Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2025-11-24 14:35:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rename NIST curve identifiers from enums.curves.p{256, 384, 521} to .nistP{256, 384, 521}

Browse Source 
Also, cleanup `enums.curves` removing internal aliases which are no longer relevant.
This commit is contained in:
larabr 2024-02-01 15:57:58 +01:00
parent 6370e0b2d3
commit c499c791af
14 changed files with 82 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -59,9 +59,9 @@ library to convert back and forth between them.
|:---------------:|:----------:|:---------:|:----------:|:---------:|:-----------------:|
| curve25519 | ECDH | N/A | No | No | Algorithmically** |
| ed25519 | N/A | EdDSA | No | No | Algorithmically** |
| p256 | ECDH | ECDSA | Yes* | Yes* | If native*** |
| p384 | ECDH | ECDSA | Yes* | Yes* | If native*** |
| p521 | ECDH | ECDSA | Yes* | Yes* | If native*** |
| nistP256 | ECDH | ECDSA | Yes* | Yes* | If native*** |
| nistP384 | ECDH | ECDSA | Yes* | Yes* | If native*** |
| nistP521 | ECDH | ECDSA | Yes* | Yes* | If native*** |
| brainpoolP256r1 | ECDH | ECDSA | Yes* | No | If native*** |
| brainpoolP384r1 | ECDH | ECDSA | Yes* | No | If native*** |
| brainpoolP512r1 | ECDH | ECDSA | Yes* | No | If native*** |
@ -451,7 +451,7 @@ can `.pipe()` to a `Writable` stream, for example.
ECC keys (smaller and faster to generate):
Possible values for `curve` are: `curve25519`, `ed25519`, `p256`, `p384`, `p521`,
Possible values for `curve` are: `curve25519`, `ed25519`, `nistP256`, `nistP384`, `nistP521`,
`brainpoolP256r1`, `brainpoolP384r1`, `brainpoolP512r1`, and `secp256k1`.
Note that both the `curve25519` and `ed25519` options generate a primary key for signing using Ed25519
and a subkey for encryption using Curve25519.

14
openpgp.d.ts vendored
View File

@ -688,7 +688,7 @@ interface KeyPair {
publicKey: PublicKey;
}
export type EllipticCurveName = 'ed25519Legacy' | 'curve25519Legacy' | 'p256' | 'p384' | 'p521' | 'secp256k1' | 'brainpoolP256r1' | 'brainpoolP384r1' | 'brainpoolP512r1';
export type EllipticCurveName = 'ed25519Legacy' | 'curve25519Legacy' | 'nistP256' | 'nistP384' | 'nistP521' | 'secp256k1' | 'brainpoolP256r1' | 'brainpoolP384r1' | 'brainpoolP512r1';
interface GenerateKeyOptions {
userIDs: MaybeArray<UserID>;
@ -838,9 +838,15 @@ export namespace enums {
}
enum curve {
p256 = 'p256',
p384 = 'p384',
p521 = 'p521',
/** @deprecated use `nistP256` instead */
p256 = 'nistP256',
nistP256 = 'nistP256',
/** @deprecated use `nistP384` instead */
p384 = 'nistP384',
nistP384 = 'nistP384',
/** @deprecated use `nistP521` instead */
p521 = 'nistP521',
nistP521 = 'nistP521',
/** @deprecated use `ed25519Legacy` instead */
ed25519 = 'ed25519Legacy',
ed25519Legacy = 'ed25519Legacy',

8
src/crypto/public_key/elliptic/ecdsa.js
View File

@ -55,9 +55,9 @@ export async function sign(oid, hashAlgo, message, publicKey, privateKey, hashed
return await webSign(curve, hashAlgo, message, keyPair);
} catch (err) {
// We do not fallback if the error is related to key integrity
// Unfortunaley Safari does not support p521 and throws a DataError when using it
// Unfortunaley Safari does not support nistP521 and throws a DataError when using it
// So we need to always fallback for that curve
if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {
if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {
throw err;
}
util.printDebugError('Browser did not support signing: ' + err.message);
@ -117,9 +117,9 @@ export async function verify(oid, hashAlgo, signature, message, publicKey, hashe
return verified || tryFallbackVerificationForOldBug();
} catch (err) {
// We do not fallback if the error is related to key integrity
// Unfortunately Safari does not support p521 and throws a DataError when using it
// Unfortunately Safari does not support nistP521 and throws a DataError when using it
// So we need to always fallback for that curve
if (curve.name !== 'p521' && (err.name === 'DataError' || err.name === 'OperationError')) {
if (curve.name !== 'nistP521' && (err.name === 'DataError' || err.name === 'OperationError')) {
throw err;
}
util.printDebugError('Browser did not support verifying: ' + err.message);

