The latest version of the crypto refresh (i.e., !313, !314) specifies that
the "Hash" header is deprecated, and that an implementation that is verifying
a cleartext signed message MUST ignore this header.
However, we go against this directive, and keep the checks in place to avoid
arbitrary injection of text as part of the "Hash" header payload.
We also mandate that if the hash header is present, the declared
algorithm matches the signature algorithm. This is again to avoid
a spoofing attack where e.g. a SHA1 signature is presented as
using SHA512.
Related CVEs: CVE-2019-11841, CVE-2023-41037.
This commit does not change the writing part of cleartext messages.
# Conflicts:
# src/cleartext.js
The crypto refresh says that we MUST NOT reject messages where the
CRC24 checksum is incorrect. So, we remove the check for it.
Also, remove the checksumRequired config.
Mocha v10 requires the lib to be esm compliant.
ESM mandates the use of file extensions in imports, so to minimize the
changes (for now), we rely on the flag `experimental-specifier-resolution=node`
and on `ts-node` (needed only for Node 20).
Breaking changes:
downstream bundlers might be affected by the package.json changes depending on
how they load the library.
NB: legacy package.json entrypoints are still available.
- Add `PrivateKey` and `PublicKey` classes. A `PrivateKey` can always
be passed where a `PublicKey` key is expected, but not vice versa.
- Unexport `Key`, and export `PrivateKey` and `PublicKey`.
- Rename `Key.packetlist2structure` to `Key.packetListToStructure`.
- Change `Key.update` to return a new updated key, rather than
modifying the destination one in place.
- Add `openpgp.readPrivateKey` and `openpgp.readPrivateKeys` to avoid
having to downcast the result of `readKey(s)` in TypeScript.
This change allows us to only load the `ReadableStream` polyfill when
needed without behaving inconsistently in the external API.
Users of the library should use the global `ReadableStream` or Node.js
`stream.Readable` instead, or import a polyfill if needed. This patch
loosens the detection criteria such that polyfilled streams are better
detected.
Make all `read*` functions accept an options object, so that we can add config
options to them later (for #1166). This is necessary so that we can remove the
global `openpgp.config`, which doesn't work that well when importing
individual functions.
Furthermore, merge `readMessage` and `readArmoredMessage` into one function,
et cetera.
Instead of as modules.
Replace *.read with read*, *.readArmored with readArmored*, etc.
Replace cleartext.readArmored with readArmoredCleartextMessage.
Replace message.fromText with Message.fromText, etc.
- Don't add an extraneous newline at the end of base64-encoded data
if it is a multiple of 60 characters long.
- Generate \r\n instead of \n in base64-encoded data.
- Generate one newline instead of two after END PGP PUBLIC KEY BLOCK
for consistency with the other footers.
- Allow leading spaces in headers (since we were already accepting
leading spaces everywhere else in the armored text).
- Read ReadableStreams before passing them to a Worker
There are dozens of links in the OpenPGP.js codebase that are http but
could be replaced with https links. I've converted as many of them as
i could find.
