@protontech/openpgp 4.10.6 → 5.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +311 -239
- package/dist/lightweight/bn.interface.min.mjs +3 -0
- package/dist/lightweight/bn.interface.min.mjs.map +1 -0
- package/dist/lightweight/bn.interface.mjs +340 -0
- package/dist/lightweight/bn.min.mjs +3 -0
- package/dist/lightweight/bn.min.mjs.map +1 -0
- package/dist/lightweight/bn.mjs +3434 -0
- package/dist/lightweight/elliptic.min.mjs +3 -0
- package/dist/lightweight/elliptic.min.mjs.map +1 -0
- package/dist/lightweight/elliptic.mjs +4313 -0
- package/dist/lightweight/openpgp.min.mjs +3 -0
- package/dist/lightweight/openpgp.min.mjs.map +1 -0
- package/dist/lightweight/openpgp.mjs +31379 -0
- package/dist/lightweight/ponyfill.es6.min.mjs +3 -0
- package/dist/lightweight/ponyfill.es6.min.mjs.map +1 -0
- package/dist/lightweight/ponyfill.es6.mjs +3831 -0
- package/dist/lightweight/web-streams-adapter.min.mjs +17 -0
- package/dist/lightweight/web-streams-adapter.min.mjs.map +1 -0
- package/dist/lightweight/web-streams-adapter.mjs +561 -0
- package/dist/node/openpgp.js +43947 -0
- package/dist/node/openpgp.min.js +17 -0
- package/dist/node/openpgp.min.js.map +1 -0
- package/dist/node/openpgp.min.mjs +17 -0
- package/dist/node/openpgp.min.mjs.map +1 -0
- package/dist/node/openpgp.mjs +43884 -0
- package/dist/openpgp.js +41082 -41563
- package/dist/openpgp.min.js +17 -2
- package/dist/openpgp.min.js.map +1 -0
- package/dist/openpgp.min.mjs +17 -0
- package/dist/openpgp.min.mjs.map +1 -0
- package/dist/openpgp.mjs +43872 -0
- package/lightweight/package.json +5 -0
- package/openpgp.d.ts +890 -0
- package/package.json +63 -57
- package/dist/compat/openpgp.js +0 -61067
- package/dist/compat/openpgp.min.js +0 -2
- package/dist/compat/openpgp.worker.js +0 -173
- package/dist/compat/openpgp.worker.min.js +0 -2
- package/dist/lightweight/elliptic.min.js +0 -5
- package/dist/lightweight/openpgp.js +0 -40024
- package/dist/lightweight/openpgp.min.js +0 -2
- package/dist/lightweight/openpgp.worker.js +0 -173
- package/dist/lightweight/openpgp.worker.min.js +0 -2
- package/dist/openpgp.worker.js +0 -173
- package/dist/openpgp.worker.min.js +0 -2
- package/src/cleartext.js +0 -220
- package/src/config/config.js +0 -224
- package/src/config/index.js +0 -7
- package/src/config/localStorage.js +0 -35
- package/src/crypto/aes_kw.js +0 -153
- package/src/crypto/cfb.js +0 -169
- package/src/crypto/cipher/aes.js +0 -27
- package/src/crypto/cipher/blowfish.js +0 -398
- package/src/crypto/cipher/cast5.js +0 -610
- package/src/crypto/cipher/des.js +0 -476
- package/src/crypto/cipher/index.js +0 -91
- package/src/crypto/cipher/twofish.js +0 -346
- package/src/crypto/cmac.js +0 -98
- package/src/crypto/crypto.js +0 -394
- package/src/crypto/eax.js +0 -172
- package/src/crypto/gcm.js +0 -141
- package/src/crypto/hash/index.js +0 -163
- package/src/crypto/hash/md5.js +0 -205
- package/src/crypto/index.js +0 -57
- package/src/crypto/ocb.js +0 -274
- package/src/crypto/pkcs1.js +0 -170