12
src/crypto/public_key/elliptic/noble_curves.js
View File

@ -4,9 +4,9 @@
* which share a lot of code anyway.
*/
import { p256 } from '@openpgp/noble-curves/p256';
import { p384 } from '@openpgp/noble-curves/p384';
import { p521 } from '@openpgp/noble-curves/p521';
import { p256 as nistP256 } from '@openpgp/noble-curves/p256';
import { p384 as nistP384 } from '@openpgp/noble-curves/p384';
import { p521 as nistP521 } from '@openpgp/noble-curves/p521';
import { brainpoolP256r1 } from '@openpgp/noble-curves/brainpoolP256r1';
import { brainpoolP384r1 } from '@openpgp/noble-curves/brainpoolP384r1';
import { brainpoolP512r1 } from '@openpgp/noble-curves/brainpoolP512r1';
@ -14,9 +14,9 @@ import { x448, ed448 } from '@openpgp/noble-curves/ed448';
import { secp256k1 } from '@openpgp/noble-curves/secp256k1';
export const nobleCurves = new Map(Object.entries({
p256,
p384,
p521,
nistP256,
nistP384,
nistP521,
brainpoolP256r1,
brainpoolP384r1,
brainpoolP512r1,

36
src/crypto/public_key/elliptic/oid_curves.js
View File

@ -31,16 +31,16 @@ const webCrypto = util.getWebCrypto();
const nodeCrypto = util.getNodeCrypto();
const webCurves = {
[enums.curve.p256]: 'P-256',
[enums.curve.p384]: 'P-384',
[enums.curve.p521]: 'P-521'
[enums.curve.nistP256]: 'P-256',
[enums.curve.nistP384]: 'P-384',
[enums.curve.nistP521]: 'P-521'
};
const knownCurves = nodeCrypto ? nodeCrypto.getCurves() : [];
const nodeCurves = nodeCrypto ? {
[enums.curve.secp256k1]: knownCurves.includes('secp256k1') ? 'secp256k1' : undefined,
[enums.curve.p256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,
[enums.curve.p384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,
[enums.curve.p521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,
[enums.curve.nistP256]: knownCurves.includes('prime256v1') ? 'prime256v1' : undefined,
[enums.curve.nistP384]: knownCurves.includes('secp384r1') ? 'secp384r1' : undefined,
[enums.curve.nistP521]: knownCurves.includes('secp521r1') ? 'secp521r1' : undefined,
[enums.curve.ed25519Legacy]: knownCurves.includes('ED25519') ? 'ED25519' : undefined,
[enums.curve.curve25519Legacy]: knownCurves.includes('X25519') ? 'X25519' : undefined,
[enums.curve.brainpoolP256r1]: knownCurves.includes('brainpoolP256r1') ? 'brainpoolP256r1' : undefined,
@ -49,33 +49,33 @@ const nodeCurves = nodeCrypto ? {
} : {};
const curves = {
p256: {
nistP256: {
oid: [0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07],
keyType: enums.publicKey.ecdsa,
hash: enums.hash.sha256,
cipher: enums.symmetric.aes128,
node: nodeCurves.p256,
web: webCurves.p256,
node: nodeCurves.nistP256,
web: webCurves.nistP256,
payloadSize: 32,
sharedSize: 256
},
p384: {
nistP384: {
oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x22],
keyType: enums.publicKey.ecdsa,
hash: enums.hash.sha384,
cipher: enums.symmetric.aes192,
node: nodeCurves.p384,
web: webCurves.p384,
node: nodeCurves.nistP384,
web: webCurves.nistP384,
payloadSize: 48,
sharedSize: 384
},
p521: {
nistP521: {
oid: [0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23],
keyType: enums.publicKey.ecdsa,
hash: enums.hash.sha512,
cipher: enums.symmetric.aes256,
node: nodeCurves.p521,
web: webCurves.p521,
node: nodeCurves.nistP521,
web: webCurves.nistP521,
payloadSize: 66,
sharedSize: 528
},
@ -232,9 +232,9 @@ function getPreferredHashAlgo(oid) {
*/
async function validateStandardParams(algo, oid, Q, d) {
const supportedCurves = {
p256: true,
p384: true,
p521: true,
nistP256: true,
nistP384: true,
nistP521: true,
secp256k1: true,
curve25519Legacy: algo === enums.publicKey.ecdh,
brainpoolP256r1: true,

