paAtqm92p7k
|
||||
+HQC7TRhKcLAuwQYFgoBLQWCZr9cywmQ+Gc9nQsN7XBFFAAAAAAAHAAgc2Fs
|
||||
dEBub3RhdGlvbnMub3BlbnBncGpzLm9yZ8eA420LE1oqZm9UQ2mAl0VpYysv
|
||||
9w9FhamakpSbum0jApsCvKAEGRYKAG0Fgma/XMsJkMrApZFFMT1MRRQAAAAA
|
||||
ABwAIHNhbHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5vcmcyU0rvMw4GVCasfsGO
|
||||
ke8VBnf9DX73KF4Fuw5HRwy65BYhBPmjv8j7/15Fu3bvL8rApZFFMT1MAADv
|
||||
OgEAp2P/olg/8frAKhZNhBNNcnZ3mBPgw+jnVB2q3lJR3G4A/Az8kxPmyhmf
|
||||
vaorTRswb2d7xes3ubunWLvHBcU+LSAIFiEEYmvn2jb9uzAG41Ql+Gc9nQsN
|
||||
7XAAAO9CAP4y3wh7tKf5QkWhz18Lo2Zjqv4S+rCVJZWe9SDRFJq4rwD/eJTb
|
||||
wFTiP1x1KHQY+bnZQUll10A9c/G9yMrOC0qR8gHHXQRmv1zLEgorBgEEAZdV
|
||||
AQUBAQdAdWmLtTwhcOH7tlr+2FEysYY3Z6gPpP6EalQnbXEHKRsDAQgHAAD/
|
||||
ROS5zCtNP0O2t9U7T/Cs2+n1snTVW+RBTbESM+hjWfgTIcK+BBgWCgBwBYJm
|
||||
v1zLCZD4Zz2dCw3tcEUUAAAAAAAcACBzYWx0QG5vdGF0aW9ucy5vcGVucGdw
|
||||
anMub3JniqUd+21Sxr5oHb+ctdQKLEpRYCSR1I0Ap/Z5o3XfqRACmwwWIQRi
|
||||
a+faNv27MAbjVCX4Zz2dCw3tcAAABPQBAK7S2Izm3D4dEkoJb869wOqtK4be
|
||||
zdP4cdQMfO/4hsLRAPwMxCX51Okaj/SvwEzjI/RCPmfv9l441PmzQheQ4Gqr
|
||||
BM44BGa/XMsSCisGAQQBl1UBBQEBB0CqHCGPBZg8ioGvjV4nKteCFs4hAzLn
|
||||
nFHyv2RF+YdFJgMBCAfCvgQYFgoAcAWCZr9cywmQ+Gc9nQsN7XBFFAAAAAAA
|
||||
HAAgc2FsdEBub3RhdGlvbnMub3BlbnBncGpzLm9yZw1hBEkI2dXfJXMVH/ha
|
||||
uCz6Opp4tu616/VBZWGParIfApsMFiEEYmvn2jb9uzAG41Ql+Gc9nQsN7XAA
|
||||
ABWvAQDZznAKuYpaWKklOVw2z8fgLP6sL9ai+zBjlWogKoswNgEAoXTZ1SOJ
|
||||
bWGFbTrrvSBYui/idHvj8Tax0EDVVw6W1Qc=
|
||||
=OKHa
|
||||
-----END PGP PRIVATE KEY BLOCK-----`;
|
||||
|
||||
const eddsaKeyAsEcdsa = `
|
||||
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
Version: OpenPGP.js VERSION
|
||||
@ -3020,61 +3068,15 @@ export default () => describe('Key', function() {
|
||||
});
|
||||
|
||||
it('Parsing armored key with public primary key and private subkeys', async function() {
|
||||
// public primary key with:
|
||||
// - one signing private subkey
|
||||
// - one signing public subkey
|
||||
// - one encryption private subkey
|
||||
// - one encryption public subkey
|
||||
const privateKeyWithPublicKeyPackets = await openpgp.readKey({ armoredKey: `-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
const key = await openpgp.readKey({ armoredKey: privateKeyWithPublicKeyPackets });
|
||||
|
||||
xjMEZr9cyxYJKwYBBAHaRw8BAQdAlC7g7Q4UZmN5zNhFynWuEXYn1KV8Jfp4
|
||||
DMiKf8ZQ5oDNDzx0ZXN0QHRlc3QuY29tPsLAEwQTFgoAhQWCZr9cywMLCQcJ
|
||||
kPhnPZ0LDe1wRRQAAAAAABwAIHNhbHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5v
|
||||
cmeWobLLkXmgpg9Pet9xOLiKvUAGKchlrMxBubhvTpBGygUVCAoMDgQWAAIB
|
||||
AhkBApsDAh4BFiEEYmvn2jb9uzAG41Ql+Gc9nQsN7XAAAHGyAP9URiF2uq/O
|
||||
8PJkjoehixMx9h9a8L+lPd56ymbdxUb/swEA0tNWA9alk/m3rml0aTPNucuG
