Release new version

Reset secret key's encrypted field to null after decryption

Gruntfile.js

@@ -51,7 +51,8 @@ module.exports = function(grunt) {
               ignore: ['*.min.js'],
               presets: ["es2015"]
             }]
-          ]
+          ],
+          plugin: [ 'browserify-derequire' ]
         }
       },
       openpgp_debug: {
@@ -69,7 +70,8 @@ module.exports = function(grunt) {
               ignore: ['*.min.js'],
               presets: ["es2015"]
             }]
-          ]
+          ],
+          plugin: [ 'browserify-derequire' ]
         }
       },
       worker: {
@@ -77,11 +79,6 @@ module.exports = function(grunt) {
           'dist/openpgp.worker.js': [ './src/worker/worker.js' ]
         }
       },
-      worker_min: {
-        files: {
-          'dist/openpgp.worker.min.js': [ './src/worker/worker.js' ]
-        }
-      },
       unittests: {
         files: {
           'test/lib/unittests-bundle.js': [ './test/unittests.js' ]
@@ -108,12 +105,20 @@ module.exports = function(grunt) {
           to: 'OpenPGP.js v<%= pkg.version %>'
         }]
       },
+      openpgp_min: {
+        src: ['dist/openpgp.min.js'],
+        dest: ['dist/openpgp.min.js'],
+        replacements: [{
+          from: "openpgp.worker.js",
+          to: "openpgp.worker.min.js"
+        }]
+      },
       worker_min: {
         src: ['dist/openpgp.worker.min.js'],
         dest: ['dist/openpgp.worker.min.js'],
         replacements: [{
-          from: "importScripts('openpgp.js')",
+          from: "openpgp.js",
-          to: "importScripts('openpgp.min.js')"
+          to: "openpgp.min.js"
         }]
       }
     },
@@ -121,7 +126,7 @@ module.exports = function(grunt) {
       openpgp: {
         files: {
           'dist/openpgp.min.js' : [ 'dist/openpgp.js' ],
-          'dist/openpgp.worker.min.js' : [ 'dist/openpgp.worker.min.js' ]
+          'dist/openpgp.worker.min.js' : [ 'dist/openpgp.worker.js' ]
         }
       },
       options: {
@@ -290,7 +295,9 @@ module.exports = function(grunt) {
   }
 
   // Build tasks
-  grunt.registerTask('default', ['clean', 'copy:zlib', 'browserify', 'replace', 'uglify']);
+  grunt.registerTask('version', ['replace:openpgp', 'replace:openpgp_debug']);
+  grunt.registerTask('replace_min', ['replace:openpgp_min', 'replace:worker_min']);
+  grunt.registerTask('default', ['clean', 'copy:zlib', 'browserify', 'version', 'uglify', 'replace_min']);
   grunt.registerTask('documentation', ['jsdoc']);
   // Test/Dev tasks
   grunt.registerTask('test', ['jshint', 'jscs', 'mochaTest']);

bower.json

@@ -1,6 +1,6 @@
 {
   "name": "openpgp",
-  "version": "2.3.2",
+  "version": "2.3.5",
   "license": "LGPL-3.0+",
   "homepage": "http://openpgpjs.org/",
   "authors": [

dist/openpgp.worker.js

@@ -45,7 +45,7 @@ self.onmessage = function(event) {
       break;
 
     default:
-      delegate(msg.event, msg.options || {});
+      delegate(msg.id, msg.event, msg.options || {});
   }
 };
 
@@ -76,18 +76,18 @@ function seedRandom(buffer) {
  * @param  {String} method    The public api function to be delegated to the worker thread
  * @param  {Object} options   The api function's options
  */
-function delegate(method, options) {
+function delegate(id, method, options) {
   if (typeof openpgp[method] !== 'function') {
-    response({ event:'method-return', err:'Unknown Worker Event' });
+    response({ id:id, event:'method-return', err:'Unknown Worker Event' });
     return;
   }
   // parse cloned packets
   options = openpgp.packet.clone.parseClonedPackets(options, method);
   openpgp[method](options).then(function(data) {
     // clone packets (for web worker structured cloning algorithm)
-    response({ event:'method-return', data:openpgp.packet.clone.clonePackets(data) });
+    response({ id:id, event:'method-return', data:openpgp.packet.clone.clonePackets(data) });
   }).catch(function(e) {
-    response({ event:'method-return', err:e.message });
+    response({ id:id, event:'method-return', err:e.message });
   });
 }
 