54
src/enums.js
View File

@ -13,74 +13,50 @@ export default {
*/
curve: {
/** NIST P-256 Curve */
'p256': 'p256',
'P-256': 'p256',
'secp256r1': 'p256',
'prime256v1': 'p256',
'1.2.840.10045.3.1.7': 'p256',
'2a8648ce3d030107': 'p256',
'2A8648CE3D030107': 'p256',
'nistP256': 'nistP256',
/** @deprecated use `nistP256` instead */
'p256': 'nistP256',
'2a8648ce3d030107': 'nistP256',
/** NIST P-384 Curve */
'p384': 'p384',
'P-384': 'p384',
'secp384r1': 'p384',
'1.3.132.0.34': 'p384',
'2b81040022': 'p384',
'2B81040022': 'p384',
'nistP384': 'nistP384',
/** @deprecated use `nistP384` instead */
'p384': 'nistP384',
'2b81040022': 'nistP384',
/** NIST P-521 Curve */
'p521': 'p521',
'P-521': 'p521',
'secp521r1': 'p521',
'1.3.132.0.35': 'p521',
'2b81040023': 'p521',
'2B81040023': 'p521',
'nistP521': 'nistP521',
/** @deprecated use `nistP521` instead */
'p521': 'nistP521',
'2b81040023': 'nistP521',
/** SECG SECP256k1 Curve */
'secp256k1': 'secp256k1',
'1.3.132.0.10': 'secp256k1',
'2b8104000a': 'secp256k1',
'2B8104000A': 'secp256k1',
'secp256k1': 'secp256k1',
'2b8104000a': 'secp256k1',
/** Ed25519 - deprecated by crypto-refresh (replaced by standaone Ed25519 algo) */
'ed25519Legacy': 'ed25519Legacy',
'ED25519': 'ed25519Legacy',
/** @deprecated use `ed25519Legacy` instead */
'ed25519': 'ed25519Legacy',
'Ed25519': 'ed25519Legacy',
'1.3.6.1.4.1.11591.15.1': 'ed25519Legacy',
'2b06010401da470f01': 'ed25519Legacy',
'2B06010401DA470F01': 'ed25519Legacy',
/** Curve25519 - deprecated by crypto-refresh (replaced by standaone X25519 algo) */
'curve25519Legacy': 'curve25519Legacy',
'X25519': 'curve25519Legacy',
'cv25519': 'curve25519Legacy',
/** @deprecated use `curve25519Legacy` instead */
'curve25519': 'curve25519Legacy',
'Curve25519': 'curve25519Legacy',
'1.3.6.1.4.1.3029.1.5.1': 'curve25519Legacy',
'2b060104019755010501': 'curve25519Legacy',
'2B060104019755010501': 'curve25519Legacy',
/** BrainpoolP256r1 Curve */
'brainpoolP256r1': 'brainpoolP256r1',
'1.3.36.3.3.2.8.1.1.7': 'brainpoolP256r1',
'2b2403030208010107': 'brainpoolP256r1',
'2B2403030208010107': 'brainpoolP256r1',
/** BrainpoolP384r1 Curve */
'brainpoolP384r1': 'brainpoolP384r1',
'1.3.36.3.3.2.8.1.1.11': 'brainpoolP384r1',
'2b240303020801010b': 'brainpoolP384r1',
'2B240303020801010B': 'brainpoolP384r1',
/** BrainpoolP512r1 Curve */
'brainpoolP512r1': 'brainpoolP512r1',
'1.3.36.3.3.2.8.1.1.13': 'brainpoolP512r1',
'2b240303020801010d': 'brainpoolP512r1',
'2B240303020801010D': 'brainpoolP512r1'
'brainpoolP512r1': 'brainpoolP512r1'
},
/** A string to key specifier type

