mirror of
				https://github.com/openpgpjs/openpgpjs.git
				synced 2025-10-14 00:59:29 +00:00 
			
		
		
		
	Various key revocation fixes
This commit is contained in:
		
							parent
							
								
									e411839ae3
								
							
						
					
					
						commit
						3fd0fa8f68
					
				| @ -95,9 +95,10 @@ function getType(text) { | |||||||
|  * packet block. |  * packet block. | ||||||
|  * @author  Alex |  * @author  Alex | ||||||
|  * @version 2011-12-16 |  * @version 2011-12-16 | ||||||
|  |  * @param {String} customComment (optional) additional comment to add to the armored string | ||||||
|  * @returns {String} The header information |  * @returns {String} The header information | ||||||
|  */ |  */ | ||||||
| function addheader() { | function addheader(customComment) { | ||||||
|   let result = ""; |   let result = ""; | ||||||
|   if (config.show_version) { |   if (config.show_version) { | ||||||
|     result += "Version: " + config.versionstring + '\r\n'; |     result += "Version: " + config.versionstring + '\r\n'; | ||||||
| @ -105,6 +106,9 @@ function addheader() { | |||||||
|   if (config.show_comment) { |   if (config.show_comment) { | ||||||
|     result += "Comment: " + config.commentstring + '\r\n'; |     result += "Comment: " + config.commentstring + '\r\n'; | ||||||
|   } |   } | ||||||
|  |   if (customComment) { | ||||||
|  |     result += "Comment: " + customComment + '\r\n'; | ||||||
|  |   } | ||||||
|   result += '\r\n'; |   result += '\r\n'; | ||||||
|   return result; |   return result; | ||||||
| } | } | ||||||
| @ -326,22 +330,23 @@ function dearmor(text) { | |||||||
|  * @param body |  * @param body | ||||||
|  * @param {Integer} partindex |  * @param {Integer} partindex | ||||||
|  * @param {Integer} parttotal |  * @param {Integer} parttotal | ||||||
|  |  * @param {String} customComment (optional) additional comment to add to the armored string | ||||||
|  * @returns {String} Armored text |  * @returns {String} Armored text | ||||||
|  * @static |  * @static | ||||||
|  */ |  */ | ||||||
| function armor(messagetype, body, partindex, parttotal) { | function armor(messagetype, body, partindex, parttotal, customComment) { | ||||||
|   const result = []; |   const result = []; | ||||||
|   switch (messagetype) { |   switch (messagetype) { | ||||||
|     case enums.armor.multipart_section: |     case enums.armor.multipart_section: | ||||||
|       result.push("-----BEGIN PGP MESSAGE, PART " + partindex + "/" + parttotal + "-----\r\n"); |       result.push("-----BEGIN PGP MESSAGE, PART " + partindex + "/" + parttotal + "-----\r\n"); | ||||||
|       result.push(addheader()); |       result.push(addheader(customComment)); | ||||||
|       result.push(base64.encode(body)); |       result.push(base64.encode(body)); | ||||||
|       result.push("\r\n=" + getCheckSum(body) + "\r\n"); |       result.push("\r\n=" + getCheckSum(body) + "\r\n"); | ||||||
|       result.push("-----END PGP MESSAGE, PART " + partindex + "/" + parttotal + "-----\r\n"); |       result.push("-----END PGP MESSAGE, PART " + partindex + "/" + parttotal + "-----\r\n"); | ||||||
|       break; |       break; | ||||||
|     case enums.armor.multipart_last: |     case enums.armor.multipart_last: | ||||||
|       result.push("-----BEGIN PGP MESSAGE, PART " + partindex + "-----\r\n"); |       result.push("-----BEGIN PGP MESSAGE, PART " + partindex + "-----\r\n"); | ||||||
|       result.push(addheader()); |       result.push(addheader(customComment)); | ||||||
|       result.push(base64.encode(body)); |       result.push(base64.encode(body)); | ||||||
|       result.push("\r\n=" + getCheckSum(body) + "\r\n"); |       result.push("\r\n=" + getCheckSum(body) + "\r\n"); | ||||||
|       result.push("-----END PGP MESSAGE, PART " + partindex + "-----\r\n"); |       result.push("-----END PGP MESSAGE, PART " + partindex + "-----\r\n"); | ||||||
| @ -351,35 +356,35 @@ function armor(messagetype, body, partindex, parttotal) { | |||||||
|       result.push("Hash: " + body.hash + "\r\n\r\n"); |       result.push("Hash: " + body.hash + "\r\n\r\n"); | ||||||
|       result.push(body.text.replace(/^-/mg, "- -")); |       result.push(body.text.replace(/^-/mg, "- -")); | ||||||
|       result.push("\r\n-----BEGIN PGP SIGNATURE-----\r\n"); |       result.push("\r\n-----BEGIN PGP SIGNATURE-----\r\n"); | ||||||
|       result.push(addheader()); |       result.push(addheader(customComment)); | ||||||
|       result.push(base64.encode(body.data)); |       result.push(base64.encode(body.data)); | ||||||
|       result.push("\r\n=" + getCheckSum(body.data) + "\r\n"); |       result.push("\r\n=" + getCheckSum(body.data) + "\r\n"); | ||||||
|       result.push("-----END PGP SIGNATURE-----\r\n"); |       result.push("-----END PGP SIGNATURE-----\r\n"); | ||||||
|       break; |       break; | ||||||
|     case enums.armor.message: |     case enums.armor.message: | ||||||
|       result.push("-----BEGIN PGP MESSAGE-----\r\n"); |       result.push("-----BEGIN PGP MESSAGE-----\r\n"); | ||||||
|       result.push(addheader()); |       result.push(addheader(customComment)); | ||||||
|       result.push(base64.encode(body)); |       result.push(base64.encode(body)); | ||||||
|       result.push("\r\n=" + getCheckSum(body) + "\r\n"); |       result.push("\r\n=" + getCheckSum(body) + "\r\n"); | ||||||
|       result.push("-----END PGP MESSAGE-----\r\n"); |       result.push("-----END PGP MESSAGE-----\r\n"); | ||||||
|       break; |       break; | ||||||
|     case enums.armor.public_key: |     case enums.armor.public_key: | ||||||
|       result.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n"); |       result.push("-----BEGIN PGP PUBLIC KEY BLOCK-----\r\n"); | ||||||
|       result.push(addheader()); |       result.push(addheader(customComment)); | ||||||
|       result.push(base64.encode(body)); |       result.push(base64.encode(body)); | ||||||
|       result.push("\r\n=" + getCheckSum(body) + "\r\n"); |       result.push("\r\n=" + getCheckSum(body) + "\r\n"); | ||||||
|       result.push("-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n"); |       result.push("-----END PGP PUBLIC KEY BLOCK-----\r\n\r\n"); | ||||||
|       break; |       break; | ||||||
|     case enums.armor.private_key: |     case enums.armor.private_key: | ||||||
|       result.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\r\n"); |       result.push("-----BEGIN PGP PRIVATE KEY BLOCK-----\r\n"); | ||||||
|       result.push(addheader()); |       result.push(addheader(customComment)); | ||||||
|       result.push(base64.encode(body)); |       result.push(base64.encode(body)); | ||||||
|       result.push("\r\n=" + getCheckSum(body) + "\r\n"); |       result.push("\r\n=" + getCheckSum(body) + "\r\n"); | ||||||
|       result.push("-----END PGP PRIVATE KEY BLOCK-----\r\n"); |       result.push("-----END PGP PRIVATE KEY BLOCK-----\r\n"); | ||||||
|       break; |       break; | ||||||
|     case enums.armor.signature: |     case enums.armor.signature: | ||||||
|       result.push("-----BEGIN PGP SIGNATURE-----\r\n"); |       result.push("-----BEGIN PGP SIGNATURE-----\r\n"); | ||||||
|       result.push(addheader()); |       result.push(addheader(customComment)); | ||||||
|       result.push(base64.encode(body)); |       result.push(base64.encode(body)); | ||||||
|       result.push("\r\n=" + getCheckSum(body) + "\r\n"); |       result.push("\r\n=" + getCheckSum(body) + "\r\n"); | ||||||
|       result.push("-----END PGP SIGNATURE-----\r\n"); |       result.push("-----END PGP SIGNATURE-----\r\n"); | ||||||
|  | |||||||
							
