Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2025-06-06 14:16:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Drop config.revocationsExpire, always honour revocation expiration instead (#1736)

Browse Source 
Unclear motivation for adding the original config option; if an expiration is there, it should
be honoured.

Breaking change:
the option used to default to `false`, and ignore revocation expirations. We now honour
those expirations, namely match the behaviour resulting from setting the option to `true`.
This commit is contained in:
larabr 2024-03-28 14:24:23 +01:00 committed by GitHub
parent 6ebd179ed5
commit aa222fecb2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 3 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openpgp.d.ts vendored
View File

@ -328,7 +328,6 @@ interface Config {
allowUnauthenticatedStream: boolean;
minRSABits: number;
passwordCollisionCheck: boolean;
revocationsExpire: boolean;
ignoreUnsupportedPackets: boolean;
ignoreMalformedPackets: boolean;
versionString: string;

5
src/config/config.js
View File

@ -155,11 +155,6 @@ export default {
* @property {Boolean} passwordCollisionCheck
*/
passwordCollisionCheck: false,
/**
* @memberof module:config
* @property {Boolean} revocationsExpire If true, expired revocation signatures are ignored
*/
revocationsExpire: false,
/**
* Allow decryption using RSA keys without `encrypt` flag.
* This setting is potentially insecure, but it is needed to get around an old openpgpjs bug

2
src/key/helper.js
View File

@ -282,7 +282,7 @@ export async function isDataRevoked(primaryKey, signatureType, dataToVerify, rev
!signature || revocationSignature.issuerKeyID.equals(signature.issuerKeyID)
) {
await revocationSignature.verify(
key, signatureType, dataToVerify, config.revocationsExpire ? date : null, false, config
key, signatureType, dataToVerify, date, false, config
);
// TODO get an identifier of the revoked object instead

3
test/general/key.js
View File

@ -4275,7 +4275,8 @@ VYGdb3eNlV8CfoEC
const key = await openpgp.readKey({ armoredKey: pub_revoked_subkeys });
key.revocationSignatures = [];
key.users[0].revocationSignatures = [];
return openpgp.encrypt({ encryptionKeys: [key], message: await openpgp.createMessage({ text: 'random data' }), date: new Date(1386842743000) }).then(() => {
const subkeyRevocationTime = key.subkeys[0].revocationSignatures[0].created;
return openpgp.encrypt({ encryptionKeys: [key], message: await openpgp.createMessage({ text: 'random data' }), date: subkeyRevocationTime }).then(() => {
throw new Error('encryptSessionKey should not encrypt with revoked public key');
}).catch(error => {
expect(error.message).to.equal('Error encrypting message: Could not find valid encryption key packet in key ' + key.getKeyID().toHex() + ': Subkey is revoked');