@protontech/openpgp 4.10.5 → 5.3.1

package/src/key/subkey.js

@@ -1,187 +0,0 @@
-/**
- * @requires enums
- * @requires key/helper
- * @requires packet
- * @module key/SubKey
- */
-
-import enums from '../enums';
-import * as helper from './helper';
-import packet from '../packet';
-
-/**
- * @class
- * @classdesc Class that represents a subkey packet and the relevant signatures.
- * @borrows module:packet.PublicSubkey#getKeyId as SubKey#getKeyId
- * @borrows module:packet.PublicSubkey#getFingerprint as SubKey#getFingerprint
- * @borrows module:packet.PublicSubkey#hasSameFingerprintAs as SubKey#hasSameFingerprintAs
- * @borrows module:packet.PublicSubkey#getAlgorithmInfo as SubKey#getAlgorithmInfo
- * @borrows module:packet.PublicSubkey#getCreationTime as SubKey#getCreationTime
- * @borrows module:packet.PublicSubkey#isDecrypted as SubKey#isDecrypted
- */
-export default function SubKey(subKeyPacket) {
-  if (!(this instanceof SubKey)) {
-    return new SubKey(subKeyPacket);
-  }
-  this.keyPacket = subKeyPacket;
-  this.bindingSignatures = [];
-  this.revocationSignatures = [];
-}
-
-/**
- * Transforms structured subkey data to packetlist
- * @returns {module:packet.List}
- */
-SubKey.prototype.toPacketlist = function() {
-  const packetlist = new packet.List();
-  packetlist.push(this.keyPacket);
-  packetlist.concat(this.revocationSignatures);
-  packetlist.concat(this.bindingSignatures);
-  return packetlist;
-};
-
-/**
- * Checks if a binding signature of a subkey is revoked
- * @param  {module:packet.SecretKey|
- *          module:packet.PublicKey} primaryKey    The primary key packet
- * @param  {module:packet.Signature}  signature     The binding signature to verify
- * @param  {module:packet.PublicSubkey|
- *          module:packet.SecretSubkey|
- *          module:packet.PublicKey|
- *          module:packet.SecretKey} key, optional The key to verify the signature
- * @param  {Date}                     date          Use the given date instead of the current time
- * @returns {Promise<Boolean>}                      True if the binding signature is revoked
- * @async
- */
-SubKey.prototype.isRevoked = async function(primaryKey, signature, key, date = new Date()) {
-  return helper.isDataRevoked(
-    primaryKey, enums.signature.subkey_revocation, {
-      key: primaryKey,
-      bind: this.keyPacket
-    }, this.revocationSignatures, signature, key, date
-  );
-};
-
-
-/**
- * Verify subkey. Checks for revocation signatures, expiration time
- * and valid binding signature. Throws if the subkey is invalid.
- * @param  {module:packet.SecretKey|
- *          module:packet.PublicKey} primaryKey The primary key packet
- * @param  {Date}                     date       Use the given date instead of the current time
- * @returns {Promise<true>}                      The status of the subkey
- * @async
- */
-SubKey.prototype.verify = async function(primaryKey, date = new Date()) {
-  const dataToVerify = { key: primaryKey, bind: this.keyPacket };
-  // check subkey binding signatures
-  const bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkey_binding, dataToVerify, date);
-  // check binding signature is not revoked
-  if (bindingSignature.revoked || await this.isRevoked(primaryKey, bindingSignature, null, date)) {
-    throw new Error('Subkey is revoked');
-  }
-  // check for expiration time
-  if (helper.isDataExpired(this.keyPacket, bindingSignature, date)) {
-    throw new Error('Subkey is expired');
-  }
-};
-
-/**
- * Returns the expiration time of the subkey or Infinity if key does not expire
- * Returns null if the subkey is invalid.
