Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2025-06-07 22:56:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
openpgpjs/src/config/config.js
larabr aa222fecb2
Drop config.revocationsExpire, always honour revocation expiration instead (#1736) 
Unclear motivation for adding the original config option; if an expiration is there, it should
be honoured.

Breaking change:
the option used to default to `false`, and ignore revocation expirations. We now honour
those expirations, namely match the behaviour resulting from setting the option to `true`.
2024-03-28 14:24:23 +01:00

285 lines
14 KiB
JavaScript
Raw Blame History

// GPG4Browsers - An OpenPGP implementation in javascript
// Copyright (C) 2011 Recurity Labs GmbH
//
// This library is free software; you can redistribute it and/or
// modify it under the terms of the GNU Lesser General Public
// License as published by the Free Software Foundation; either
// version 3.0 of the License, or (at your option) any later version.
//
// This library is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// Lesser General Public License for more details.
//
// You should have received a copy of the GNU Lesser General Public
// License along with this library; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
/**
* Global configuration values.
*/
import enums from '../enums';
export default {
/**
* @memberof module:config
* @property {Integer} preferredHashAlgorithm Default hash algorithm {@link module:enums.hash}
*/
preferredHashAlgorithm: enums.hash.sha256,
/**
* @memberof module:config
* @property {Integer} preferredSymmetricAlgorithm Default encryption cipher {@link module:enums.symmetric}
*/
preferredSymmetricAlgorithm: enums.symmetric.aes256,
/**
* @memberof module:config
* @property {Integer} compression Default compression algorithm {@link module:enums.compression}
*/
preferredCompressionAlgorithm: enums.compression.uncompressed,
/**
* Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.
* This option is applicable to:
* - key generation (encryption key preferences),
* - password-based message encryption, and
* - private key encryption.
* In the case of message encryption using public keys, the encryption key preferences are respected instead.
* Note: not all OpenPGP implementations are compatible with this option.
* @see {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-10.html|draft-crypto-refresh-10}
* @memberof module:config
* @property {Boolean} aeadProtect
*/
aeadProtect: false,
/**
* When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`)
* which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`,
* this option must be set, otherwise key parsing and/or key decryption will fail.
* Note: only set this flag if you know that the keys are of the legacy type, as non-legacy keys
* will be processed incorrectly.
*/
parseAEADEncryptedV4KeysAsLegacy: false,
/**
* Default Authenticated Encryption with Additional Data (AEAD) encryption mode
* Only has an effect when aeadProtect is set to true.
* @memberof module:config
* @property {Integer} preferredAEADAlgorithm Default AEAD mode {@link module:enums.aead}
*/
preferredAEADAlgorithm: enums.aead.gcm,
/**
* Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode
* Only has an effect when aeadProtect is set to true.
* Must be an integer value from 0 to 56.
* @memberof module:config
* @property {Integer} aeadChunkSizeByte
*/
aeadChunkSizeByte: 12,
/**
* Use v6 keys.
* Note: not all OpenPGP implementations are compatible with this option.
* **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**
* @memberof module:config
* @property {Boolean} v6Keys
*/
v6Keys: false,
/**
* S2K (String to Key) type, used for key derivation in the context of secret key encryption
* and password-encrypted data. Weaker s2k options are not allowed.
* Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it
* (pending standardisation).
* @memberof module:config
* @property {enums.s2k.argon2|enums.s2k.iterated} s2kType {@link module:enums.s2k}
*/
s2kType: enums.s2k.iterated,
/**
* {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3| RFC4880 3.7.1.3}:
* Iteration Count Byte for Iterated and Salted S2K (String to Key).
* Only relevant if `config.s2kType` is set to `enums.s2k.iterated`.
* Note: this is the exponent value, not the final number of iterations (refer to specs for more details).
* @memberof module:config
* @property {Integer} s2kIterationCountByte
*/
s2kIterationCountByte: 224,
/**
* {@link https://tools.ietf.org/html/draft-ietf-openpgp-crypto-refresh-07.html#section-3.7.1.4| draft-crypto-refresh 3.7.1.4}:
* Argon2 parameters for S2K (String to Key).
* Only relevant if `config.s2kType` is set to `enums.s2k.argon2`.
* Default settings correspond to the second recommendation from RFC9106 ("uniformly safe option"),
* to ensure compatibility with memory-constrained environments.
* For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4.
* @memberof module:config
* @property {Object} params
* @property {Integer} params.passes - number of iterations t
* @property {Integer} params.parallelism - degree of parallelism p
* @property {Integer} params.memoryExponent - one-octet exponent indicating the memory size, which will be: 2**memoryExponent kibibytes.
*/
s2kArgon2Params: {
passes: 3,
parallelism: 4, // lanes
memoryExponent: 16 // 64 MiB of RAM
},
/**
* Allow decryption of messages without integrity protection.
* This is an **insecure** setting:
* - message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.
* - it enables downgrade attacks against integrity-protected messages.
* @memberof module:config
* @property {Boolean} allowUnauthenticatedMessages
*/
allowUnauthenticatedMessages: false,
/**
* Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to
* process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible
* and deferring checking their integrity until the decrypted stream has been read in full.
*
* This setting is **insecure** if the encrypted data has been corrupted by a malicious entity:
* - if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL
* (see https://efail.de/).
* - an attacker with access to traces or timing info of internal processing errors could learn some info about the data.
*
* NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed.
* @memberof module:config
* @property {Boolean} allowUnauthenticatedStream
*/
allowUnauthenticatedStream: false,
/**
* Minimum RSA key size allowed for key generation and message signing, verification and encryption.
* The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.
* @memberof module:config
* @property {Number} minRSABits
*/
minRSABits: 2047,
/**
* Work-around for rare GPG decryption bug when encrypting with multiple passwords.
* **Slower and slightly less secure**
* @memberof module:config
* @property {Boolean} passwordCollisionCheck
*/
passwordCollisionCheck: false,
/**
* Allow decryption using RSA keys without `encrypt` flag.
* This setting is potentially insecure, but it is needed to get around an old openpgpjs bug
* where key flags were ignored when selecting a key for encryption.
* @memberof module:config
* @property {Boolean} allowInsecureDecryptionWithSigningKeys
*/
allowInsecureDecryptionWithSigningKeys: false,
/**
* Allow verification of message signatures with keys whose validity at the time of signing cannot be determined.
* Instead, a verification key will also be consider valid as long as it is valid at the current time.
* This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted,
* and have self-signature's creation date that does not match the primary key creation date.
* @memberof module:config
* @property {Boolean} allowInsecureDecryptionWithSigningKeys
*/
allowInsecureVerificationWithReformattedKeys: false,
/**
* Allow using keys that do not have any key flags set.
* Key flags are needed to restrict key usage to specific purposes: for instance, a signing key could only be allowed to certify other keys, and not sign messages
* (see https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29).
* Some older keys do not declare any key flags, which means they are not allowed to be used for any operation.
* This setting allows using such keys for any operation for which they are compatible, based on their public key algorithm.
*/
allowMissingKeyFlags: false,
/**
* Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716).
* This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:
* - new/incoming messages are automatically decrypted (without user interaction);
* - an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).
* See also `constantTimePKCS1DecryptionSupportedSymmetricAlgorithms`.
* @memberof module:config
* @property {Boolean} constantTimePKCS1Decryption
*/
constantTimePKCS1Decryption: false,
/**
* This setting is only meaningful if `constantTimePKCS1Decryption` is enabled.
* Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.
* However, the more algorithms are added, the slower the decryption procedure becomes.
* @memberof module:config
* @property {Set<Integer>} constantTimePKCS1DecryptionSupportedSymmetricAlgorithms {@link module:enums.symmetric}
*/
constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: new Set([enums.symmetric.aes128, enums.symmetric.aes192, enums.symmetric.aes256]),
/**
* @memberof module:config
* @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error
*/
ignoreUnsupportedPackets: true,
/**
* @memberof module:config
* @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error
*/
ignoreMalformedPackets: false,
/**
* Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only
* contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable
* as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).
* @memberof module:config
* @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]
*/
additionalAllowedPackets: [],
/**
* @memberof module:config
* @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages
*/
showVersion: false,
/**
* @memberof module:config
* @property {Boolean} showComment Whether to include {@link module:config/config.commentString} in armored messages
*/
showComment: false,
/**
* @memberof module:config
* @property {String} versionString A version string to be included in armored messages
*/
versionString: 'OpenPGP.js VERSION',
/**
* @memberof module:config
* @property {String} commentString A comment string to be included in armored messages
*/
commentString: 'https://openpgpjs.org',
/**
* Max userID string length (used for parsing)
* @memberof module:config
* @property {Integer} maxUserIDLength
*/
maxUserIDLength: 1024 * 5,
/**
* Contains notatations that are considered "known". Known notations do not trigger
* validation error when the notation is marked as critical.
* @memberof module:config
* @property {Array} knownNotations
*/
knownNotations: [],
/**
* Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API.
* When false, certain standard curves will not be supported (depending on the platform).
* @memberof module:config
* @property {Boolean} useEllipticFallback
*/
useEllipticFallback: true,
/**
* Reject insecure hash algorithms
* @memberof module:config
* @property {Set<Integer>} rejectHashAlgorithms {@link module:enums.hash}
*/
rejectHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd]),
/**
* Reject insecure message hash algorithms
* @memberof module:config
* @property {Set<Integer>} rejectMessageHashAlgorithms {@link module:enums.hash}
*/
rejectMessageHashAlgorithms: new Set([enums.hash.md5, enums.hash.ripemd, enums.hash.sha1]),
/**
* Reject insecure public key algorithms for key generation and message encryption, signing or verification
* @memberof module:config
* @property {Set<Integer>} rejectPublicKeyAlgorithms {@link module:enums.publicKey}
*/
rejectPublicKeyAlgorithms: new Set([enums.publicKey.elgamal, enums.publicKey.dsa]),
/**
* Reject non-standard curves for key generation, message encryption, signing or verification
* @memberof module:config
* @property {Set<String>} rejectCurves {@link module:enums.curve}
*/
rejectCurves: new Set([enums.curve.secp256k1])
};
Reference in New Issue View Git Blame Copy Permalink