dist/openpgp.worker.min.js

@@ -1 +1 @@
-/*! OpenPGP.js v2.3.2 - 2016-06-08 - this is LGPL licensed code, see LICENSE/our website http://openpgpjs.org/ for more information. */!function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0);if(f)return f(g,!0);var j=new Error("Cannot find module '"+g+"'");throw j.code="MODULE_NOT_FOUND",j}var k=c[g]={exports:{}};b[g][0].call(k.exports,function(a){var c=b[g][1][a];return e(c?c:a)},k,k.exports,a,b,c,d)}return c[g].exports}for(var f="function"==typeof require&&require,g=0;g<d.length;g++)e(d[g]);return e}({1:[function(a,b,c){function d(a){for(var b in a)h.config[b]=a[b]}function e(a){a instanceof Uint8Array||(a=new Uint8Array(a)),h.crypto.random.randomBuffer.set(a)}function f(a,b){return"function"!=typeof h[a]?void g({event:"method-return",err:"Unknown Worker Event"}):(b=h.packet.clone.parseClonedPackets(b,a),void h[a](b).then(function(a){g({event:"method-return",data:h.packet.clone.clonePackets(a)})})["catch"](function(a){g({event:"method-return",err:a.message})}))}function g(a){h.crypto.random.randomBuffer.size<i&&self.postMessage({event:"request-seed"}),self.postMessage(a,h.util.getTransferables.call(h.util,a.data))}self.window={},importScripts("openpgp.min.js");var h=window.openpgp,i=4e4,j=6e4;h.crypto.random.randomBuffer.init(j),self.onmessage=function(a){var b=a.data||{};switch(b.event){case"configure":d(b.config);break;case"seed-random":e(b.buf);break;default:f(b.event,b.options||{})}}},{}]},{},[1]);
+/*! OpenPGP.js v2.3.5 - 2016-10-26 - this is LGPL licensed code, see LICENSE/our website http://openpgpjs.org/ for more information. */!function a(b,c,d){function e(g,h){if(!c[g]){if(!b[g]){var i="function"==typeof require&&require;if(!h&&i)return i(g,!0);if(f)return f(g,!0);var j=new Error("Cannot find module '"+g+"'");throw j.code="MODULE_NOT_FOUND",j}var k=c[g]={exports:{}};b[g][0].call(k.exports,function(a){var c=b[g][1][a];return e(c?c:a)},k,k.exports,a,b,c,d)}return c[g].exports}for(var f="function"==typeof require&&require,g=0;g<d.length;g++)e(d[g]);return e}({1:[function(a,b,c){function d(a){for(var b in a)h.config[b]=a[b]}function e(a){a instanceof Uint8Array||(a=new Uint8Array(a)),h.crypto.random.randomBuffer.set(a)}function f(a,b,c){return"function"!=typeof h[b]?void g({id:a,event:"method-return",err:"Unknown Worker Event"}):(c=h.packet.clone.parseClonedPackets(c,b),void h[b](c).then(function(b){g({id:a,event:"method-return",data:h.packet.clone.clonePackets(b)})})["catch"](function(b){g({id:a,event:"method-return",err:b.message})}))}function g(a){h.crypto.random.randomBuffer.size<i&&self.postMessage({event:"request-seed"}),self.postMessage(a,h.util.getTransferables.call(h.util,a.data))}self.window={},importScripts("openpgp.min.js");var h=window.openpgp,i=4e4,j=6e4;h.crypto.random.randomBuffer.init(j),self.onmessage=function(a){var b=a.data||{};switch(b.event){case"configure":d(b.config);break;case"seed-random":e(b.buf);break;default:f(b.id,b.event,b.options||{})}}},{}]},{},[1]);

npm-shrinkwrap.json

@@ -1,6 +1,6 @@
 {
   "name": "openpgp",
-  "version": "2.3.2",
+  "version": "2.3.5",
   "dependencies": {
     "asmcrypto-lite": {
       "version": "1.1.0",

package.json

@@ -1,7 +1,7 @@
 {
   "name": "openpgp",
   "description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
-  "version": "2.3.2",
+  "version": "2.3.5",
   "license": "LGPL-3.0+",
   "homepage": "http://openpgpjs.org/",
   "engines": {
@@ -35,6 +35,7 @@
     "asmcrypto-lite": "^1.0.0",
     "babel-preset-es2015": "^6.3.13",
     "babelify": "^7.2.0",
+    "browserify-derequire": "^0.9.4",
     "chai": "~3.5.0",
     "es6-promise": "^3.1.2",
     "grunt": "~0.4.5",