- * @param  {module:packet.SecretKey|
- *          module:packet.PublicKey} primaryKey  The primary key packet
- * @param  {Date}                     date       Use the given date instead of the current time
- * @returns {Promise<Date | Infinity | null>}
- * @async
- */
-SubKey.prototype.getExpirationTime = async function(primaryKey, date = new Date()) {
-  const dataToVerify = { key: primaryKey, bind: this.keyPacket };
-  let bindingSignature;
-  try {
-    bindingSignature = await helper.getLatestValidSignature(this.bindingSignatures, primaryKey, enums.signature.subkey_binding, dataToVerify, date);
-  } catch (e) {
-    return null;
-  }
-  const keyExpiry = helper.getExpirationTime(this.keyPacket, bindingSignature);
-  const sigExpiry = bindingSignature.getExpirationTime();
-  return keyExpiry < sigExpiry ? keyExpiry : sigExpiry;
-};
-
-/**
- * Update subkey with new components from specified subkey
- * @param  {module:key~SubKey}           subKey     Source subkey to merge
- * @param  {module:packet.SecretKey|
-            module:packet.SecretSubkey} primaryKey primary key used for validation
- * @returns {Promise<undefined>}
- * @async
- */
-SubKey.prototype.update = async function(subKey, primaryKey) {
-  if (!this.hasSameFingerprintAs(subKey)) {
-    throw new Error('SubKey update method: fingerprints of subkeys not equal');
-  }
-  // key packet
-  if (this.keyPacket.tag === enums.packet.publicSubkey &&
-      subKey.keyPacket.tag === enums.packet.secretSubkey) {
-    this.keyPacket = subKey.keyPacket;
-  }
-  // update missing binding signatures
-  const that = this;
-  const dataToVerify = { key: primaryKey, bind: that.keyPacket };
-  await helper.mergeSignatures(subKey, this, 'bindingSignatures', async function(srcBindSig) {
-    for (let i = 0; i < that.bindingSignatures.length; i++) {
-      if (that.bindingSignatures[i].issuerKeyId.equals(srcBindSig.issuerKeyId)) {
-        if (srcBindSig.created > that.bindingSignatures[i].created) {
-          that.bindingSignatures[i] = srcBindSig;
-        }
-        return false;
-      }
-    }
-    try {
-      return srcBindSig.verified || await srcBindSig.verify(primaryKey, enums.signature.subkey_binding, dataToVerify);
-    } catch (e) {
-      return false;
-    }
-  });
-  // revocation signatures
-  await helper.mergeSignatures(subKey, this, 'revocationSignatures', function(srcRevSig) {
-    return helper.isDataRevoked(primaryKey, enums.signature.subkey_revocation, dataToVerify, [srcRevSig]);
-  });
-};
-
-/**
- * Revokes the subkey
- * @param  {module:packet.SecretKey} primaryKey decrypted private primary key for revocation
- * @param  {Object} reasonForRevocation optional, object indicating the reason for revocation
- * @param  {module:enums.reasonForRevocation} reasonForRevocation.flag optional, flag indicating the reason for revocation
- * @param  {String} reasonForRevocation.string optional, string explaining the reason for revocation
- * @param  {Date} date optional, override the creationtime of the revocation signature
- * @returns {Promise<module:key~SubKey>} new subkey with revocation signature
- * @async
- */
-SubKey.prototype.revoke = async function(primaryKey, {
-  flag: reasonForRevocationFlag = enums.reasonForRevocation.no_reason,
-  string: reasonForRevocationString = ''
-} = {}, date = new Date()) {
-  const dataToSign = { key: primaryKey, bind: this.keyPacket };
-  const subKey = new SubKey(this.keyPacket);
-  subKey.revocationSignatures.push(await helper.createSignaturePacket(dataToSign, null, primaryKey, {
-    signatureType: enums.signature.subkey_revocation,
-    reasonForRevocationFlag: enums.write(enums.reasonForRevocation, reasonForRevocationFlag),
-    reasonForRevocationString
-  }, date));
-  await subKey.update(this, primaryKey);
-  return subKey;
-};
-
-['getKeyId', 'getFingerprint', 'getAlgorithmInfo', 'getCreationTime', 'isDecrypted'].forEach(name => {
-  SubKey.prototype[name] =
-    function() {
-      return this.keyPacket[name]();
-    };
-});
-
-SubKey.prototype.hasSameFingerprintAs =
-  function(other) {
-    return this.keyPacket.hasSameFingerprintAs(other.keyPacket || other);
-  };

package/src/key/user.js

@@ -1,230 +0,0 @@
-/**
- * @requires enums
- * @requires util
- * @requires packet
- * @requires key/helper
- * @module key/User
- */
-
-import enums from '../enums';
-import util from '../util';
-import packet from '../packet';
-import { mergeSignatures, isDataRevoked, createSignaturePacket } from './helper';
-
-/**
- * @class
- * @classdesc Class that represents an user ID or attribute packet and the relevant signatures.
