Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2025-10-14 00:59:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

For v6 keys, create direct-key signature for key properties

Browse Source 
Store key flags, features and preferences in a direct-key signature
instead of user ID signatures, for V6 keys.
This commit is contained in:
Daniel Huigens 2022-03-02 17:16:58 +01:00 committed by larabr
parent 091be036f4
commit 3ea21f6c6a
2 changed files with 31 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/key/factory.js
View File

@ -188,18 +188,12 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, conf
const packetlist = new PacketList();
packetlist.push(secretKeyPacket);
await Promise.all(options.userIDs.map(async function(userID, index) {
function createPreferredAlgos(algos, preferredAlgo) {
return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];
}
const userIDPacket = UserIDPacket.fromObject(userID);
const dataToSign = {};
dataToSign.userID = userIDPacket;
dataToSign.key = secretKeyPacket;
function createPreferredAlgos(algos, preferredAlgo) {
return [preferredAlgo, ...algos.filter(algo => algo !== preferredAlgo)];
}
function getKeySignatureProperties() {
const signatureProperties = {};
signatureProperties.signatureType = enums.signature.certGeneric;
signatureProperties.keyFlags = [enums.keyFlags.certifyKeys | enums.keyFlags.signData];
signatureProperties.preferredSymmetricAlgorithms = createPreferredAlgos([
// prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support)
@ -223,9 +217,6 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, conf
enums.compression.zip,
enums.compression.uncompressed
], config.preferredCompressionAlgorithm);
if (index === 0) {
signatureProperties.isPrimaryUserID = true;
}
// integrity protection always enabled
signatureProperties.features = [0];
signatureProperties.features[0] |= enums.features.modificationDetection;
@ -236,6 +227,32 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options, conf
signatureProperties.keyExpirationTime = options.keyExpirationTime;
signatureProperties.keyNeverExpires = false;
}
return signatureProperties;
}
if (secretKeyPacket.version === 6) { // add direct key signature with key prefs
const dataToSign = {
key: secretKeyPacket
};
const signatureProperties = getKeySignatureProperties();
signatureProperties.signatureType = enums.signature.key;
const signaturePacket = await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);
packetlist.push(signaturePacket);
}
await Promise.all(options.userIDs.map(async function(userID, index) {
const userIDPacket = UserIDPacket.fromObject(userID);
const dataToSign = {
userID: userIDPacket,
key: secretKeyPacket
};
const signatureProperties = secretKeyPacket.version !== 6 ? getKeySignatureProperties() : {};
signatureProperties.signatureType = enums.signature.certGeneric;
if (index === 0) {
signatureProperties.isPrimaryUserID = true;
}
const signaturePacket = await helper.createSignaturePacket(dataToSign, null, secretKeyPacket, signatureProperties, options.date, undefined, undefined, undefined, config);

2
test/general/config.js
View File

@ -146,7 +146,7 @@ n9/quqtmyOtYOA6gXNCw0Fal3iANKBmsPmYI
const key2 = await openpgp.readKey({ armoredKey: privateKeyArmored2 });
expect(key2.keyPacket.version).to.equal(6);
expect(privateKeyArmored2.indexOf(openpgp.config.commentString) > 0).to.be.true;
expect(key2.users[0].selfCertifications[0].preferredHashAlgorithms[0]).to.equal(config.preferredHashAlgorithm);
expect(key2.directSignatures[0].preferredHashAlgorithms[0]).to.equal(config.preferredHashAlgorithm);
} finally {
openpgp.config.v6Keys = v6KeysVal;
openpgp.config.preferredHashAlgorithm = preferredHashAlgorithmVal;