								
								
									
										118
									
								
								src/key.js
									
									
									
									
									
								
							
							
						
						
									
										118
									
								
								src/key.js
									
									
									
									
									
								
							| @ -626,27 +626,26 @@ async function mergeSignatures(source, dest, attr, checkFn) { | |||||||
| 
 | 
 | ||||||
| /** | /** | ||||||
|  * Revokes the key |  * Revokes the key | ||||||
|  * @param  {module:key~Key} privateKey decrypted private key for revocation |  | ||||||
|  * @param  {Object} reasonForRevocation optional, object indicating the reason for revocation |  * @param  {Object} reasonForRevocation optional, object indicating the reason for revocation | ||||||
|  * @param  {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation |  * @param  {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation | ||||||
|  * @param  {String} reasonForRevocation.string optional, string explaining the reason for revocation |  * @param  {String} reasonForRevocation.string optional, string explaining the reason for revocation | ||||||
|  * @param  {Date} date optional, override the creationtime of the revocation signature |  * @param  {Date} date optional, override the creationtime of the revocation signature | ||||||
|  * @return {module:key~Key} new key with revocation signature |  * @return {module:key~Key} new key with revocation signature | ||||||
|  */ |  */ | ||||||
| Key.prototype.revoke = async function(privateKey, { | Key.prototype.revoke = async function({ | ||||||
|   flag: reasonForRevocationFlag=enums.reasonForRevocation.no_reason, |   flag: reasonForRevocationFlag=enums.reasonForRevocation.no_reason, | ||||||
|   string: reasonForRevocationString='' |   string: reasonForRevocationString='' | ||||||
| } = {}, date=new Date()) { | } = {}, date=new Date()) { | ||||||
|   if (privateKey.primaryKey.getFingerprint() !== this.primaryKey.getFingerprint()) { |   if (this.isPublic()) { | ||||||
|     throw new Error('Private key does not match public key'); |     throw new Error('Need private key for revoking'); | ||||||
|   } |   } | ||||||
|   const dataToSign = { key: this.primaryKey }; |   const dataToSign = { key: this.primaryKey }; | ||||||
|   const key = new Key(this.toPacketlist()); |   const key = new Key(this.toPacketlist()); | ||||||
|   key.revocationSignature = await createSignaturePacket(dataToSign, privateKey, { |   key.revocationSignatures.push(await createSignaturePacket(dataToSign, null, this.primaryKey, { | ||||||
|     signatureType: enums.signature.key_revocation, |     signatureType: enums.signature.key_revocation, | ||||||
|     reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), |     reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), | ||||||
|     reasonForRevocationString |     reasonForRevocationString | ||||||
|   }, date); |   }, date)); | ||||||
|   return key; |   return key; | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| @ -656,30 +655,22 @@ Key.prototype.revoke = async function(privateKey, { | |||||||
|  * @return {String} armored revocation certificate |  * @return {String} armored revocation certificate | ||||||
|  */ |  */ | ||||||
| Key.prototype.getRevocationCertificate = function() { | Key.prototype.getRevocationCertificate = function() { | ||||||
|   if (this.revocationSignature) { |   if (this.revocationSignatures.length) { | ||||||
|     const commentstring = config.commentstring; |     const packetlist = new packet.List(); | ||||||
|     config.commentstring = 'This is a revocation certificate'; |     packetlist.push(getLatestSignature(this.revocationSignatures)); | ||||||
|     try { |     return armor.encode(enums.armor.public_key, packetlist.write(), null, null, 'This is a revocation certificate'); | ||||||
|       const packetlist = new packet.List(); |  | ||||||
|       packetlist.push(this.revocationSignature); |  | ||||||
|       return armor.encode(enums.armor.public_key, packetlist.write()); |  | ||||||
|     } finally { |  | ||||||
|       // Restore comment string. armor.encode() shouldn't throw, but just to be sure it's wrapped in a try/finally
 |  | ||||||
|       config.commentstring = commentstring; |  | ||||||
|     } |  | ||||||
|   } |   } | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| /** | /** | ||||||
|  * Applies a revocation certificate to a key |  * Applies a revocation certificate to a key | ||||||
|  |  * This adds the first signature packet in the armored text to the key, | ||||||
|  |  * if it is a valid revocation signature. | ||||||
|  * @param  {String} revocationCertificate armored revocation certificate |  * @param  {String} revocationCertificate armored revocation certificate | ||||||
|  * @return {module:key~Key} new revoked key |  * @return {module:key~Key} new revoked key | ||||||
|  */ |  */ | ||||||
| Key.prototype.applyRevocationCertificate = async function(revocationCertificate) { | Key.prototype.applyRevocationCertificate = async function(revocationCertificate) { | ||||||
|   const input = armor.decode(revocationCertificate); |   const input = armor.decode(revocationCertificate); | ||||||
|   if (input.type !== enums.armor.public_key) { |  | ||||||
|     throw new Error('Armored text not of type public key'); |  | ||||||
|   } |  | ||||||
|   const packetlist = new packet.List(); |   const packetlist = new packet.List(); | ||||||
|   packetlist.read(input.data); |   packetlist.read(input.data); | ||||||
|   const revocationSignature = packetlist.findPacket(enums.packet.signature); |   const revocationSignature = packetlist.findPacket(enums.packet.signature); | ||||||
| @ -696,7 +687,7 @@ Key.prototype.applyRevocationCertificate = async function(revocationCertificate) | |||||||
|     throw new Error('Could not verify revocation signature'); |     throw new Error('Could not verify revocation signature'); | ||||||
|   } |   } | ||||||
|   const key = new Key(this.toPacketlist()); |   const key = new Key(this.toPacketlist()); | ||||||
|   key.revocationSignature = revocationSignature; |   key.revocationSignatures.push(revocationSignature); | ||||||
|   return key; |   return key; | ||||||
| }; | }; | ||||||
| 
 | 
 | ||||||