- */
-export default function User(userPacket) {
-  if (!(this instanceof User)) {
-    return new User(userPacket);
-  }
-  this.userId = userPacket.tag === enums.packet.userid ? userPacket : null;
-  this.userAttribute = userPacket.tag === enums.packet.userAttribute ? userPacket : null;
-  this.selfCertifications = [];
-  this.otherCertifications = [];
-  this.revocationSignatures = [];
-}
-
-/**
- * Transforms structured user data to packetlist
- * @returns {module:packet.List}
- */
-User.prototype.toPacketlist = function() {
-  const packetlist = new packet.List();
-  packetlist.push(this.userId || this.userAttribute);
-  packetlist.concat(this.revocationSignatures);
-  packetlist.concat(this.selfCertifications);
-  packetlist.concat(this.otherCertifications);
-  return packetlist;
-};
-
-/**
- * Signs user
- * @param  {module:packet.SecretKey|
- *          module:packet.PublicKey} primaryKey  The primary key packet
- * @param  {Array<module:key.Key>}    privateKeys Decrypted private keys for signing
- * @returns {Promise<module:key.Key>}             New user with new certificate signatures
- * @async
- */
-User.prototype.sign = async function(primaryKey, privateKeys) {
-  const dataToSign = {
-    userId: this.userId,
-    userAttribute: this.userAttribute,
-    key: primaryKey
-  };
-  const user = new User(dataToSign.userId || dataToSign.userAttribute);
-  user.otherCertifications = await Promise.all(privateKeys.map(async function(privateKey) {
-    if (privateKey.isPublic()) {
-      throw new Error('Need private key for signing');
-    }
-    if (privateKey.hasSameFingerprintAs(primaryKey)) {
-      throw new Error('Not implemented for self signing');
-    }
-    const signingKey = await privateKey.getSigningKey();
-    return createSignaturePacket(dataToSign, privateKey, signingKey.keyPacket, {
-      // Most OpenPGP implementations use generic certification (0x10)
-      signatureType: enums.signature.cert_generic,
-      keyFlags: [enums.keyFlags.certify_keys | enums.keyFlags.sign_data]
-    });
-  }));
-  await user.update(this, primaryKey);
-  return user;
-};
-
-/**
- * Checks if a given certificate of the user is revoked
- * @param  {module:packet.SecretKey|
- *          module:packet.PublicKey} primaryKey    The primary key packet
- * @param  {module:packet.Signature}  certificate   The certificate to verify
- * @param  {module:packet.PublicSubkey|
- *          module:packet.SecretSubkey|
- *          module:packet.PublicKey|
- *          module:packet.SecretKey} key, optional The key to verify the signature
- * @param  {Date}                     date          Use the given date instead of the current time
- * @returns {Promise<Boolean>}                      True if the certificate is revoked
- * @async
- */
-User.prototype.isRevoked = async function(primaryKey, certificate, key, date = new Date()) {
-  return isDataRevoked(
-    primaryKey, enums.signature.cert_revocation, {
-      key: primaryKey,
-      userId: this.userId,
-      userAttribute: this.userAttribute
-    }, this.revocationSignatures, certificate, key, date
-  );
-};
-
-
-/**
- * Verifies the user certificate. Throws if the user certificate is invalid.