- package/src/crypto/pkcs5.js +0 -55
- package/src/crypto/public_key/dsa.js +0 -188
- package/src/crypto/public_key/elgamal.js +0 -137
- package/src/crypto/public_key/elliptic/curves.js +0 -385
- package/src/crypto/public_key/elliptic/ecdh.js +0 -414
- package/src/crypto/public_key/elliptic/ecdsa.js +0 -348
- package/src/crypto/public_key/elliptic/eddsa.js +0 -119
- package/src/crypto/public_key/elliptic/index.js +0 -34
- package/src/crypto/public_key/elliptic/indutnyKey.js +0 -85
- package/src/crypto/public_key/index.js +0 -28
- package/src/crypto/public_key/prime.js +0 -275
- package/src/crypto/public_key/rsa.js +0 -597
- package/src/crypto/random.js +0 -145
- package/src/crypto/signature.js +0 -137
- package/src/encoding/armor.js +0 -433
- package/src/encoding/base64.js +0 -96
- package/src/enums.js +0 -493
- package/src/hkp.js +0 -89
- package/src/index.js +0 -161
- package/src/key/factory.js +0 -326
- package/src/key/helper.js +0 -363
- package/src/key/index.js +0 -32
- package/src/key/key.js +0 -890
- package/src/key/subkey.js +0 -187
- package/src/key/user.js +0 -230
- package/src/keyring/index.js +0 -12
- package/src/keyring/keyring.js +0 -229
- package/src/keyring/localstore.js +0 -119
- package/src/lightweight_helper.js +0 -26
- package/src/message.js +0 -825
- package/src/openpgp.js +0 -717
- package/src/packet/all_packets.js +0 -116
- package/src/packet/clone.js +0 -189
- package/src/packet/compressed.js +0 -194
- package/src/packet/index.js +0 -20
- package/src/packet/literal.js +0 -168
- package/src/packet/marker.js +0 -62
- package/src/packet/one_pass_signature.js +0 -156
- package/src/packet/packet.js +0 -300
- package/src/packet/packetlist.js +0 -232
- package/src/packet/public_key.js +0 -280
- package/src/packet/public_key_encrypted_session_key.js +0 -156
- package/src/packet/public_subkey.js +0 -44
- package/src/packet/secret_key.js +0 -448
- package/src/packet/secret_subkey.js +0 -41
- package/src/packet/signature.js +0 -782
- package/src/packet/sym_encrypted_aead_protected.js +0 -189
- package/src/packet/sym_encrypted_integrity_protected.js +0 -139
- package/src/packet/sym_encrypted_session_key.js +0 -204
- package/src/packet/symmetrically_encrypted.js +0 -118
- package/src/packet/trust.js +0 -35
- package/src/packet/user_attribute.js +0 -94
- package/src/packet/userid.js +0 -87
- package/src/polyfills.js +0 -64
- package/src/signature.js +0 -73
- package/src/type/ecdh_symkey.js +0 -69
- package/src/type/kdf_params.js +0 -114
- package/src/type/keyid.js +0 -110
- package/src/type/mpi.js +0 -138
- package/src/type/oid.js +0 -110
- package/src/type/s2k.js +0 -203
- package/src/util.js +0 -836
- package/src/wkd.js +0 -88
- package/src/worker/async_proxy.js +0 -190
- package/src/worker/worker.js +0 -167
- package/test/crypto/aes_kw.js +0 -57
- package/test/crypto/cipher/aes.js +0 -86
- package/test/crypto/cipher/blowfish.js +0 -58
- package/test/crypto/cipher/cast5.js +0 -25
- package/test/crypto/cipher/des.js +0 -143
- package/test/crypto/cipher/index.js +0 -7