2
src/openpgp.js
View File

@ -42,7 +42,7 @@ import { checkKeyRequirements } from './key/helper';
* @param {String} [options.passphrase=(not protected)] - The passphrase used to encrypt the generated private key. If omitted or empty, the key won't be encrypted.
* @param {Number} [options.rsaBits=4096] - Number of bits for RSA keys
* @param {String} [options.curve='curve25519Legacy'] - Elliptic curve for ECC keys:
* curve25519Legacy (default), p256, p384, p521, secp256k1,
* curve25519Legacy (default), nistP256, nistP384, nistP521, secp256k1,
* brainpoolP256r1, brainpoolP384r1, or brainpoolP512r1
* @param {Date} [options.date=current date] - Override the creation date of the key and the key signatures
* @param {Number} [options.keyExpirationTime=0 (never expires)] - Number of seconds from the key creation time after which the key expires

4
test/crypto/ecdh.js
View File

@ -199,7 +199,7 @@ export default () => describe('ECDH key exchange @lightweight', function () {
expect(await ecdhX.decrypt(openpgp.enums.publicKey.x448, ephemeralPublicKey, wrappedKey, K_B, b)).to.deep.equal(data);
});
const allCurves = ['secp256k1', 'p256', 'p384', 'p521', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'];
const allCurves = ['secp256k1', 'nistP256', 'nistP384', 'nistP521', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'];
allCurves.forEach(curveName => {
it(`${curveName} - Successful exchange`, async function () {
const curve = new elliptic_curves.CurveWithOID(curveName);
@ -245,7 +245,7 @@ export default () => describe('ECDH key exchange @lightweight', function () {
this.skip();
}
const expectNativeWeb = new Set(['p256', 'p384']); // older versions of safari do not implement p521
const expectNativeWeb = new Set(['nistP256', 'nistP384']); // older versions of safari do not implement nistP521
const curve = new elliptic_curves.CurveWithOID(curveName);
const oid = new OID(curve.oid);

16
test/crypto/elliptic.js
View File

@ -71,8 +71,8 @@ export default () => describe('Elliptic Curve Cryptography @lightweight', functi
if (!config.useEllipticFallback && !util.getNodeCrypto()) {
this.skip();
}
const names = config.useEllipticFallback ? ['p256', 'p384', 'p521', 'secp256k1', 'curve25519Legacy', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'] :
['p256', 'p384', 'p521', 'curve25519Legacy'];
const names = config.useEllipticFallback ? ['nistP256', 'nistP384', 'nistP521', 'secp256k1', 'curve25519Legacy', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'] :
['nistP256', 'nistP384', 'nistP521', 'curve25519Legacy'];
return Promise.all(names.map(function (name) {
const curve = new elliptic_curves.CurveWithOID(name);
return curve.genKeyPair().then(keyPair => {
@ -82,18 +82,18 @@ export default () => describe('Elliptic Curve Cryptography @lightweight', functi
});
it('Signature verification', function (done) {
expect(
elliptic_curves.ecdsa.verify('p256', 8, signature_data.signature, signature_data.message, signature_data.pub, signature_data.hashed)
elliptic_curves.ecdsa.verify('nistP256', 8, signature_data.signature, signature_data.message, signature_data.pub, signature_data.hashed)
).to.eventually.be.true.notify(done);
});
it('Invalid signature', function (done) {
expect(
elliptic_curves.ecdsa.verify('p256', 8, signature_data.signature, signature_data.message, key_data.p256.pub, signature_data.hashed)
elliptic_curves.ecdsa.verify('nistP256', 8, signature_data.signature, signature_data.message, key_data.nistP256.pub, signature_data.hashed)
).to.eventually.be.false.notify(done);
});
it('Signature generation', function () {
return elliptic_curves.ecdsa.sign('p256', 8, signature_data.message, key_data.p256.pub, key_data.p256.priv, signature_data.hashed).then(async signature => {
return elliptic_curves.ecdsa.sign('nistP256', 8, signature_data.message, key_data.nistP256.pub, key_data.nistP256.priv, signature_data.hashed).then(async signature => {
await expect(
elliptic_curves.ecdsa.verify('p256', 8, signature, signature_data.message, key_data.p256.pub, signature_data.hashed)
elliptic_curves.ecdsa.verify('nistP256', 8, signature, signature_data.message, key_data.nistP256.pub, signature_data.hashed)
).to.eventually.be.true;
});
});
@ -236,10 +236,10 @@ export default () => describe('Elliptic Curve Cryptography @lightweight', functi
]);
await testNativeAndFallback(
() => expect(verify_signature('p384', 8, p384_r, p384_s, p384_message, key_data.p384.pub)).to.eventually.be.true
() => expect(verify_signature('nistP384', 8, p384_r, p384_s, p384_message, key_data.nistP384.pub)).to.eventually.be.true
);
});
const curves = ['secp256k1' , 'p256', 'p384', 'p521', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'];
const curves = ['secp256k1' , 'nistP256', 'nistP384', 'nistP521', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'];
curves.forEach(curveName => it(`${curveName} - Sign and verify message`, async function () {
const curve = new elliptic_curves.CurveWithOID(curveName);
const { Q: keyPublic, secret: keyPrivate } = await elliptic_curves.generate(curveName);

