84 Commits

Author SHA1 Message Date
larabr
4026e24585 Merge branch 'main' into v6 2024-06-18 19:21:16 +02:00
larabr
75f10955e6 Tests: move away from global streamed data
To improve readability
2024-06-18 17:07:41 +02:00
larabr
1ce2df1119 Avoid using stream.clone over polyfilled steam in test
Gives issues in Node and Safari < 14.1
2024-06-18 16:36:31 +02:00
larabr
a315c46583 openpgp.verify: fix bug preventing verification of detached signature over streamed data
When given a streamed `message` and a detached `signature` in input,
the function would return an empty array as `data` instead of
the input stream, meaning it was not possible to pull it, causing
the `verified` promise to hang indefinitely.

The above issue was introduced v5.0.0-2, and thus affects all v5 releases
up to v5.11.1.
2024-05-31 15:58:42 +02:00
larabr
2985b0f470 Lint: add support for TS files, fix errors 2024-05-16 13:59:11 +02:00
larabr
99899d1d5c
Drop support for native Node Readable stream: require passing Node Web Streams (#1716)
Breaking change: all functions taking streams as inputs will now require passing Web Streams in Node.js . If given a native `stream.Readable` input, they will throw. The browser build is unaffected by this change.

Utils to convert from and to Web Streams in Node are available from v17,
see https://nodejs.org/api/stream.html#streamreadabletowebstreamreadable-options .
Previously, we automatically converted between Node native streams and custom, Web-like Readable streams.
This led to occasional issues.
2024-01-26 17:52:29 +01:00
Daniel Huigens
939622e827 Remove armor checksum check
The crypto refresh says that we MUST NOT reject messages where the
CRC24 checksum is incorrect. So, we remove the check for it.

Also, remove the checksumRequired config.
2023-10-25 12:53:12 +02:00
larabr
b3ef95e60e Tests: update sinon 2023-10-25 12:53:11 +02:00
larabr
1aefed9602 Fix streaming tests for browser, drop NodeReadableStream tests in Node.js
Unclear why the Node tests fails, but we're planning to drop support
2023-10-25 12:53:10 +02:00
larabr
ae4ed1fbf3 Tests: explicitly share openpgp instance used in tests
Also, init config before any code is run in tests
2023-10-25 12:53:10 +02:00
larabr
d49d92e5cb Update to Mocha v10 in tests, declare lib as module and add exports to package.json
Mocha v10 requires the lib to be esm compliant.
ESM mandates the use of file extensions in imports, so to minimize the
changes (for now), we rely on the flag `experimental-specifier-resolution=node`
and on `ts-node` (needed only for Node 20).

Breaking changes:
downstream bundlers might be affected by the package.json changes depending on
how they load the library.
NB: legacy package.json entrypoints are still available.
2023-10-25 12:53:10 +02:00
Daniel Huigens
de5549ff69 Remove embedded Web Streams ponyfill
Require the application to load a polyfill instead.
2023-10-25 12:53:10 +02:00
larabr
3f44082457 crypto-refresh: add support for new Ed25519 key and signature format
This addition is backwards compatible. We offer no way to generate v4 keys in the new format.
2023-07-13 11:58:40 +02:00
larabr
705f238e1e Update ESlint 2023-02-21 18:27:56 +01:00
larabr
126ab53840
Remove internal, unused RandomBuffer (#1593)
The changes do not affect the public API:
`RandomBuffer` was used internally for secure randomness generation before
`crypto.getRandomValues` was made available to WebWorkers, requiring
generating randomness in the main thread.
As a result of the change, the internal `getRandomBytes()` and some functions
that use it are no longer async.
2023-02-09 23:11:53 +01:00
larabr
cb8901c16d
Fix loading browser built in JSDom environment (#1518) 2022-05-12 17:29:52 +02:00
larabr
cfeef41d61
Do not include checksum values in error messages when armor integrity check fails (#1428) 2021-10-21 16:14:46 +02:00
larabr
3fa778abe2
Add config.rejectCurves and prevent generating keys using blacklisted algorithms (#1395)
Breaking changes:
- throw error on key generation if the requested public key algorithm is
included in `config.rejectPublicKeyAlgorithms`;
- add `config.rejectCurves` to blacklist a set of ECC curves, to prevent keys
using those curves from being generated, or being used to
encrypt/decrypt/sign/verify messages.
By default, `config.rejectCurves` includes the brainpool curves
(`brainpoolP256r1`, `brainpoolP384r1`, `brainpoolP512r1`) and the Bitcoin curve
(`secp256k1`). This is because it's unclear whether these curves will be
standardised[1], and we prefer to blacklist them already, rather than introduce
a breaking change after release.

