187 Commits

Author SHA1 Message Date
Daniel Huigens
e2eadd09e4 Fix documentation of top-level function parameters 2021-02-27 23:37:41 +01:00
Daniel Huigens
636c7cf529 Update documentation 2021-02-27 01:22:13 +01:00
larabr
7f37a8aaca
Add config parameter to top-level functions (#1241)
Refactor functions to take the configuration as a parameter.

This allows setting a config option for a single function call, whereas
setting `openpgp.config` could lead to concurrency-related issues when
multiple async function calls are made at the same time.

`openpgp.config` is used as default for unset config values in top-level
functions.
`openpgp.config` is used as default config object in low-level functions
(i.e., when calling a low-level function, it may be required to pass
`{ ...openpgp.config, modifiedConfig: modifiedValue }`).

Also,

- remove `config.rsaBlinding`: blinding is now always applied to RSA decryption
- remove `config.debug`: debugging mode can be enabled by setting
  `process.env.NODE_ENV = 'development'`
- remove `config.useNative`: native crypto is always used when available
2021-02-26 20:04:54 +01:00
Daniel Huigens
e1307b88d0
Consolidate read* functions (#1236)
Make all `read*` functions accept an options object, so that we can add config
options to them later (for #1166). This is necessary so that we can remove the
global `openpgp.config`, which doesn't work that well when importing
individual functions.

Furthermore, merge `readMessage` and `readArmoredMessage` into one function,
et cetera.
2021-02-17 20:36:33 +01:00
Ali Cherry
9ae0aae7a2
Add options to select encryption/signing key IDs (#1238) 2021-02-17 20:06:31 +01:00
larabr
66c06dab3e Check if any (sub)key is decrypted in Key.prototype.isDecrypted (#1182)
`key.isDecrypted()` now returns true if either the primary key or any subkey
is decrypted.

Additionally, implement `SecretKeyPacket.prototype.makeDummy` for encrypted
keys.
2021-02-09 19:25:20 +01:00
larabr
c23ed58387 Require User IDs to be objects; refactor UserIDPacket (#1187)
- `openpgp.generateKey` now expects `userIds` in object format
  (strings are no longer supported)
- Remove `util.parseUserId` and `util.formatUserId`
- Replace `UserIDPacket#format` with `UserIDPacket.fromObject`
2021-02-09 19:25:20 +01:00
larabr
2ee36c2984 Drop inconsistent boolean returns and fix type definitions (#1191)
- Remove the boolean return value of various internal functions that throw on
  error (the returned value was unused in most cases)
- Update and fix type definitions
2021-02-09 19:25:20 +01:00
Daniel Huigens
b3e08fdc26 Don't export default objects / namespaces
Import individual functions, instead.
2021-02-09 19:25:20 +01:00
Daniel Huigens
f276e1ef51 Export key, message, signature, cleartext functions and classes directly
Instead of as modules.

Replace *.read with read*, *.readArmored with readArmored*, etc.
Replace cleartext.readArmored with readArmoredCleartextMessage.
Replace message.fromText with Message.fromText, etc.
2021-02-09 19:25:20 +01:00
Daniel Huigens
6a607c7567 Rename SymEncryptedAEADProtectedDataPacket to AEADEncryptedDataPacket 2021-02-09 19:25:20 +01:00
Daniel Huigens
aea7aa953a Use ES6 classes 2021-02-09 19:25:20 +01:00
Daniel Huigens
fb3d23427d Allow dead code elimination 2021-02-09 19:25:20 +01:00
Ilya Chesnokov
e16807505f Switch util function names to camelCase (#1091) 2021-02-09 19:25:20 +01:00
Ilya Chesnokov
d415bc2546 Rename config option names to camelCase (#1088) 2021-02-09 19:25:20 +01:00
Daniel Huigens
ef7c38860b Don't unnecessarily return objects in top-level functions
openpgp.encrypt, sign, encryptSessionKey, encryptKey and decryptKey now
return their result directly without wrapping it in a "result" object.