| @ -818,11 +809,22 @@ User.prototype.toPacketlist = function() { | |||||||
| User.prototype.sign = async function(primaryKey, privateKeys) { | User.prototype.sign = async function(primaryKey, privateKeys) { | ||||||
|   const dataToSign = { userid: this.userId || this.userAttribute, key: primaryKey }; |   const dataToSign = { userid: this.userId || this.userAttribute, key: primaryKey }; | ||||||
|   const user = new User(dataToSign.userid); |   const user = new User(dataToSign.userid); | ||||||
|   user.otherCertifications = await Promise.all(privateKeys.map(function(privateKey) { |   user.otherCertifications = await Promise.all(privateKeys.map(async function(privateKey) { | ||||||
|  |     if (privateKey.isPublic()) { | ||||||
|  |       throw new Error('Need private key for signing'); | ||||||
|  |     } | ||||||
|     if (privateKey.primaryKey.getFingerprint() === primaryKey.getFingerprint()) { |     if (privateKey.primaryKey.getFingerprint() === primaryKey.getFingerprint()) { | ||||||
|       throw new Error('Not implemented for self signing'); |       throw new Error('Not implemented for self signing'); | ||||||
|     } |     } | ||||||
|     return createSignaturePacket(dataToSign, privateKey, { |     const signingKeyPacket = await privateKey.getSigningKeyPacket(); | ||||||
|  |     if (!signingKeyPacket) { | ||||||
|  |       throw new Error('Could not find valid signing key packet in key ' + | ||||||
|  |                       privateKey.primaryKey.getKeyId().toHex()); | ||||||
|  |     } | ||||||
|  |     if (!signingKeyPacket.isDecrypted) { | ||||||
|  |       throw new Error('Private key is not decrypted.'); | ||||||
|  |     } | ||||||
|  |     return createSignaturePacket(dataToSign, privateKey, signingKeyPacket, { | ||||||
|       // Most OpenPGP implementations use generic certification (0x10)
 |       // Most OpenPGP implementations use generic certification (0x10)
 | ||||||
|       signatureType: enums.signature.cert_generic, |       signatureType: enums.signature.cert_generic, | ||||||
|       keyFlags: [enums.keyFlags.certify_keys | enums.keyFlags.sign_data] |       keyFlags: [enums.keyFlags.certify_keys | enums.keyFlags.sign_data] | ||||||
| @ -857,31 +859,21 @@ User.prototype.isRevoked = async function(primaryKey, certificate, key, date=new | |||||||
| /** | /** | ||||||
|  * Create signature packet |  * Create signature packet | ||||||
|  * @param  {Object}                          dataToSign Contains packets to be signed |  * @param  {Object}                          dataToSign Contains packets to be signed | ||||||
|  * @param  {module:key~Key}                  privateKey private key with decrypted secret key data for signing |  * @param  {module:packet.SecretKey| | ||||||
|  |  *          module:packet.SecretSubkey}      signingKeyPacket secret key packet for signing | ||||||
|  * @param  {Object} signatureProperties      (optional) properties to write on the signature packet before signing |  * @param  {Object} signatureProperties      (optional) properties to write on the signature packet before signing | ||||||
|  * @param  {Date} date                       (optional) override the creationtime of the signature |  * @param  {Date} date                       (optional) override the creationtime of the signature | ||||||
|  * @param  {Object} userId                   (optional) user ID |  * @param  {Object} userId                   (optional) user ID | ||||||
|  * @return {module:packet/signature}         signature packet |  * @return {module:packet/signature}         signature packet | ||||||
|  */ |  */ | ||||||
| export async function createSignaturePacket(dataToSign, privateKey, signatureProperties, date, userId) { | export async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userId) { | ||||||
|   if (privateKey.isPublic()) { |  | ||||||
|     throw new Error('Need private key for signing'); |  | ||||||
|   } |  | ||||||
|   await privateKey.verifyPrimaryUser(); |  | ||||||
|   const signingKeyPacket = await privateKey.getSigningKeyPacket(undefined, date, userId); |  | ||||||
|   if (!signingKeyPacket) { |  | ||||||
|     throw new Error(`Could not find valid signing key packet in key ${ |  | ||||||
|         privateKey.primaryKey.getKeyId().toHex()}`);
 |  | ||||||
|   } |  | ||||||
|   if (!signingKeyPacket.isDecrypted) { |   if (!signingKeyPacket.isDecrypted) { | ||||||
|     throw new Error('Private key is not decrypted.'); |     throw new Error('Private key is not decrypted.'); | ||||||
|   } |   } | ||||||
|   const signaturePacket = new packet.Signature(date); |   const signaturePacket = new packet.Signature(date); | ||||||
|   for(const [prop, value] of Object.entries(signatureProperties)) { |   Object.assign(signaturePacket, signatureProperties); | ||||||
|     signaturePacket[prop] = value; |  | ||||||
|   } |  | ||||||
|   signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; |   signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; | ||||||
|   signaturePacket.hashAlgorithm = await getPreferredHashAlgo(privateKey, date, userId); |   signaturePacket.hashAlgorithm = await getPreferredHashAlgo(privateKey, signingKeyPacket, date, userId); | ||||||
|   await signaturePacket.sign(signingKeyPacket, dataToSign); |   await signaturePacket.sign(signingKeyPacket, dataToSign); | ||||||
|   return signaturePacket; |   return signaturePacket; | ||||||
| } | } | ||||||
| @ -1125,28 +1117,24 @@ SubKey.prototype.update = async function(subKey, primaryKey) { | |||||||
| 
 | 
 | ||||||
| /** | /** | ||||||
|  * Revokes the subkey |  * Revokes the subkey | ||||||
|  * @param  {module:packet/signature} primaryKey primary key used for revocation |  * @param  {module:packet.SecretKey} primaryKey decrypted private primary key for revocation | ||||||
|  * @param  {module:key~Key} privateKey decrypted private key for revocation |  | ||||||
|  * @param  {Object} reasonForRevocation optional, object indicating the reason for revocation |  * @param  {Object} reasonForRevocation optional, object indicating the reason for revocation | ||||||
|  * @param  {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation |  * @param  {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation | ||||||