- package/test/crypto/cipher/twofish.js +0 -71
- package/test/crypto/crypto.js +0 -383
- package/test/crypto/eax.js +0 -150
- package/test/crypto/ecdh.js +0 -359
- package/test/crypto/elliptic.js +0 -251
- package/test/crypto/elliptic_data.js +0 -102
- package/test/crypto/hash/index.js +0 -5
- package/test/crypto/hash/md5.js +0 -16
- package/test/crypto/hash/ripemd.js +0 -14
- package/test/crypto/hash/sha.js +0 -20
- package/test/crypto/index.js +0 -14
- package/test/crypto/ocb.js +0 -183
- package/test/crypto/pkcs5.js +0 -39
- package/test/crypto/random.js +0 -79
- package/test/crypto/rsa.js +0 -180
- package/test/crypto/validate.js +0 -387
- package/test/general/armor.js +0 -408
- package/test/general/brainpool.js +0 -360
- package/test/general/decompression.js +0 -60
- package/test/general/ecc_nist.js +0 -115
- package/test/general/ecc_secp256k1.js +0 -242
- package/test/general/forwarding.js +0 -43
- package/test/general/hkp.js +0 -165
- package/test/general/index.js +0 -20
- package/test/general/key.js +0 -3402
- package/test/general/keyring.js +0 -336
- package/test/general/oid.js +0 -39
- package/test/general/openpgp.js +0 -2542
- package/test/general/packet.js +0 -937
- package/test/general/signature.js +0 -1665
- package/test/general/streaming.js +0 -944
- package/test/general/testInputs.js +0 -18
- package/test/general/util.js +0 -183
- package/test/general/wkd.js +0 -48
- package/test/general/x25519.js +0 -556
- package/test/unittests.js +0 -64
package/src/key/helper.js
DELETED
|
@@ -1,363 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* @fileoverview Provides helpers methods for key module
|
|
3
|
-
* @requires packet
|
|
4
|
-
* @requires enums
|
|
5
|
-
* @requires config
|
|
6
|
-
* @requires crypto
|
|
7
|
-
* @module key/helper
|
|
8
|
-
*/
|
|
9
|
-
|
|
10
|
-
import packet from '../packet';
|
|
11
|
-
import enums from '../enums';
|
|
12
|
-
import config from '../config';
|
|
13
|
-
import crypto from '../crypto';
|
|
14
|
-
import util from '../util';
|
|
15
|
-
|
|
16
|
-
export async function generateSecretSubkey(options) {
|
|
17
|
-
const secretSubkeyPacket = new packet.SecretSubkey(options.date);
|
|
18
|
-
secretSubkeyPacket.packets = null;
|
|
19
|
-
secretSubkeyPacket.algorithm = enums.read(enums.publicKey, options.algorithm);
|
|
20
|
-
await secretSubkeyPacket.generate(options.rsaBits, options.curve);
|
|
21
|
-
return secretSubkeyPacket;
|
|
22
|
-
}
|
|
23
|
-
|
|
24
|
-
export async function generateSecretKey(options) {
|
|
25
|
-
const secretKeyPacket = new packet.SecretKey(options.date);
|
|
26
|
-
secretKeyPacket.packets = null;
|
|
27
|
-
secretKeyPacket.algorithm = enums.read(enums.publicKey, options.algorithm);
|
|
28
|
-
await secretKeyPacket.generate(options.rsaBits, options.curve);
|
|
29
|
-
return secretKeyPacket;
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
/**
|
|
33
|
-
* Returns the valid and non-expired signature that has the latest creation date, while ignoring signatures created in the future.