- * @param  {module:packet.SecretKey|
- *          module:packet.PublicKey} primaryKey  The primary key packet
- * @param  {module:packet.Signature}  certificate A certificate of this user
- * @param  {Array<module:key.Key>}    keys        Array of keys to verify certificate signatures
- * @param  {Date}                     date        Use the given date instead of the current time
- * @returns {Promise<true>}                       status of the certificate
- * @async
- */
-User.prototype.verifyCertificate = async function(primaryKey, certificate, keys, date = new Date()) {
-  const that = this;
-  const keyid = certificate.issuerKeyId;
-  const dataToVerify = {
-    userId: this.userId,
-    userAttribute: this.userAttribute,
-    key: primaryKey
-  };
-  const results = await Promise.all(keys.map(async function(key) {
-    if (!key.getKeyIds().some(id => id.equals(keyid))) {
-      return null;
-    }
-    const signingKey = await key.getSigningKey(keyid, date);
-    if (certificate.revoked || await that.isRevoked(primaryKey, certificate, signingKey.keyPacket, date)) {
-      throw new Error('User certificate is revoked');
-    }
-    try {
-      certificate.verified || await certificate.verify(signingKey.keyPacket, enums.signature.cert_generic, dataToVerify);
-    } catch (e) {
-      throw util.wrapError('User certificate is invalid', e);
-    }
-    if (certificate.isExpired(date)) {
-      throw new Error('User certificate is expired');
-    }
-    return true;
-  }));
-  return results.find(result => result !== null) || null;
-};
-
-/**
- * Verifies all user certificates
- * @param  {module:packet.SecretKey|
- *          module:packet.PublicKey} primaryKey The primary key packet
- * @param  {Array<module:key.Key>}    keys       Array of keys to verify certificate signatures
- * @param  {Date}                     date        Use the given date instead of the current time
- * @returns {Promise<Array<{keyid: module:type/keyid,
- *                          valid: Boolean}>>}   List of signer's keyid and validity of signature
- * @async
- */
-User.prototype.verifyAllCertifications = async function(primaryKey, keys, date = new Date()) {
-  const that = this;
-  const certifications = this.selfCertifications.concat(this.otherCertifications);
-  return Promise.all(certifications.map(async function(certification) {
-    return {
-      keyid: certification.issuerKeyId,
-      valid: await that.verifyCertificate(primaryKey, certification, keys, date).catch(() => false)
-    };
-  }));
-};
-
-/**
- * Verify User. Checks for existence of self signatures, revocation signatures
- * and validity of self signature. Throws when there are no valid self signatures.
- * @param  {module:packet.SecretKey|
- *          module:packet.PublicKey} primaryKey The primary key packet
- * @param  {Date}                    date       Use the given date instead of the current time
- * @returns {Promise<true>}                     Status of user
- * @async
- */
-User.prototype.verify = async function(primaryKey, date = new Date()) {
-  if (!this.selfCertifications.length) {
-    throw new Error('No self-certifications');
-  }
-  const that = this;
-  const dataToVerify = {
-    userId: this.userId,
-    userAttribute: this.userAttribute,
-    key: primaryKey
-  };
-  // TODO replace when Promise.some or Promise.any are implemented
-  let exception;
-  for (let i = this.selfCertifications.length - 1; i >= 0; i--) {
-    try {
-      const selfCertification = this.selfCertifications[i];
-      if (selfCertification.revoked || await that.isRevoked(primaryKey, selfCertification, undefined, date)) {
-        throw new Error('Self-certification is revoked');
-      }
-      try {
-        selfCertification.verified || await selfCertification.verify(primaryKey, enums.signature.cert_generic, dataToVerify);
-      } catch (e) {
-        throw util.wrapError('Self-certification is invalid', e);
-      }
-      if (selfCertification.isExpired(date)) {
-        throw new Error('Self-certification is expired');
-      }
-      return true;
-    } catch (e) {
-      exception = e;
-    }
-  }
-  throw exception;
-};
-
-/**
- * Update user with new components from specified user
- * @param  {module:key.User}             user       Source user to merge
- * @param  {module:packet.SecretKey|
- *          module:packet.SecretSubkey} primaryKey primary key used for validation
- * @returns {Promise<undefined>}
- * @async
- */
-User.prototype.update = async function(user, primaryKey) {
-  const dataToVerify = {
-    userId: this.userId,
-    userAttribute: this.userAttribute,
-    key: primaryKey
-  };
-  // self signatures
-  await mergeSignatures(user, this, 'selfCertifications', async function(srcSelfSig) {
-    try {
-      return srcSelfSig.verified || srcSelfSig.verify(primaryKey, enums.signature.cert_generic, dataToVerify);
-    } catch (e) {
-      return false;
-    }
-  });
-  // other signatures
-  await mergeSignatures(user, this, 'otherCertifications');
-  // revocation signatures
-  await mergeSignatures(user, this, 'revocationSignatures', function(srcRevSig) {
-    return isDataRevoked(primaryKey, enums.signature.cert_revocation, dataToVerify, [srcRevSig]);
-  });
-};

package/src/keyring/index.js

@@ -1,12 +0,0 @@
-/**
- * @fileoverview Functions dealing with storage of the keyring.