|  * @param  {String} reasonForRevocation.string optional, string explaining the reason for revocation |  * @param  {String} reasonForRevocation.string optional, string explaining the reason for revocation | ||||||
|  * @param  {Date} date optional, override the creationtime of the revocation signature |  * @param  {Date} date optional, override the creationtime of the revocation signature | ||||||
|  * @return {module:key~SubKey} new subkey with revocation signature |  * @return {module:key~SubKey} new subkey with revocation signature | ||||||
|  */ |  */ | ||||||
| SubKey.prototype.revoke = async function(primaryKey, privateKey, { | SubKey.prototype.revoke = async function(primaryKey, { | ||||||
|   flag: reasonForRevocationFlag=enums.reasonForRevocation.no_reason, |   flag: reasonForRevocationFlag=enums.reasonForRevocation.no_reason, | ||||||
|   string: reasonForRevocationString='' |   string: reasonForRevocationString='' | ||||||
| } = {}, date=new Date()) { | } = {}, date=new Date()) { | ||||||
|   if (privateKey.primaryKey.getFingerprint() !== primaryKey.getFingerprint()) { |  | ||||||
|     throw new Error('Private key does not match public key'); |  | ||||||
|   } |  | ||||||
|   const dataToSign = { key: primaryKey, bind: this.subKey }; |   const dataToSign = { key: primaryKey, bind: this.subKey }; | ||||||
|   const subKey = new SubKey(this.subKey); |   const subKey = new SubKey(this.subKey); | ||||||
|   subKey.revocationSignature = await createSignaturePacket(dataToSign, privateKey, { |   subKey.revocationSignatures.push(await createSignaturePacket(dataToSign, null, primaryKey, { | ||||||
|     signatureType: enums.signature.subkey_revocation, |     signatureType: enums.signature.subkey_revocation, | ||||||
|     reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), |     reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag), | ||||||
|     reasonForRevocationString |     reasonForRevocationString | ||||||
|   }, date); |   }, date)); | ||||||
|   await subKey.update(this, primaryKey); |   await subKey.update(this, primaryKey); | ||||||
|   return subKey; |   return subKey; | ||||||
| }; | }; | ||||||
| @ -1223,7 +1211,6 @@ export function readArmored(armoredText) { | |||||||
|  * @param  {Date} date         Override the creation date of the key and the key signatures |  * @param  {Date} date         Override the creation date of the key and the key signatures | ||||||
|  * @param  {Array<Object>} subkeys   (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] |  * @param  {Array<Object>} subkeys   (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] | ||||||
|  *                                              sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt |  *                                              sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt | ||||||
|  * @param {Boolean} [options.revoked=false] Whether the key should include a revocation signature |  | ||||||
|  * @returns {Promise<module:key.Key>} |  * @returns {Promise<module:key.Key>} | ||||||
|  * @async |  * @async | ||||||
|  * @static |  * @static | ||||||
| @ -1384,7 +1371,7 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options) { | |||||||
|     const signaturePacket = new packet.Signature(options.date); |     const signaturePacket = new packet.Signature(options.date); | ||||||
|     signaturePacket.signatureType = enums.signature.cert_generic; |     signaturePacket.signatureType = enums.signature.cert_generic; | ||||||
|     signaturePacket.publicKeyAlgorithm = secretKeyPacket.algorithm; |     signaturePacket.publicKeyAlgorithm = secretKeyPacket.algorithm; | ||||||
|     signaturePacket.hashAlgorithm = await getPreferredHashAlgo(secretKeyPacket); |     signaturePacket.hashAlgorithm = await getPreferredHashAlgo(null, secretKeyPacket); | ||||||
|     signaturePacket.keyFlags = [enums.keyFlags.certify_keys | enums.keyFlags.sign_data]; |     signaturePacket.keyFlags = [enums.keyFlags.certify_keys | enums.keyFlags.sign_data]; | ||||||
|     signaturePacket.preferredSymmetricAlgorithms = []; |     signaturePacket.preferredSymmetricAlgorithms = []; | ||||||
|     // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support)
 |     // prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support)
 | ||||||
| @ -1440,7 +1427,7 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options) { | |||||||
|     const subkeySignaturePacket = new packet.Signature(subkeyOptions.date); |     const subkeySignaturePacket = new packet.Signature(subkeyOptions.date); | ||||||
|     subkeySignaturePacket.signatureType = enums.signature.subkey_binding; |     subkeySignaturePacket.signatureType = enums.signature.subkey_binding; | ||||||
|     subkeySignaturePacket.publicKeyAlgorithm = secretKeyPacket.algorithm; |     subkeySignaturePacket.publicKeyAlgorithm = secretKeyPacket.algorithm; | ||||||
|     subkeySignaturePacket.hashAlgorithm = await getPreferredHashAlgo(secretSubkeyPacket); |     subkeySignaturePacket.hashAlgorithm = await getPreferredHashAlgo(null, secretSubkeyPacket); | ||||||
|     subkeySignaturePacket.keyFlags = subkeyOptions.sign ? enums.keyFlags.sign_data : [enums.keyFlags.encrypt_communication | enums.keyFlags.encrypt_storage]; |     subkeySignaturePacket.keyFlags = subkeyOptions.sign ? enums.keyFlags.sign_data : [enums.keyFlags.encrypt_communication | enums.keyFlags.encrypt_storage]; | ||||||
|     if (subkeyOptions.keyExpirationTime > 0) { |     if (subkeyOptions.keyExpirationTime > 0) { | ||||||
|       subkeySignaturePacket.keyExpirationTime = subkeyOptions.keyExpirationTime; |       subkeySignaturePacket.keyExpirationTime = subkeyOptions.keyExpirationTime; | ||||||
| @ -1456,18 +1443,14 @@ async function wrapKeyObject(secretKeyPacket, secretSubkeyPackets, options) { | |||||||
|     }); |     }); | ||||||
|   }); |   }); | ||||||
| 
 | 
 | ||||||
|   if (options.revoked) { |   // Add revocation signature packet for creating a revocation certificate.
 | ||||||
|     const dataToSign = {}; |   // This packet should be removed before returning the key.
 | ||||||
|     dataToSign.key = secretKeyPacket; |   const dataToSign = { key: secretKeyPacket }; | ||||||