|
||||
Aj/FLBixvbva+SWEkgrOMwRmv1zLFgkrBgEEAdpHDwEBB0DdyjGHiVCA0Cbr
|
||||
5u5pcuZmYZylLDURujjhEWYcLKIg0MLAuwQYFgoBLQWCZr9cywmQ+Gc9nQsN
|
||||
7XBFFAAAAAAAHAAgc2FsdEBub3RhdGlvbnMub3BlbnBncGpzLm9yZ5UtjGIA
|
||||
N+2fOlsIv9vwi5MaTUxoXXc+Mw6ETjRvW3fUApsCvKAEGRYKAG0Fgma/XMsJ
|
||||
kHC3NLlxFk7wRRQAAAAAABwAIHNhbHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5v
|
||||
cme74M+JTJ/Clb0bApLqL/QGKOZbaXdL3Y/p02QX2o6AgRYhBFFraL50hRm3
|
||||
RC4PZHC3NLlxFk7wAABAgwEAhQ+EgvirBcabNlmHV6nEbqyTz85oBj8SKNM2
|
||||
d+tDQ3YBAN3jXoPGx22sVoy5rAMerwq1lhnlgCh4xfdTw1jtr2QEFiEEYmvn
|
||||
2jb9uzAG41Ql+Gc9nQsN7XAAALGsAQCCDkhWJRgiCoHIvjWwRqVWU1BsVaj5
|
||||
dr6fxkK9yaOv6QEA+JjqAgPcRo/LGHpO0dZS9qi1Zpy4u5bT2FunXqvNDQ7O
|
||||
MwRmv1zLFgkrBgEEAdpHDwEBB0A4CyxR5ZSvF8FrEhjzFO8W6paAtqm92p7k
|
||||
+HQC7TRhKcLAuwQYFgoBLQWCZr9cywmQ+Gc9nQsN7XBFFAAAAAAAHAAgc2Fs
|
||||
dEBub3RhdGlvbnMub3BlbnBncGpzLm9yZ8eA420LE1oqZm9UQ2mAl0VpYysv
|
||||
9w9FhamakpSbum0jApsCvKAEGRYKAG0Fgma/XMsJkMrApZFFMT1MRRQAAAAA
|
||||
ABwAIHNhbHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5vcmcyU0rvMw4GVCasfsGO
|
||||
ke8VBnf9DX73KF4Fuw5HRwy65BYhBPmjv8j7/15Fu3bvL8rApZFFMT1MAADv
|
||||
OgEAp2P/olg/8frAKhZNhBNNcnZ3mBPgw+jnVB2q3lJR3G4A/Az8kxPmyhmf
|
||||
vaorTRswb2d7xes3ubunWLvHBcU+LSAIFiEEYmvn2jb9uzAG41Ql+Gc9nQsN
|
||||
7XAAAO9CAP4y3wh7tKf5QkWhz18Lo2Zjqv4S+rCVJZWe9SDRFJq4rwD/eJTb
|
||||
wFTiP1x1KHQY+bnZQUll10A9c/G9yMrOC0qR8gHHXQRmv1zLEgorBgEEAZdV
|
||||
AQUBAQdAdWmLtTwhcOH7tlr+2FEysYY3Z6gPpP6EalQnbXEHKRsDAQgHAAD/
|
||||
ROS5zCtNP0O2t9U7T/Cs2+n1snTVW+RBTbESM+hjWfgTIcK+BBgWCgBwBYJm
|
||||
v1zLCZD4Zz2dCw3tcEUUAAAAAAAcACBzYWx0QG5vdGF0aW9ucy5vcGVucGdw
|
||||
anMub3JniqUd+21Sxr5oHb+ctdQKLEpRYCSR1I0Ap/Z5o3XfqRACmwwWIQRi
|
||||
a+faNv27MAbjVCX4Zz2dCw3tcAAABPQBAK7S2Izm3D4dEkoJb869wOqtK4be
|
||||
zdP4cdQMfO/4hsLRAPwMxCX51Okaj/SvwEzjI/RCPmfv9l441PmzQheQ4Gqr
|
||||
BM44BGa/XMsSCisGAQQBl1UBBQEBB0CqHCGPBZg8ioGvjV4nKteCFs4hAzLn
|
||||
nFHyv2RF+YdFJgMBCAfCvgQYFgoAcAWCZr9cywmQ+Gc9nQsN7XBFFAAAAAAA
|
||||
HAAgc2FsdEBub3RhdGlvbnMub3BlbnBncGpzLm9yZw1hBEkI2dXfJXMVH/ha
|
||||
uCz6Opp4tu616/VBZWGParIfApsMFiEEYmvn2jb9uzAG41Ql+Gc9nQsN7XAA
|
||||
ABWvAQDZznAKuYpaWKklOVw2z8fgLP6sL9ai+zBjlWogKoswNgEAoXTZ1SOJ
|
||||
bWGFbTrrvSBYui/idHvj8Tax0EDVVw6W1Qc=
|
||||
=OKHa
|
||||
-----END PGP PRIVATE KEY BLOCK-----` });
|
||||
|
||||
expect(privateKeyWithPublicKeyPackets.isDecrypted()).to.be.true;
|
||||
expect(privateKeyWithPublicKeyPackets.isPrivate()).to.be.true;
|
||||
const signingKey = await privateKeyWithPublicKeyPackets.getSigningKey();
|
||||
expect(signingKey.getKeyID().equals(privateKeyWithPublicKeyPackets.subkeys[0].getKeyID())).to.be.true;
|
||||
const decryptedKeys = await privateKeyWithPublicKeyPackets.getDecryptionKeys();