- * @see module:keyring/keyring
- * @see module:keyring/localstore
- * @module keyring
- */
-import Keyring from './keyring.js';
-import localstore from './localstore.js';
-
-Keyring.localstore = localstore;
-
-export default Keyring;

package/src/keyring/keyring.js

@@ -1,229 +0,0 @@
-// GPG4Browsers - An OpenPGP implementation in javascript
-// Copyright (C) 2011 Recurity Labs GmbH
-//
-// This library is free software; you can redistribute it and/or
-// modify it under the terms of the GNU Lesser General Public
-// License as published by the Free Software Foundation; either
-// version 3.0 of the License, or (at your option) any later version.
-//
-// This library is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-// Lesser General Public License for more details.
-//
-// You should have received a copy of the GNU Lesser General Public
-// License along with this library; if not, write to the Free Software
-// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-
-/**
- * @fileoverview Provides the Keyring class
- * @requires key
- * @requires keyring/localstore
- * @module keyring/keyring
- */
-
-import { readArmored } from '../key';
-import LocalStore from './localstore';
-
-/**
- * Initialization routine for the keyring.
- * @constructor
- * @param {keyring/localstore} [storeHandler] class implementing loadPublic(), loadPrivate(), storePublic(), and storePrivate() methods
- */
-function Keyring(storeHandler) {
-  this.storeHandler = storeHandler || new LocalStore();
-}
-
-/**
- * Calls the storeHandler to load the keys
- * @async
- */
-Keyring.prototype.load = async function () {
-  this.publicKeys = new KeyArray(await this.storeHandler.loadPublic());
-  this.privateKeys = new KeyArray(await this.storeHandler.loadPrivate());
-};
-
-/**
- * Calls the storeHandler to save the keys
- * @async
- */
-Keyring.prototype.store = async function () {
-  await Promise.all([
-    this.storeHandler.storePublic(this.publicKeys.keys),
-    this.storeHandler.storePrivate(this.privateKeys.keys)
-  ]);
-};
-
-/**
- * Clear the keyring - erase all the keys
- */
-Keyring.prototype.clear = function() {
-  this.publicKeys.keys = [];
-  this.privateKeys.keys = [];
-};
-
-/**
- * Searches the keyring for keys having the specified key id
- * @param {String} keyId provided as string of lowercase hex number
- * withouth 0x prefix (can be 16-character key ID or fingerprint)
- * @param  {Boolean} deep if true search also in subkeys
- * @returns {Array<module:key.Key>|null} keys found or null
- */
-Keyring.prototype.getKeysForId = function (keyId, deep) {
-  let result = [];
-  result = result.concat(this.publicKeys.getForId(keyId, deep) || []);
-  result = result.concat(this.privateKeys.getForId(keyId, deep) || []);
-  return result.length ? result : null;
-};
-
-/**
- * Removes keys having the specified key id from the keyring
- * @param {String} keyId provided as string of lowercase hex number
- * withouth 0x prefix (can be 16-character key ID or fingerprint)
- * @returns {Array<module:key.Key>|null} keys found or null
- */
-Keyring.prototype.removeKeysForId = function (keyId) {
-  let result = [];
-  result = result.concat(this.publicKeys.removeForId(keyId) || []);
-  result = result.concat(this.privateKeys.removeForId(keyId) || []);
-  return result.length ? result : null;
-};
-
-/**
- * Get all public and private keys
- * @returns {Array<module:key.Key>} all keys
- */
-Keyring.prototype.getAllKeys = function () {
-  return this.publicKeys.keys.concat(this.privateKeys.keys);
-};
-
-/**
- * Array of keys
- * @param {Array<module:key.Key>} keys The keys to store in this array
- */
-function KeyArray(keys) {
-  this.keys = keys;
-}
-
-/**
- * Searches all keys in the KeyArray matching the address or address part of the user ids
- * @param {String} email email address to search for
- * @returns {Array<module:key.Key>} The public keys associated with provided email address.