[1] https://gitlab.com/openpgp-wg/rfc4880bis/-/merge_requests/47#note_634199141
2021-08-19 17:58:16 +02:00
larabr
ce70484738
Replace armor option with format in openpgp.encrypt, sign and encryptSessionKey (#1354)
Breaking changes:
- a new `format` option has been added to `openpgp.encrypt`, `sign` and
`encryptSessionKey` to select the format of the output message. `format`
replaces the existing `armor` option, and accepts three values:
   * if `format: 'armor'` (default), an armored signed/encrypted message is
returned (same as `armor: true`).
   * if `format: 'binary'`,  a binary signed/encrypted message is returned (same
as `armor: false`).
   * if `format: 'object'`, a Message or Signature object is returned (this was
not supported before).
This change is to uniform the output format selection across all top-level
functions (following up to #1345).

- All top-level functions now throw if unrecognised options are passed, to make
library users aware that those options are not being applied.
2021-07-19 18:12:42 +02:00
larabr
3886358592
Remove valid and error from the verification result of openpgp.verify and decrypt (#1348)
This change is to make the code more consistent between the streaming and
non-streaming cases.
The validity of a signature (or the corresponding verification error) can be
determined through the existing `verified` property.
2021-07-09 17:44:34 +02:00
Ali Cherry
6299c6dd77
Rename public/privateKeys to encryption/decryption/signing/verificationKeys (#1299)
- Rename `publicKeys` to `encryptionKeys` or `verificationKeys` depending on their use
- Rename `privateKeys` to `decryptionKeys` or `signingKeys` depending on their use
- Similarly, rename `toUserIDs` to `encryptionUserIDs` and `fromUserIDs` to `signingUserIDs`
2021-05-17 18:56:28 +02:00
Daniel Huigens
93b77669bc
Unexport openpgp.stream (#1291)
This change allows us to only load the `ReadableStream` polyfill when
needed without behaving inconsistently in the external API.

Users of the library should use the global `ReadableStream` or Node.js
`stream.Readable` instead, or import a polyfill if needed. This patch
loosens the detection criteria such that polyfilled streams are better
detected.
2021-05-05 20:20:20 +02:00
larabr
0654bbe505
Remove Key.prototype.encrypt() and Key.prototype.decrypt() (#1285)
To encrypt/decrypt a key, the top-level functions `openpgp.encryptKey` and
`openpgp.decryptKey` should be used instead: these don't mutate the key;
instead, they either return a new encrypted/decrypted key object or throw an
error.

With `Key.prototype.encrypt` and `decrypt`, which mutated the key, it was
possible to end up in an inconsistent state if some (sub)keys could be
decrypted but others couldn't, they would both mutate the key and throw an
error, which is unexpected.

Note that the `keyID` parameter is not supported by `encryptKey`/`decryptKey`,
since partial key decryption is not recommended. If you still need to decrypt
a single subkey or primary key `k`, you can call `k.keyPacket.decrypt(...)`,
followed by `k.keyPacket.validate(...)`. Similarly, for encryption, call
`k.keyPacket.encrypt(...)`.

Additionally, `openpgp.generateKey` now requires `options.userIDs` again,
since otherwise the key is basically unusable. This was a regression from v4,
since we now allow parsing keys without user IDs (but still not using them).
2021-04-23 15:43:38 +02:00
Daniel Huigens
e599cee6c8 Remove top-level streaming options
Only return a stream if a stream was passed.
2021-03-26 10:56:02 +01:00
Daniel Huigens
91bd9e2c15 Replace Message.fromText and Message.fromBinary with createMessage
Also, replace CleartextMessage.fromText with createCleartextMessage.
2021-03-26 10:56:02 +01:00
Daniel Huigens
18ec54bf4b Fetch Streams ponyfill on demand in lightweight build 2021-03-26 10:56:02 +01:00
larabr
6cff19c44a
Use consistent name casing (#1268)
- Use PascalCase for classes, with uppercase acronyms.
- Use camelCase for function and variables. First word/acronym is always
  lowercase, otherwise acronyms are uppercase.

Also, make the packet classes' `tag` properties `static`.
2021-03-25 19:56:59 +01:00
larabr
8a57246ec4
Add config.rejectPublicKeyAlgorithms (#1264)
- Add `config.rejectPublicKeyAlgorithms` to disallow using the given algorithms
  to verify, sign or encrypt new messages or third-party certifications.

- Consider `config.minRsaBits` when signing, verifying and encrypting messages
  and third-party certifications, not just on key generation.

- When verifying a message, if the verification key is not found (i.e. not
  provided or too weak), the corresponding `signature` will have
  `signature.valid=false` (used to be `signature.valid=null`).
  `signature.error` will detail whether the key is missing/too weak/etc.