6
test/crypto/elliptic_data.js
View File

@ -2,7 +2,7 @@ import util from '../../src/util.js';
const elliptic_data = {
key_data: {
p256: {
nistP256: {
priv: new Uint8Array([
0x2B, 0x48, 0x2B, 0xE9, 0x88, 0x74, 0xE9, 0x49,
0x1F, 0x89, 0xCC, 0xFF, 0x0A, 0x26, 0x05, 0xA2,
@ -21,7 +21,7 @@ const elliptic_data = {
0x67, 0xC2, 0x09, 0xF9, 0xEF, 0xE7, 0x9E, 0x56
])
},
p384: {
nistP384: {
priv: new Uint8Array([
0xB5, 0x38, 0xDA, 0xF3, 0x77, 0x58, 0x3F, 0x94,
0x5B, 0xC2, 0xCA, 0xC6, 0xA9, 0xFC, 0xAA, 0x3F,
@ -46,7 +46,7 @@ const elliptic_data = {
0xFA, 0x85, 0x8A, 0x4B, 0x58, 0x7C, 0x61, 0x39
])
},
p521: {
nistP521: {
priv: new Uint8Array([
0x00, 0xBB, 0x35, 0x27, 0xBC, 0xD6, 0x7E, 0x35,
0xD5, 0xC5, 0x99, 0xC9, 0xB4, 0x6C, 0xEE, 0xDE,

4
test/crypto/validate.js
View File

@ -117,7 +117,7 @@ export default () => {
before(async () => {
eddsaKey = await generatePrivateKeyObject({ curve: 'ed25519Legacy' });
ecdhKey = eddsaKey.subkeys[0];
ecdsaKey = await generatePrivateKeyObject({ curve: 'p256' });
ecdsaKey = await generatePrivateKeyObject({ curve: 'nistP256' });
});
it('EdDSA params are not valid for ECDH', async function() {
@ -193,7 +193,7 @@ export default () => {
});
});
const curves = ['curve25519Legacy', 'p256', 'p384', 'p521', 'secp256k1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'];
const curves = ['curve25519Legacy', 'nistP256', 'nistP384', 'nistP521', 'secp256k1', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'];
curves.forEach(curve => {
describe(`ECC ${curve} parameter validation`, () => {
let ecdsaKey;