Also, remove the `detached` and `returnSessionKey` options of
openpgp.encrypt.
2021-02-09 19:25:20 +01:00
Daniel Huigens
be7b174df4 Add openpgp.generateSessionKey 2021-02-09 19:25:20 +01:00
Daniel Huigens
7225251af8 Return Uint8Array(Stream) instead of object when armor = false 2021-02-09 19:25:20 +01:00
larabr
00c5f38689
Cipher-specific key validation (#1116)
Also, check binding signatures for decryption keys.

Also, do not always fallback on Web Crypto ECC errors.
2020-07-13 19:57:33 +02:00
Daniel Huigens
8c3bcd1f21 Reject signatures using insecure hash algorithms
Also, switch from returning false to throwing errors in most verify*()
functions, as well as in `await signatures[*].verified`, in order to be
able to show more informative error messages.
2020-02-25 15:06:15 +01:00
Daniel Huigens
e8ee70b2a8 Fix UnhandledPromiseRejectionWarnings in Node.js
These were introduced in 9bdeaa9 by `await`ing Promises later than
they're created.
2020-01-24 18:05:50 +01:00
Daniel Huigens
9bdeaa927a Don't keep entire decrypted message in memory while streaming
(When config.allow_unauthenticated_stream is set or the message is
AEAD-encrypted.)

The issue was that, when hashing the data for verification, we would
only start hashing at the very end (and keep the message in memory)
because nobody was "pulling" the stream containing the hash yet, so
backpressure was keeping the data from being hashed.

Note that, of the two patches in this commit, only the onePassSig.hashed
property actually mattered, for some reason. Also, the minimum
highWaterMark of 1 should have pulled the hashed stream anyway, I think.
I'm not sure why that didn't happen.
2020-01-24 17:58:17 +01:00
Ilya Chesnokov
6e7f399eb3 Use Web Crypto & Node crypto for RSA signing and verifying (#999)
Also, when generating RSA keys in JS, generate them with p < q, as per
the spec.

Also, when generating RSA keys using Web Crypto or Node crypto, swap the
generated p and q around, so that will satisfy p < q in most browsers
(but not old Microsoft Edge, 50% of the time) and so that we can use the
generated u coefficient (p^-1 mod q in OpenPGP, q^-1 mod p in RFC3447).

Then, when signing and verifying, swap p and q again, so that the key
hopefully satisfies Safari's requirement that p > q, and so that we can
keep using u again.
2019-11-18 14:59:01 +01:00
Ilya Chesnokov
08b7725b8c Create lightweight build that can lazily load indutny/elliptic if needed (#956)
This PR adds four config options to configure whether and how to load
indutny/elliptic: use_indutny_elliptic, external_indutny_elliptic,
indutny_elliptic_path and indutny_elliptic_fetch_options.

Also:

- Use tweetnacl.js instead of indutny/elliptic for curve25519 key generation

- Don't initialize indutny's curve25519, improving performance when using that curve

- Verify NIST signatures using Web Crypto instead of indutny/elliptic when not streaming

- Move KeyPair.sign/verify to ecdsa.js

- Move KeyPair.derive to ecdh.js

- Move keyFromPrivate and keyFromPublic to a new indutnyKey.js file
2019-10-25 16:07:57 +02:00
Daniel Huigens
a731a607ce Fix writing newly generated embedded primary key binding signatures 2019-09-11 18:11:15 +02:00
Ilya Chesnokov
5d9629d6a3 Style fixes; add spaces around all infix operators, remove new Buffer (#954)
* Add "space-infix-ops": "error" rule

* Remove deprecated Buffer constructor

* Resolve new-cap eslint rule

* @twiss: Clarify code that selects curve and algorithm
2019-08-30 12:27:30 +02:00
Daniel Huigens
a184ef6ec4 Remove support for the previous draft00 AEAD 2019-08-12 17:46:37 +02:00
Daniel Huigens
735d6d088f Implement V5 signatures 2019-08-12 17:46:37 +02:00
Daniel Huigens
2a5ab75fca Decrypt message with multiple keys in parallel
Don't keep the entire message in memory.