|     const revocationSignaturePacket = new packet.Signature(); |   packetlist.push(await createSignaturePacket(dataToSign, null, secretKeyPacket, { | ||||||
|     revocationSignaturePacket.signatureType = enums.signature.key_revocation; |     signatureType: enums.signature.key_revocation, | ||||||
|     revocationSignaturePacket.reasonForRevocationFlag = enums.reasonForRevocation.no_reason; |     reasonForRevocationFlag: enums.reasonForRevocation.no_reason, | ||||||
|     revocationSignaturePacket.reasonForRevocationString = ''; |     reasonForRevocationString: '' | ||||||
|     revocationSignaturePacket.publicKeyAlgorithm = options.keyType; |   }, options.date)); | ||||||
|     revocationSignaturePacket.hashAlgorithm = getPreferredHashAlgo(secretKeyPacket); |  | ||||||
|     await revocationSignaturePacket.sign(secretKeyPacket, dataToSign); |  | ||||||
|     packetlist.push(revocationSignaturePacket); |  | ||||||
|   } |  | ||||||
| 
 | 
 | ||||||
|   // set passphrase protection
 |   // set passphrase protection
 | ||||||
|   if (options.passphrase) { |   if (options.passphrase) { | ||||||
| @ -1546,13 +1529,14 @@ function getExpirationTime(keyPacket, signature) { | |||||||
| 
 | 
 | ||||||
| /** | /** | ||||||
|  * Returns the preferred signature hash algorithm of a key |  * Returns the preferred signature hash algorithm of a key | ||||||
|  * @param  {object} key |  * @param  {module:key.Key} key (optional) the key to get preferences from | ||||||
|  |  * @param  {module:packet.SecretKey|module:packet.SecretSubkey} keyPacket key packet used for signing | ||||||
|  * @param  {Date} date (optional) use the given date for verification instead of the current time |  * @param  {Date} date (optional) use the given date for verification instead of the current time | ||||||
|  * @param  {Object} userId (optional) user ID |  * @param  {Object} userId (optional) user ID | ||||||
|  * @returns {Promise<String>} |  * @returns {Promise<String>} | ||||||
|  * @async |  * @async | ||||||
|  */ |  */ | ||||||
| export async function getPreferredHashAlgo(key, date=new Date(), userId={}) { | export async function getPreferredHashAlgo(key, keyPacket, date=new Date(), userId={}) { | ||||||
|   let hash_algo = config.prefer_hash_algorithm; |   let hash_algo = config.prefer_hash_algorithm; | ||||||
|   let pref_algo = hash_algo; |   let pref_algo = hash_algo; | ||||||
|   if (key instanceof Key) { |   if (key instanceof Key) { | ||||||
| @ -1562,19 +1546,17 @@ export async function getPreferredHashAlgo(key, date=new Date(), userId={}) { | |||||||
|       hash_algo = crypto.hash.getHashByteLength(hash_algo) <= crypto.hash.getHashByteLength(pref_algo) ? |       hash_algo = crypto.hash.getHashByteLength(hash_algo) <= crypto.hash.getHashByteLength(pref_algo) ? | ||||||
|         pref_algo : hash_algo; |         pref_algo : hash_algo; | ||||||
|     } |     } | ||||||
|     // disable expiration checks
 |  | ||||||
|     key = key.getSigningKeyPacket(undefined, null, userId); |  | ||||||
|   } |   } | ||||||
|   switch (Object.getPrototypeOf(key)) { |   switch (Object.getPrototypeOf(keyPacket)) { | ||||||
|     case packet.SecretKey.prototype: |     case packet.SecretKey.prototype: | ||||||
|     case packet.PublicKey.prototype: |     case packet.PublicKey.prototype: | ||||||
|     case packet.SecretSubkey.prototype: |     case packet.SecretSubkey.prototype: | ||||||
|     case packet.PublicSubkey.prototype: |     case packet.PublicSubkey.prototype: | ||||||
|       switch (key.algorithm) { |       switch (keyPacket.algorithm) { | ||||||
|         case 'ecdh': |         case 'ecdh': | ||||||
|         case 'ecdsa': |         case 'ecdsa': | ||||||
|         case 'eddsa': |         case 'eddsa': | ||||||
|           pref_algo = crypto.publicKey.elliptic.getPreferredHashAlgo(key.params[0]); |           pref_algo = crypto.publicKey.elliptic.getPreferredHashAlgo(keyPacket.params[0]); | ||||||
|       } |       } | ||||||
|   } |   } | ||||||
|   return crypto.hash.getHashByteLength(hash_algo) <= crypto.hash.getHashByteLength(pref_algo) ? |   return crypto.hash.getHashByteLength(hash_algo) <= crypto.hash.getHashByteLength(pref_algo) ? | ||||||
|  | |||||||
| @ -428,7 +428,7 @@ Message.prototype.sign = async function(privateKeys=[], signature=null, date=new | |||||||
|     } |     } | ||||||
|     const onePassSig = new packet.OnePassSignature(); |     const onePassSig = new packet.OnePassSignature(); | ||||||
|     onePassSig.type = signatureType; |     onePassSig.type = signatureType; | ||||||
|     onePassSig.hashAlgorithm = await getPreferredHashAlgo(privateKey, date, userId); |     onePassSig.hashAlgorithm = await getPreferredHashAlgo(privateKey, signingKeyPacket, date, userId); | ||||||
|     onePassSig.publicKeyAlgorithm = signingKeyPacket.algorithm; |     onePassSig.publicKeyAlgorithm = signingKeyPacket.algorithm; | ||||||
|     onePassSig.signingKeyId = signingKeyPacket.getKeyId(); |     onePassSig.signingKeyId = signingKeyPacket.getKeyId(); | ||||||
|     if (i === privateKeys.length - 1) { |     if (i === privateKeys.length - 1) { | ||||||
| @ -499,8 +499,16 @@ export async function createSignaturePackets(literalDataPacket, privateKeys, sig | |||||||
|   const signatureType = literalDataPacket.text === null ? |   const signatureType = literalDataPacket.text === null ? | ||||||
|     enums.signature.binary : enums.signature.text; |     enums.signature.binary : enums.signature.text; | ||||||
| 
 | 
 | ||||||
|   await Promise.all(privateKeys.map(privateKey => { |   await Promise.all(privateKeys.map(async privateKey => { | ||||||
|     return createSignaturePacket(literalDataPacket, privateKey, {signatureType}, date, userId); |     if (privateKey.isPublic()) { | ||||||
|  |       throw new Error('Need private key for signing'); | ||||||
|  |     } | ||||||
|  |     const signingKeyPacket = await privateKey.getSigningKeyPacket(undefined, date, userId); | ||||||
|  |     if (!signingKeyPacket) { | ||||||
|  |       throw new Error(`Could not find valid signing key packet in key ${ | ||||||
|  |           privateKey.primaryKey.getKeyId().toHex()}`);
 | ||||||
|  |     } | ||||||
|  |     return createSignaturePacket(literalDataPacket, privateKey, signingKeyPacket, {signatureType}, date, userId); | ||||||