10
test/general/ecc_nist.js
View File

@ -14,8 +14,8 @@ export default () => describe('Elliptic Curve Cryptography for NIST P-256,P-384,
const testData = input.createSomeMessage();
const testData2 = input.createSomeMessage();
const { privateKey: hi, publicKey: pubHi } = await openpgp.generateKey({ userIDs: { name: 'Hi', email: 'hi@hel.lo' }, curve: 'p256', format: 'object' });
const { privateKey: bye, publicKey: pubBye } = await openpgp.generateKey({ userIDs: { name: 'Bye', email: 'bye@good.bye' }, curve: 'p256', format: 'object' });
const { privateKey: hi, publicKey: pubHi } = await openpgp.generateKey({ userIDs: { name: 'Hi', email: 'hi@hel.lo' }, curve: 'nistP256', format: 'object' });
const { privateKey: bye, publicKey: pubBye } = await openpgp.generateKey({ userIDs: { name: 'Bye', email: 'bye@good.bye' }, curve: 'nistP256', format: 'object' });
const cleartextMessage = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: testData }), signingKeys: hi });
await openpgp.verify({
@ -51,7 +51,7 @@ export default () => describe('Elliptic Curve Cryptography for NIST P-256,P-384,
it('Sign message', async function () {
const testData = input.createSomeMessage();
const options = { userIDs: { name: 'Hi', email: 'hi@hel.lo' }, curve: 'p256', format: 'object' };
const options = { userIDs: { name: 'Hi', email: 'hi@hel.lo' }, curve: 'nistP256', format: 'object' };
const { privateKey, publicKey } = await openpgp.generateKey(options);
const signature = await openpgp.sign({ message: await openpgp.createCleartextMessage({ text: testData }), signingKeys: privateKey });
const msg = await openpgp.readCleartextMessage({ cleartextMessage: signature });
@ -61,9 +61,9 @@ export default () => describe('Elliptic Curve Cryptography for NIST P-256,P-384,
it('Encrypt and sign message', async function () {
const testData = input.createSomeMessage();
let options = { userIDs: { name: 'Hi', email: 'hi@hel.lo' }, curve: 'p256', format: 'object' };
let options = { userIDs: { name: 'Hi', email: 'hi@hel.lo' }, curve: 'nistP256', format: 'object' };
const firstKey = await openpgp.generateKey(options);
options = { userIDs: { name: 'Bye', email: 'bye@good.bye' }, curve: 'p256', format: 'object' };
options = { userIDs: { name: 'Bye', email: 'bye@good.bye' }, curve: 'nistP256', format: 'object' };
const secondKey = await openpgp.generateKey(options);
const encrypted = await openpgp.encrypt({
message: await openpgp.createMessage({ text: testData }),

6
test/general/key.js
View File

@ -2606,7 +2606,7 @@ function versionSpecificTests() {
openpgp.config.minRSABits = rsaBits;
const userID = { name: 'test', email: 'a@b.com' };
const opt = { type: 'rsa', rsaBits, userIDs: [userID], passphrase: '123', format: 'object', subkeys:[{ type: 'ecc', curve: 'p256' }] };
const opt = { type: 'rsa', rsaBits, userIDs: [userID], passphrase: '123', format: 'object', subkeys:[{ type: 'ecc', curve: 'nistP256' }] };
try {
const { privateKey: key } = await openpgp.generateKey(opt);
expect(key.users.length).to.equal(1);
@ -4503,13 +4503,13 @@ I8kWVkXU6vFOi+HWvv/ira7ofJu16NnoUkhclkUrk0mXubZvyl4GBg==
const userID = { name: 'test', email: 'a@b.com' };
const { privateKey } = await openpgp.generateKey({ curve: 'ed25519Legacy', userIDs: [userID], format: 'object', subkeys:[] });
const total = privateKey.subkeys.length;
let newPrivateKey = await privateKey.addSubkey({ curve: 'p256', sign: true });
let newPrivateKey = await privateKey.addSubkey({ curve: 'nistP256', sign: true });
newPrivateKey = await openpgp.readKey({ armoredKey: newPrivateKey.armor() });
const subkey = newPrivateKey.subkeys[total];
expect(subkey).to.exist;
expect(newPrivateKey.subkeys.length).to.be.equal(total + 1);
expect(newPrivateKey.getAlgorithmInfo().curve).to.be.equal('ed25519Legacy');
expect(subkey.getAlgorithmInfo().curve).to.be.equal('p256');
expect(subkey.getAlgorithmInfo().curve).to.be.equal('nistP256');
expect(newPrivateKey.getAlgorithmInfo().algorithm).to.be.equal('eddsaLegacy');
expect(subkey.getAlgorithmInfo().algorithm).to.be.equal('ecdsa');

2
test/general/openpgp.js
View File

@ -4793,7 +4793,7 @@ sEj+v9LKoMTYZGMfp3qDVFLtkBE88eVmVjgJOoLhrsv7yh0PAA==
});
describe('Sign and verify with each curve', function() {
const curves = ['secp256k1' , 'p256', 'p384', 'p521', 'curve25519Legacy', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'];
const curves = ['secp256k1' , 'nistP256', 'nistP384', 'nistP521', 'curve25519Legacy', 'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1'];
curves.forEach(curve => {
it(`sign/verify with ${curve}`, async function() {
const config = { rejectCurves: new Set() };