- */
-KeyArray.prototype.getForAddress = function(email) {
-  const results = [];
-  for (let i = 0; i < this.keys.length; i++) {
-    if (emailCheck(email, this.keys[i])) {
-      results.push(this.keys[i]);
-    }
-  }
-  return results;
-};
-
-/**
- * Checks a key to see if it matches the specified email address
- * @private
- * @param {String} email email address to search for
- * @param {module:key.Key} key The key to be checked.
- * @returns {Boolean} True if the email address is defined in the specified key
- */
-function emailCheck(email, key) {
-  email = email.toLowerCase();
-  // escape email before using in regular expression
-  const emailEsc = email.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-  const emailRegex = new RegExp('<' + emailEsc + '>');
-  const userIds = key.getUserIds();
-  for (let i = 0; i < userIds.length; i++) {
-    const userId = userIds[i].toLowerCase();
-    if (email === userId || emailRegex.test(userId)) {
-      return true;
-    }
-  }
-  return false;
-}
-
-/**
- * Checks a key to see if it matches the specified keyid
- * @private
- * @param {String} keyId provided as string of lowercase hex number
- * withouth 0x prefix (can be 16-character key ID or fingerprint)
- * @param {module:key.Key|module:key.SubKey} key The key to be checked
- * @returns {Boolean} True if key has the specified keyid
- */
-function keyIdCheck(keyId, key) {
-  if (keyId.length === 16) {
-    return keyId === key.getKeyId().toHex();
-  }
-  return keyId === key.getFingerprint();
-}
-
-/**
- * Searches the KeyArray for a key having the specified key id
- * @param {String} keyId provided as string of lowercase hex number
- * withouth 0x prefix (can be 16-character key ID or fingerprint)
- * @param  {Boolean} deep if true search also in subkeys
- * @returns {module:key.Key|null} key found or null
- */
-KeyArray.prototype.getForId = function (keyId, deep) {
-  for (let i = 0; i < this.keys.length; i++) {
-    if (keyIdCheck(keyId, this.keys[i])) {
-      return this.keys[i];
-    }
-    if (deep && this.keys[i].subKeys.length) {
-      for (let j = 0; j < this.keys[i].subKeys.length; j++) {
-        if (keyIdCheck(keyId, this.keys[i].subKeys[j])) {
-          return this.keys[i];
-        }
-      }
-    }
-  }
-  return null;
-};
-
-/**
- * Imports a key from an ascii armored message
- * @param {String} armored message to read the keys/key from
- * @returns {Promise<Array<Error>|null>} array of error objects or null
- * @async
- */
-KeyArray.prototype.importKey = async function (armored) {
-  const imported = await readArmored(armored);
-  for (let i = 0; i < imported.keys.length; i++) {
-    const key = imported.keys[i];
-    // check if key already in key array
-    const keyidHex = key.getKeyId().toHex();
-    const keyFound = this.getForId(keyidHex);
-    if (keyFound) {
-      await keyFound.update(key);
-    } else {
-      this.push(key);
-    }
-  }
-  return imported.err ? imported.err : null;
-};
-
-/**
- * Add key to KeyArray
- * @param {module:key.Key} key The key that will be added to the keyring
- * @returns {Number} The new length of the KeyArray
- */
-KeyArray.prototype.push = function (key) {
-  return this.keys.push(key);
-};
-
-/**
- * Removes a key with the specified keyid from the keyring
- * @param {String} keyId provided as string of lowercase hex number
- * withouth 0x prefix (can be 16-character key ID or fingerprint)
- * @returns {module:key.Key|null} The key object which has been removed or null
- */
-KeyArray.prototype.removeForId = function (keyId) {
-  for (let i = 0; i < this.keys.length; i++) {
-    if (keyIdCheck(keyId, this.keys[i])) {
-      return this.keys.splice(i, 1)[0];
-    }
-  }
-  return null;
-};
-
-export default Keyring;