|
||||
expect(key.isDecrypted()).to.be.true;
|
||||
expect(key.isPrivate()).to.be.true;
|
||||
const signingKey = await key.getSigningKey();
|
||||
expect(signingKey.getKeyID().equals(key.subkeys[0].getKeyID())).to.be.true;
|
||||
const decryptedKeys = await key.getDecryptionKeys();
|
||||
expect(decryptedKeys.length).to.equal(1);
|
||||
expect(decryptedKeys[0].getKeyID().equals(privateKeyWithPublicKeyPackets.subkeys[2].getKeyID())).to.be.true;
|
||||
expect(decryptedKeys[0].getKeyID().equals(key.subkeys[2].getKeyID())).to.be.true;
|
||||
});
|
||||
|
||||
it('Parses V5 sample key', async function() {
|
||||
@ -3667,7 +3669,7 @@ PzIEeL7UH3trraFmi+Gq8u4kAA==
|
||||
|
||||
it('validate() - throw if all-gnu-dummy key', async function() {
|
||||
const key = await openpgp.readKey({ armoredKey: gnuDummyKey });
|
||||
await expect(key.validate()).to.be.rejectedWith('Cannot validate an all-gnu-dummy key');
|
||||
await expect(key.validate()).to.be.rejectedWith('Cannot validate key without secret key material');
|
||||
});
|
||||
|
||||
it('validate() - gnu-dummy primary key with signing subkey', async function() {
|
||||
@ -3680,6 +3682,11 @@ PzIEeL7UH3trraFmi+Gq8u4kAA==
|
||||
await expect(key.validate()).to.not.be.rejected;
|
||||
});
|
||||
|
||||
it('validate() - key with public key packets', async function() {
|
||||
const key = await openpgp.readKey({ armoredKey: privateKeyWithPublicKeyPackets });
|
||||
await expect(key.validate()).to.not.be.rejected;
|
||||
});
|
||||
|
||||
it('validate() - curve ed25519 (eddsa) cannot be used for ecdsa', async function() {
|
||||
const key = await openpgp.readKey({ armoredKey: eddsaKeyAsEcdsa });
|
||||
await expect(key.validate()).to.be.rejectedWith('Key is invalid');
|
||||
@ -4445,6 +4452,14 @@ VYGdb3eNlV8CfoEC
|
||||
await expect(openpgp.encryptKey({ privateKey: encryptedKey, passphrase })).to.be.eventually.rejectedWith(/Key packet is already encrypted/);
|
||||
});
|
||||
|
||||
it('Should support encrypting a private key which includes public key packets', async function() {
|
||||
const passphrase = 'hello world';
|
||||
const key = await openpgp.readKey({ armoredKey: privateKeyWithPublicKeyPackets });
|
||||
const encryptedKey = await openpgp.encryptKey({ privateKey: key, passphrase });
|
||||
const decryptedKey = await openpgp.decryptKey({ privateKey: encryptedKey, passphrase });
|
||||
await expect(decryptedKey.write()).to.deep.equal(key.write());
|
||||
});
|
||||
|
||||
describe('addSubkey functionality testing', function() {
|
||||
const rsaBits = 1024;
|
||||
let minRSABits;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user