|   })).then(signatureList => { |   })).then(signatureList => { | ||||||
|     signatureList.forEach(signaturePacket => packetlist.push(signaturePacket)); |     signatureList.forEach(signaturePacket => packetlist.push(signaturePacket)); | ||||||
|   }); |   }); | ||||||
|  | |||||||
| @ -108,16 +108,15 @@ export function destroyWorker() { | |||||||
|  * @param  {Date} date               (optional) override the creation date of the key and the key signatures |  * @param  {Date} date               (optional) override the creation date of the key and the key signatures | ||||||
|  * @param  {Array<Object>} subkeys   (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] |  * @param  {Array<Object>} subkeys   (optional) options for each subkey, default to main key options. e.g. [{sign: true, passphrase: '123'}] | ||||||
|  *                                              sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt |  *                                              sign parameter defaults to false, and indicates whether the subkey should sign rather than encrypt | ||||||
|  * @param  {Boolean} revocationCertificate (optional) Whether the returned object should include a revocation certificate to revoke the public key |  | ||||||
|  * @returns {Promise<Object>}         The generated key object in the form: |  * @returns {Promise<Object>}         The generated key object in the form: | ||||||
|  *                                     { key:Key, privateKeyArmored:String, publicKeyArmored:String, revocationCertificate:String } |  *                                     { key:Key, privateKeyArmored:String, publicKeyArmored:String, revocationCertificate:String } | ||||||
|  * @async |  * @async | ||||||
|  * @static |  * @static | ||||||
|  */ |  */ | ||||||
| 
 | 
 | ||||||
| export function generateKey({ userIds=[], passphrase="", numBits=2048, keyExpirationTime=0, curve="", date=new Date(), subkeys=[{}], revocationCertificate=true }) { | export function generateKey({ userIds=[], passphrase="", numBits=2048, keyExpirationTime=0, curve="", date=new Date(), subkeys=[{}] }) { | ||||||
|   userIds = toArray(userIds); |   userIds = toArray(userIds); | ||||||
|   const options = { userIds, passphrase, numBits, keyExpirationTime, curve, date, subkeys, revocationCertificate }; |   const options = { userIds, passphrase, numBits, keyExpirationTime, curve, date, subkeys }; | ||||||
|   if (util.getWebCryptoAll() && numBits < 2048) { |   if (util.getWebCryptoAll() && numBits < 2048) { | ||||||
|     throw new Error('numBits should be 2048 or 4096, found: ' + numBits); |     throw new Error('numBits should be 2048 or 4096, found: ' + numBits); | ||||||
|   } |   } | ||||||
| @ -126,11 +125,9 @@ export function generateKey({ userIds=[], passphrase="", numBits=2048, keyExpira | |||||||
|     return asyncProxy.delegate('generateKey', options); |     return asyncProxy.delegate('generateKey', options); | ||||||
|   } |   } | ||||||
| 
 | 
 | ||||||
|   options.revoked = options.revocationCertificate; |  | ||||||
| 
 |  | ||||||
|   return generate(options).then(key => { |   return generate(options).then(key => { | ||||||
|     const revocationCertificate = key.getRevocationCertificate(); |     const revocationCertificate = key.getRevocationCertificate(); | ||||||
|     key.revocationSignature = null; |     key.revocationSignatures = []; | ||||||
| 
 | 
 | ||||||
|     return { |     return { | ||||||
| 
 | 
 | ||||||
| @ -157,7 +154,7 @@ export function generateKey({ userIds=[], passphrase="", numBits=2048, keyExpira | |||||||
|  */ |  */ | ||||||
| export function reformatKey({privateKey, userIds=[], passphrase="", keyExpirationTime=0, date, revocationCertificate=true}) { | export function reformatKey({privateKey, userIds=[], passphrase="", keyExpirationTime=0, date, revocationCertificate=true}) { | ||||||
|   userIds = toArray(userIds); |   userIds = toArray(userIds); | ||||||
|   const options = { privateKey, userIds, passphrase, keyExpirationTime, date, revocationCertificate=true}; |   const options = { privateKey, userIds, passphrase, keyExpirationTime, date, revocationCertificate }; | ||||||
|   if (asyncProxy) { |   if (asyncProxy) { | ||||||
|     return asyncProxy.delegate('reformatKey', options); |     return asyncProxy.delegate('reformatKey', options); | ||||||
|   } |   } | ||||||
| @ -166,7 +163,7 @@ export function reformatKey({privateKey, userIds=[], passphrase="", keyExpiratio | |||||||
| 
 | 
 | ||||||
|   return reformat(options).then(key => { |   return reformat(options).then(key => { | ||||||
|     const revocationCertificate = key.getRevocationCertificate(); |     const revocationCertificate = key.getRevocationCertificate(); | ||||||
|     key.revocationSignature = null; |     key.revocationSignatures = []; | ||||||
| 
 | 
 | ||||||
|     return { |     return { | ||||||
| 
 | 
 | ||||||
| @ -207,10 +204,10 @@ export function revokeKey({ | |||||||
|     if (revocationCertificate) { |     if (revocationCertificate) { | ||||||
|       return key.applyRevocationCertificate(revocationCertificate); |       return key.applyRevocationCertificate(revocationCertificate); | ||||||
|     } else { |     } else { | ||||||
|       return key.revoke(key, reasonForRevocation); |       return key.revoke(reasonForRevocation); | ||||||
|     } |     } | ||||||
|   }).then(key => { |   }).then(key => { | ||||||
|     if(key.isPrivate()) { |     if (key.isPrivate()) { | ||||||
|       const publicKey = key.toPublic(); |       const publicKey = key.toPublic(); | ||||||
|       return { |       return { | ||||||
|         privateKey: key, |         privateKey: key, | ||||||
|  | |||||||
| @ -1329,7 +1329,7 @@ const mergeKey2 = '-----BEGIN PGP PUBLIC KEY BLOCK-----\n' + | |||||||
|   }); |   }); | ||||||
| 
 | 
 | ||||||
|   it('Verify status of revoked primary key', function(done) { |   it('Verify status of revoked primary key', function(done) { | ||||||
|     const pubKey = openpgp.key.readArmored(pub_revoked).keys[0]; |     const pubKey = openpgp.key.readArmored(pub_revoked_subkeys).keys[0]; | ||||||
|     expect(pubKey.verifyPrimaryKey()).to.eventually.equal(openpgp.enums.keyStatus.revoked).notify(done); |     expect(pubKey.verifyPrimaryKey()).to.eventually.equal(openpgp.enums.keyStatus.revoked).notify(done); | ||||||