Generating and verifying key certification signatures is still permitted in all cases.
2021-03-25 15:08:49 +01:00
larabr
43fb58404d
Simplify algorithm preference selection and normalize config names (#1262)
- Rename `config.compression` to `config.preferredCompressionAlgorithm`
- Rename `config.encryptionCipher` to `config.preferredSymmetricAlgorithm`
- Rename `config.preferHashAlgorithm` to `config.preferredHashAlgorithm`
- Rename `config.aeadMode` to `config.preferredAeadAlgorithm`
- When encrypting to public keys, the compression/aead/symmetric algorithm is selected by:
  - taking the preferred algorithm specified in config, if it is supported by all recipients
  - otherwise, taking the "MUST implement" algorithm specified by rfc4880bis
- When encrypting to passphrases only (no public keys), the preferred algorithms from `config` are always used
- EdDSA signing with a hash algorithm weaker than sha256 is explicitly disallowed (https://tools.ietf.org/id/draft-ietf-openpgp-rfc4880bis-10.html#section-15-7.2)
2021-03-10 18:06:03 +01:00
Daniel Huigens
174086a011 Default to empty filename 2021-02-28 01:47:48 +01:00
Daniel Huigens
e1307b88d0
Consolidate read* functions (#1236)
Make all `read*` functions accept an options object, so that we can add config
options to them later (for #1166). This is necessary so that we can remove the
global `openpgp.config`, which doesn't work that well when importing
individual functions.

Furthermore, merge `readMessage` and `readArmoredMessage` into one function,
et cetera.
2021-02-17 20:36:33 +01:00
Daniel Huigens
b6edfe646b Lint all tests (#1235) 2021-02-12 23:00:22 +01:00
larabr
92887a0948 Revert to disabling AEAD encryption by default (#1190) 2021-02-09 19:25:20 +01:00
larabr
89f738da45 Fix EOL in streaming tests 2021-02-09 19:25:20 +01:00
larabr
c34dede6de Use \n instead of \r\n for EOL when armoring (#1183) 2021-02-09 19:25:20 +01:00
Daniel Huigens
2382482090 [v5] Unexport openpgp.util, openpgp.crypto, and low-level types (#1175) 2021-02-09 19:25:20 +01:00
Dan Ristea
331a0c27a9 Store named signature parameters (#1158)
Also, remove the now-unnecessary MPI type.
2021-02-09 19:25:20 +01:00
Daniel Huigens
f276e1ef51 Export key, message, signature, cleartext functions and classes directly
Instead of as modules.

Replace *.read with read*, *.readArmored with readArmored*, etc.
Replace cleartext.readArmored with readArmoredCleartextMessage.
Replace message.fromText with Message.fromText, etc.
2021-02-09 19:25:20 +01:00
Daniel Huigens
0e33e641af Switch build system to rollup
Also, default to minimized builds.
2021-02-09 19:25:20 +01:00
Ilya Chesnokov
e16807505f Switch util function names to camelCase (#1091) 2021-02-09 19:25:20 +01:00
Ilya Chesnokov
d415bc2546 Rename config option names to camelCase (#1088) 2021-02-09 19:25:20 +01:00
larabr
a7640bce52 Use AEAD protection by default (#1062) 2021-02-09 19:25:20 +01:00
Daniel Huigens
2bc24f354b Return only one key in key.read[Armored], add readAll[Armored] 2021-02-09 19:25:20 +01:00
Daniel Huigens
ef7c38860b Don't unnecessarily return objects in top-level functions
openpgp.encrypt, sign, encryptSessionKey, encryptKey and decryptKey now
return their result directly without wrapping it in a "result" object.

Also, remove the `detached` and `returnSessionKey` options of
openpgp.encrypt.
2021-02-09 19:25:20 +01:00
Daniel Huigens
3a84442b5f Don't use native streams in old Edge 2021-02-09 19:25:20 +01:00
Daniel Huigens
2fffc76060 Don't overwrite Web Streams Polyfill to globals
Instead, use the ponyfill that's now included in web-stream-tools.
Also, convert back to native ReadableStream when we used the ponyfill.
2021-02-09 19:25:20 +01:00
Daniel Huigens
37d30c5003 Return strings in Node streams where appropriate 2021-02-09 19:25:20 +01:00
Daniel Huigens
08d6b276e3 Return data as string in openpgp.verify by default
Add format='utf8'/'binary' param to openpgp.verify in order to be able
to return binary data instead.
2021-02-09 19:25:20 +01:00
Daniel Huigens
7225251af8 Return Uint8Array(Stream) instead of object when armor = false 2021-02-09 19:25:20 +01:00
Daniel Huigens
2ff4fbb0e8 Optimize base64 encoding and decoding 2020-02-25 15:06:38 +01:00