This also fixes an unhandled promise rejection when the input
stream contains an error (e.g. an armor checksum mismatch).
2019-07-19 19:05:26 +02:00
Ilya Chesnokov
6d626ea70c Style fixes and new style rules for eslint (#919) 2019-06-28 15:33:18 +02:00
Daniel Huigens
5dcaf85f5a Optimize reading large messages with lots of tiny partial body parts (#864)
* Fix pako decompression

* Optimize base64-decoding

* Don't stream-parse packets when not stream-reading data
2019-02-21 08:33:55 -08:00
Sanjana Rajan
1bee091f2a
Merge pull request #815 from twiss/userIds
Make fromUserIds/toUserIds params plural, and accept arrays of User IDs
2018-12-23 17:50:46 +01:00
Daniel Huigens
113c4a5f1e Add CAST5 to always-allowed algorithms
Golang's OpenPGP implementation uses CAST5 as its fallback.
(The spec mandates TripleDES as fallback.)

Fixes #819.
2018-12-22 00:00:47 -05:00
Daniel Huigens
e727097bb0 Always look at the same literal data packet in getText() and verify() 2018-12-17 12:27:05 -05:00
Daniel Huigens
3b9676f2e9 Reject messages encrypted with a symmetric algo not in preferred algos 2018-12-17 12:27:03 -05:00
Daniel Huigens
65772d86b3 Make fromUserIds/toUserIds params plural, and accept arrays of User IDs
Each User ID object is used for the key object at the corresponding index
in the privateKeys/publicKeys arrays.
2018-12-14 16:54:44 +01:00
Daniel Huigens
c7339f6f78 Check whether signing key was non-expired at signature creation time 2018-12-10 16:34:44 +01:00
Daniel Huigens
787965981a Check whether message signatures are expired when verifying them 2018-12-10 15:20:24 +01:00
Daniel Huigens
92230d2055 Consider non-expired signatures from expired keys to still be valid 2018-12-10 15:20:11 +01:00
Daniel Huigens
997f3e8e38 Compute signed data based on expected signature type 2018-11-05 17:13:40 +01:00
Daniel Huigens
327d3e5392 Only accept binary or text signatures when verifying messages 2018-11-05 11:47:39 +01:00
Daniel Huigens
abce79b509 Use Web Crypto for hashing 2018-11-01 14:11:22 +01:00
Sanjana Rajan
3c45b6f18a
Merge pull request #793 from twiss/signature-errors
Check that one-pass signatures match their corresponding signature
2018-11-01 12:13:02 +01:00
Daniel Huigens
13c29b1fc9 Fix decryption with multiple passwords 2018-11-01 11:46:27 +01:00
Daniel Huigens
9c82bf491e Reject signatures[*].verified and signatures[*].signature on read errors
However, don't throw "unhandled promise rejection" when not using these
properties at all, or when they reject before the user has a chance to
handle them.
2018-10-29 11:47:36 +01:00
Daniel Huigens
3751731330 Don't hang when signature packet corresponding to one-pass sig is missing 2018-10-04 22:13:10 +02:00
Daniel Huigens
e055d86062 Update documentation 2018-08-14 17:50:26 +02:00
Daniel Huigens
052fa444be Support Node streams 2018-08-14 17:19:54 +02:00
Daniel Huigens
0ddff3ae7d Rename asStream to streaming
Also, break up `postProcess`.
2018-08-14 17:19:51 +02:00
Daniel Huigens
52c4fa9639 Move streams library to a separate package 2018-08-14 16:35:40 +02:00