rename decryptSessionKey to decryptSessionKeys, return only unique session keys

2026-03-01 14:33:22 +00:00 · 2018-02-06 21:25:49 -08:00
parent 210ec26ed3
commit 602bbb707d
5 changed files with 48 additions and 21 deletions
--- a/src/config/config.js
+++ b/src/config/config.js
@@ -47,7 +47,7 @@ export default {
  zero_copy: false, // use transferable objects between the Web Worker and main thread
  debug: false,
  tolerant: true, // ignore unsupported/unrecognizable packets instead of throwing an error,
-  password_collision_check: false, // work-around for rare GPG decryption bug with encrypting with multiple passwords
+  password_collision_check: false, // work-around for rare GPG decryption bug when encrypting with multiple passwords. Slower and slightly less secure
  show_version: true,
  show_comment: true,
  versionstring: "OpenPGP.js VERSION",
--- a/src/index.js
+++ b/src/index.js
@@ -22,7 +22,7 @@ export default openpgp;
 export {
  encrypt, decrypt, sign, verify,
  generateKey, reformatKey, decryptKey,
-  encryptSessionKey, decryptSessionKey,
+  encryptSessionKey, decryptSessionKeys,
  initWorker, getWorker, destroyWorker
 } from './openpgp';

--- a/src/message.js
+++ b/src/message.js
@@ -97,7 +97,7 @@ Message.prototype.getSigningKeyIds = function() {
 * @return {Message}             new message with decrypted content
 */
 Message.prototype.decrypt = async function(privateKey, sessionKey, password) {
-  let keyObjs = sessionKey || await this.decryptSessionKey(privateKey, password);
+  let keyObjs = sessionKey || await this.decryptSessionKeys(privateKey, password);
  if (!util.isArray(keyObjs)) {
    keyObjs = [keyObjs];
  }
@@ -146,7 +146,7 @@ Message.prototype.decrypt = async function(privateKey, sessionKey, password) {
 * @return {Array}             array of object with potential sessionKey, algorithm pairs in the form:
 *                               { data:Uint8Array, algorithm:String }
 */
-Message.prototype.decryptSessionKey = function(privateKey, password) {
+Message.prototype.decryptSessionKeys = function(privateKey, password) {
  var keyPackets = [];
  return Promise.resolve().then(async () => {
    if (password) {
@@ -154,12 +154,12 @@ Message.prototype.decryptSessionKey = function(privateKey, password) {
      if (!symESKeyPacketlist) {
        throw new Error('No symmetrically encrypted session key packet found.');
      }
-      await symESKeyPacketlist.map(async function(packet) {
+      await Promise.all(symESKeyPacketlist.map(async function(packet) {
        try {
          await packet.decrypt(password);
          keyPackets.push(packet);
        } catch (err) {}
-      });
+      }));

    } else if (privateKey) {
      var pkESKeyPacketlist = this.packets.filterByTag(enums.packet.publicKeyEncryptedSessionKey);
@@ -170,21 +170,34 @@ Message.prototype.decryptSessionKey = function(privateKey, password) {
      if (!privateKeyPacket.isDecrypted) {
        throw new Error('Private key is not decrypted.');
      }
-      // TODO replace when Promise.some or Promise.any are implemented
-      // eslint-disable-next-line no-await-in-loop
-      await pkESKeyPacketlist.some(async function(packet) {
+      await Promise.all(pkESKeyPacketlist.map(async function(packet) {
        if (packet.publicKeyId.equals(privateKeyPacket.getKeyId())) {
          try {
            await packet.decrypt(privateKeyPacket);
            keyPackets.push(packet);
          } catch (err) {}
        }
-      });
+      }));
    } else {
      throw new Error('No key or password specified.');
    }
  }).then(() => {
+
    if (keyPackets.length) {
+
+      // Return only unique session keys
+      if (keyPackets.length > 1) {
+        var seen = {};
+        keyPackets = keyPackets.filter(function(item) {
+            var k = item.sessionKeyAlgorithm + util.Uint8Array2str(item.sessionKey);
+            if (seen.hasOwnProperty(k)) {
+              return false;
+            }
+            seen[k] = true;
+            return true;
+        });
+      }
+
      return keyPackets.map(packet => ({ data: packet.sessionKey, algorithm: packet.sessionKeyAlgorithm }));
    } else {
      throw new Error('Session key decryption failed.');
--- a/src/openpgp.js
+++ b/src/openpgp.js
@@ -414,18 +414,18 @@ export function encryptSessionKey({ data, algorithm, publicKeys, passwords }) {
 *                                          or 'undefined' if no key packets found
 * @static
 */
-export function decryptSessionKey({ message, privateKey, password }) {
+export function decryptSessionKeys({ message, privateKey, password }) {
  checkMessage(message);

  if (asyncProxy) { // use web worker if available
-    return asyncProxy.delegate('decryptSessionKey', { message, privateKey, password });
+    return asyncProxy.delegate('decryptSessionKeys', { message, privateKey, password });
  }

  return Promise.resolve().then(async function() {

-    return message.decryptSessionKey(privateKey, password);
+    return message.decryptSessionKeys(privateKey, password);

-  }).catch(onError.bind(null, 'Error decrypting session key'));
+  }).catch(onError.bind(null, 'Error decrypting session keys'));
 }