src/message.js

@@ -321,6 +321,9 @@ Message.prototype.sign = function(privateKeys) {
     }
     onePassSig.publicKeyAlgorithm = signingKeyPacket.algorithm;
     onePassSig.signingKeyId = signingKeyPacket.getKeyId();
+    if (i === privateKeys.length - 1) {
+      onePassSig.flags = 1;
+    }
     packetlist.push(onePassSig);
   }
 

src/packet/secret_key.js

@@ -269,6 +269,7 @@ SecretKey.prototype.decrypt = function (passphrase) {
   }
   this.mpi = this.mpi.concat(parsedMPI);
   this.isDecrypted = true;
+  this.encrypted = null;
   return true;
 };
 

src/worker/async_proxy.js

@@ -39,13 +39,24 @@ export default function AsyncProxy({ path='openpgp.worker.js', worker, config }
     throw new Error('Unhandled error in openpgp worker: ' + e.message + ' (' + e.filename + ':' + e.lineno + ')');
   };
   this.seedRandom(INITIAL_RANDOM_SEED);
-  // FIFO
+
-  this.tasks = [];
   if (config) {
     this.worker.postMessage({ event:'configure', config });
   }
+
+  // Cannot rely on task order being maintained, use object keyed by request ID to track tasks
+  this.tasks = {};
+  this.currentID = 0;
 }
 
+/**
+ * Get new request ID
+ * @return {integer}          New unique request ID
+*/
+AsyncProxy.prototype.getID = function() {
+  return this.currentID++;
+};
+
 /**
  * Message handling
  */
@@ -55,11 +66,12 @@ AsyncProxy.prototype.onMessage = function(event) {
     case 'method-return':
       if (msg.err) {
         // fail
-        this.tasks.shift().reject(new Error(msg.err));
+        this.tasks[msg.id].reject(new Error(msg.err));
       } else {
         // success
-        this.tasks.shift().resolve(msg.data);
+        this.tasks[msg.id].resolve(msg.data);
       }
+      delete this.tasks[msg.id];
       break;
     case 'request-seed':
       this.seedRandom(RANDOM_SEED_REQUEST);
@@ -106,11 +118,13 @@ AsyncProxy.prototype.terminate = function() {
  * @return {Promise}          see the corresponding public api functions for their return types
  */
 AsyncProxy.prototype.delegate = function(method, options) {
+  const id = this.getID();
+
   return new Promise((resolve, reject) => {
     // clone packets (for web worker structured cloning algorithm)
-    this.worker.postMessage({ event:method, options:packet.clone.clonePackets(options) }, util.getTransferables.call(util, options));
+    this.worker.postMessage({ id:id, event:method, options:packet.clone.clonePackets(options) }, util.getTransferables.call(util, options));
 
     // remember to handle parsing cloned packets from worker
-    this.tasks.push({ resolve: data => resolve(packet.clone.parseClonedPackets(data, method)), reject });
+    this.tasks[id] = { resolve: data => resolve(packet.clone.parseClonedPackets(data, method)), reject };
   });
 };

src/worker/worker.js

@@ -44,7 +44,7 @@ self.onmessage = function(event) {
       break;
 
     default:
-      delegate(msg.event, msg.options || {});
+      delegate(msg.id, msg.event, msg.options || {});
   }
 };
 
@@ -75,18 +75,18 @@ function seedRandom(buffer) {
  * @param  {String} method    The public api function to be delegated to the worker thread
  * @param  {Object} options   The api function's options
  */
-function delegate(method, options) {
+function delegate(id, method, options) {
   if (typeof openpgp[method] !== 'function') {
-    response({ event:'method-return', err:'Unknown Worker Event' });
+    response({ id:id, event:'method-return', err:'Unknown Worker Event' });
     return;
   }
   // parse cloned packets
   options = openpgp.packet.clone.parseClonedPackets(options, method);
   openpgp[method](options).then(function(data) {
     // clone packets (for web worker structured cloning algorithm)
-    response({ event:'method-return', data:openpgp.packet.clone.clonePackets(data) });
+    response({ id:id, event:'method-return', data:openpgp.packet.clone.clonePackets(data) });
   }).catch(function(e) {
-    response({ event:'method-return', err:e.message });
+    response({ id:id, event:'method-return', err:e.message });
   });
 }