|   }); |   }); | ||||||
| 
 | 
 | ||||||
| @ -1520,41 +1520,40 @@ const mergeKey2 = '-----BEGIN PGP PUBLIC KEY BLOCK-----\n' + | |||||||
|     }); |     }); | ||||||
|   }); |   }); | ||||||
| 
 | 
 | ||||||
|   it('revoke() - primary key', function(done) { |   it('revoke() - primary key', async function() { | ||||||
|     const pubKey = openpgp.key.readArmored(pub_key_arm2).keys[0]; |  | ||||||
|     const privKey = openpgp.key.readArmored(priv_key_arm2).keys[0]; |     const privKey = openpgp.key.readArmored(priv_key_arm2).keys[0]; | ||||||
|     privKey.decrypt('hello world'); |     await privKey.decrypt('hello world'); | ||||||
| 
 | 
 | ||||||
|     pubKey.revoke(privKey, { |     await privKey.revoke({ | ||||||
|       flag: openpgp.enums.reasonForRevocation.key_retired, |       flag: openpgp.enums.reasonForRevocation.key_retired, | ||||||
|       string: 'Testing key revocation' |       string: 'Testing key revocation' | ||||||
|     }).then(revKey => { |     }).then(async revKey => { | ||||||
|       expect(revKey.revocationSignature).to.exist; |       expect(revKey.revocationSignatures).to.exist.and.have.length(1); | ||||||
|       expect(revKey.revocationSignature.signatureType).to.equal(openpgp.enums.signature.key_revocation); |       expect(revKey.revocationSignatures[0].signatureType).to.equal(openpgp.enums.signature.key_revocation); | ||||||
|       expect(revKey.revocationSignature.reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.key_retired); |       expect(revKey.revocationSignatures[0].reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.key_retired); | ||||||
|       expect(revKey.revocationSignature.reasonForRevocationString).to.equal('Testing key revocation'); |       expect(revKey.revocationSignatures[0].reasonForRevocationString).to.equal('Testing key revocation'); | ||||||
| 
 | 
 | ||||||
|       expect(pubKey.verifyPrimaryKey()).to.eventually.equal(openpgp.enums.keyStatus.valid); |       expect(await privKey.verifyPrimaryKey()).to.equal(openpgp.enums.keyStatus.valid); | ||||||
|       expect(revKey.verifyPrimaryKey()).to.eventually.equal(openpgp.enums.keyStatus.revoked).notify(done); |       expect(await revKey.verifyPrimaryKey()).to.equal(openpgp.enums.keyStatus.revoked); | ||||||
|     }); |     }); | ||||||
|   }); |   }); | ||||||
| 
 | 
 | ||||||
|   it('revoke() - subkey', function(done) { |   it('revoke() - subkey', async function() { | ||||||
|     const pubKey = openpgp.key.readArmored(pub_key_arm2).keys[0]; |     const pubKey = openpgp.key.readArmored(pub_key_arm2).keys[0]; | ||||||
|     const privKey = openpgp.key.readArmored(priv_key_arm2).keys[0]; |     const privKey = openpgp.key.readArmored(priv_key_arm2).keys[0]; | ||||||
|     privKey.decrypt('hello world'); |     await privKey.decrypt('hello world'); | ||||||
| 
 | 
 | ||||||
|     const subKey = pubKey.subKeys[0]; |     const subKey = pubKey.subKeys[0]; | ||||||
|     subKey.revoke(pubKey.primaryKey, privKey, { |     await subKey.revoke(privKey.primaryKey, { | ||||||
|       flag: openpgp.enums.reasonForRevocation.key_superseded |       flag: openpgp.enums.reasonForRevocation.key_superseded | ||||||
|     }).then(revKey => { |     }).then(async revKey => { | ||||||
|       expect(revKey.revocationSignature).to.exist; |       expect(revKey.revocationSignatures).to.exist.and.have.length(1); | ||||||
|       expect(revKey.revocationSignature.signatureType).to.equal(openpgp.enums.signature.subkey_revocation); |       expect(revKey.revocationSignatures[0].signatureType).to.equal(openpgp.enums.signature.subkey_revocation); | ||||||
|       expect(revKey.revocationSignature.reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.key_superseded); |       expect(revKey.revocationSignatures[0].reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.key_superseded); | ||||||
|       expect(revKey.revocationSignature.reasonForRevocationString).to.equal(''); |       expect(revKey.revocationSignatures[0].reasonForRevocationString).to.equal(''); | ||||||
| 
 | 
 | ||||||
|       expect(subKey.verify(pubKey.primaryKey)).to.eventually.equal(openpgp.enums.keyStatus.valid); |       expect(await subKey.verify(pubKey.primaryKey)).to.equal(openpgp.enums.keyStatus.valid); | ||||||
|       expect(revKey.verify(pubKey.primaryKey)).to.eventually.equal(openpgp.enums.keyStatus.revoked).notify(done); |       expect(await revKey.verify(pubKey.primaryKey)).to.equal(openpgp.enums.keyStatus.revoked); | ||||||
|     }); |     }); | ||||||
|   }); |   }); | ||||||
| 
 | 
 | ||||||
| @ -1575,7 +1574,7 @@ const mergeKey2 = '-----BEGIN PGP PUBLIC KEY BLOCK-----\n' + | |||||||
|     packetlist.read(input.data); |     packetlist.read(input.data); | ||||||
|     const armored = openpgp.armor.encode(openpgp.enums.armor.public_key, packetlist.write()); |     const armored = openpgp.armor.encode(openpgp.enums.armor.public_key, packetlist.write()); | ||||||
| 
 | 
 | ||||||
|     expect(revocationCertificate.replace(/^Comment: .*$/m, '')).to.equal(armored.replace(/^Comment: .*$/m, '')); |     expect(revocationCertificate.replace(/^Comment: .*$\r\n/mg, '')).to.equal(armored.replace(/^Comment: .*$\r\n/mg, '')); | ||||||
|   }); |   }); | ||||||
| 
 | 
 | ||||||
|   it('getRevocationCertificate() should have an appropriate comment', function() { |   it('getRevocationCertificate() should have an appropriate comment', function() { | ||||||
| @ -2137,8 +2136,8 @@ const mergeKey2 = '-----BEGIN PGP PUBLIC KEY BLOCK-----\n' + | |||||||
|     return openpgp.generateKey(opt).then(function(original) { |     return openpgp.generateKey(opt).then(function(original) { | ||||||
|       return openpgp.revokeKey({key: original.key.toPublic(), revocationCertificate: original.revocationCertificate}).then(function(revKey) { |       return openpgp.revokeKey({key: original.key.toPublic(), revocationCertificate: original.revocationCertificate}).then(function(revKey) { | ||||||
|         revKey = revKey.publicKey; |         revKey = revKey.publicKey; | ||||||
|         expect(revKey.revocationSignature.reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.no_reason); |         expect(revKey.revocationSignatures[0].reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.no_reason); | ||||||
|         expect(revKey.revocationSignature.reasonForRevocationString).to.equal(''); |         expect(revKey.revocationSignatures[0].reasonForRevocationString).to.equal(''); | ||||||
|         return revKey.verifyPrimaryKey().then(function(status) { |         return revKey.verifyPrimaryKey().then(function(status) { | ||||||
|           expect(status).to.equal(openpgp.enums.keyStatus.revoked); |           expect(status).to.equal(openpgp.enums.keyStatus.revoked); | ||||||
|         }); |         }); | ||||||
| @ -2149,12 +2148,12 @@ const mergeKey2 = '-----BEGIN PGP PUBLIC KEY BLOCK-----\n' + | |||||||
|   it('Revoke generated key with private key', function() { |   it('Revoke generated key with private key', function() { | ||||||
|     const opt = {numBits: 512, userIds: 'test1 <a@b.com>', passphrase: '1234'}; |     const opt = {numBits: 512, userIds: 'test1 <a@b.com>', passphrase: '1234'}; | ||||||
|     if (openpgp.util.getWebCryptoAll()) { opt.numBits = 2048; } // webkit webcrypto accepts minimum 2048 bit keys
 |     if (openpgp.util.getWebCryptoAll()) { opt.numBits = 2048; } // webkit webcrypto accepts minimum 2048 bit keys
 | ||||||
|     return openpgp.generateKey(opt).then(function(original) { |     return openpgp.generateKey(opt).then(async function(original) { | ||||||
|       original.key.decrypt('1234'); |       await original.key.decrypt('1234'); | ||||||
|       return openpgp.revokeKey({key: original.key, reasonForRevocation: {string: 'Testing key revocation'}}).then(function(revKey) { |       return openpgp.revokeKey({key: original.key, reasonForRevocation: {string: 'Testing key revocation'}}).then(function(revKey) { | ||||||
|         revKey = revKey.publicKey; |         revKey = revKey.publicKey; | ||||||
|         expect(revKey.revocationSignature.reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.no_reason); |         expect(revKey.revocationSignatures[0].reasonForRevocationFlag).to.equal(openpgp.enums.reasonForRevocation.no_reason); | ||||||
|         expect(revKey.revocationSignature.reasonForRevocationString).to.equal('Testing key revocation'); |         expect(revKey.revocationSignatures[0].reasonForRevocationString).to.equal('Testing key revocation'); | ||||||
|         return revKey.verifyPrimaryKey().then(function(status) { |         return revKey.verifyPrimaryKey().then(function(status) { | ||||||
|           expect(status).to.equal(openpgp.enums.keyStatus.revoked); |           expect(status).to.equal(openpgp.enums.keyStatus.revoked); | ||||||
|         }); |         }); | ||||||
|  | |||||||
| @ -485,10 +485,7 @@ describe('OpenPGP.js public api tests', function() { | |||||||
|             } |             } | ||||||
|           }; |           }; | ||||||
|         }, |         }, | ||||||
|         getRevocationCertificate: function() {}, |         getRevocationCertificate: function() {} | ||||||
|         removeRevocationCertificate: function() { |  | ||||||
|           return this; |  | ||||||
|         } |  | ||||||
|       }; |       }; | ||||||
|       keyGenStub = stub(openpgp.key, 'generate'); |       keyGenStub = stub(openpgp.key, 'generate'); | ||||||
|       keyGenStub.returns(resolves(keyObjStub)); |       keyGenStub.returns(resolves(keyObjStub)); | ||||||
| @ -517,9 +514,7 @@ describe('OpenPGP.js public api tests', function() { | |||||||
|           keyExpirationTime: 0, |           keyExpirationTime: 0, | ||||||
|           curve: "", |           curve: "", | ||||||
|           date: now, |           date: now, | ||||||
|           subkeys: [], |           subkeys: [] | ||||||
|           revocationCertificate: true, |  | ||||||
|           revoked: true, |  | ||||||
|         }).calledOnce).to.be.true; |         }).calledOnce).to.be.true; | ||||||
|         expect(newKey.key).to.exist; |         expect(newKey.key).to.exist; | ||||||
|         expect(newKey.privateKeyArmored).to.exist; |         expect(newKey.privateKeyArmored).to.exist; | ||||||
| @ -1862,7 +1857,7 @@ describe('OpenPGP.js public api tests', function() { | |||||||
|             }); |             }); | ||||||
|         }); |         }); | ||||||
| 
 | 
 | ||||||
|         it.skip('should fail to encrypt with revoked key', function() { |         it('should fail to encrypt with revoked key', function() { | ||||||
|           return openpgp.revokeKey({ |           return openpgp.revokeKey({ | ||||||
|             key: privateKey.keys[0] |             key: privateKey.keys[0] | ||||||
|           }).then(function(revKey) { |           }).then(function(revKey) { | ||||||
| @ -1877,13 +1872,15 @@ describe('OpenPGP.js public api tests', function() { | |||||||
|           }); |           }); | ||||||
|         }); |         }); | ||||||
| 
 | 
 | ||||||
|         it.skip('should fail to encrypt with revoked subkey', function() { |         it('should fail to encrypt with revoked subkey', async function() { | ||||||
|           let clonedKey = privateKey.keys[0].toPublic(); |           const pubKeyDE = openpgp.key.readArmored(pub_key_de).keys[0]; | ||||||
|           return clonedKey.subKeys[0].revoke(clonedKey.primaryKey, privateKey.keys[0]).then(function(revSubKey) { |           const privKeyDE = openpgp.key.readArmored(priv_key_de).keys[0]; | ||||||
|             clonedKey.subKeys[0] = revSubKey; |           await privKeyDE.decrypt(passphrase); | ||||||
|  |           return privKeyDE.subKeys[0].revoke(privKeyDE.primaryKey).then(function(revSubKey) { | ||||||
|  |             pubKeyDE.subKeys[0] = revSubKey; | ||||||
|             return openpgp.encrypt({ |             return openpgp.encrypt({ | ||||||
|               data: plaintext, |               data: plaintext, | ||||||
|               publicKeys: clonedKey |               publicKeys: pubKeyDE | ||||||
|             }).then(function(encrypted) { |             }).then(function(encrypted) { | ||||||
|               throw new Error('Should not encrypt with revoked subkey'); |               throw new Error('Should not encrypt with revoked subkey'); | ||||||
|             }).catch(function(error) { |             }).catch(function(error) { | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user
	 Daniel Huigens
						Daniel Huigens