|
|
34
|
-
* @param {Array<module:packet.Signature>} signatures List of signatures
|
|
35
|
-
* @param {Date} date Use the given date instead of the current time
|
|
36
|
-
* @returns {Promise<module:packet.Signature>} The latest valid signature
|
|
37
|
-
* @async
|
|
38
|
-
*/
|
|
39
|
-
export async function getLatestValidSignature(signatures, primaryKey, signatureType, dataToVerify, date = new Date()) {
|
|
40
|
-
let signature;
|
|
41
|
-
let exception;
|
|
42
|
-
for (let i = signatures.length - 1; i >= 0; i--) {
|
|
43
|
-
try {
|
|
44
|
-
if (
|
|
45
|
-
(!signature || signatures[i].created >= signature.created) &&
|
|
46
|
-
// check binding signature is not expired (ie, check for V4 expiration time)
|
|
47
|
-
!signatures[i].isExpired(date) &&
|
|
48
|
-
// check binding signature is verified
|
|
49
|
-
(signatures[i].verified || await signatures[i].verify(primaryKey, signatureType, dataToVerify))
|
|
50
|
-
) {
|
|
51
|
-
signature = signatures[i];
|
|
52
|
-
}
|
|
53
|
-
} catch (e) {
|
|
54
|
-
exception = e;
|
|
55
|
-
}
|
|
56
|
-
}
|
|
57
|
-
if (!signature) {
|
|
58
|
-
throw util.wrapError(
|
|
59
|
-
`Could not find valid ${enums.read(enums.signature, signatureType)} signature in key ${primaryKey.getKeyId().toHex()}`
|
|
60
|
-
.replace('cert_generic ', 'self-')
|
|
61
|
-
.replace('_', ' ')
|
|
62
|
-
, exception);
|
|
63
|
-
}
|
|
64
|
-
return signature;
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
export function isDataExpired(keyPacket, signature, date = new Date()) {
|
|
68
|
-
const normDate = util.normalizeDate(date);
|
|
69
|
-
if (normDate !== null) {
|
|
70
|
-
const expirationTime = getExpirationTime(keyPacket, signature);
|
|
71
|
-
return !(keyPacket.created <= normDate && normDate <= expirationTime) ||
|
|
72
|
-
(signature && signature.isExpired(date));
|
|
73
|
-
}
|
|
74
|
-
return false;
|
|
75
|
-
}
|
|
76
|
-
|
|
77
|
-
/**
|
|
78
|
-
* Create Binding signature to the key according to the {@link https://tools.ietf.org/html/rfc4880#section-5.2.1}
|
|
79
|
-
* @param {module:packet.SecretSubkey} subkey Subkey key packet
|
|
80
|
-
* @param {module:packet.SecretKey} primaryKey Primary key packet
|
|
81
|
-
* @param {Object} options
|
|
82
|
-
*/
|
|
83
|
-
export async function createBindingSignature(subkey, primaryKey, options) {
|
|
84
|
-
const dataToSign = {};
|
|
85
|
-
dataToSign.key = primaryKey;
|
|
86
|
-
dataToSign.bind = subkey;
|
|
87
|
-
const subkeySignaturePacket = new packet.Signature(options.date);
|
|
88
|
-
subkeySignaturePacket.signatureType = enums.signature.subkey_binding;
|
|
89
|
-
subkeySignaturePacket.publicKeyAlgorithm = primaryKey.algorithm;
|
|
90
|
-
subkeySignaturePacket.hashAlgorithm = await getPreferredHashAlgo(null, subkey);
|
|
91
|
-
if (options.sign) {
|
|
92
|
-
subkeySignaturePacket.keyFlags = [enums.keyFlags.sign_data];
|
|
93
|
-
subkeySignaturePacket.embeddedSignature = await createSignaturePacket(dataToSign, null, subkey, {
|
|
94
|
-
signatureType: enums.signature.key_binding
|
|
95
|
-
}, options.date);
|
|
96
|
-
} else {
|
|
97
|
-
subkeySignaturePacket.keyFlags = [enums.keyFlags.encrypt_communication | enums.keyFlags.encrypt_storage];
|
|
98
|
-
}
|
|
99
|
-
if (options.keyExpirationTime > 0) {
|
|
100
|
-
subkeySignaturePacket.keyExpirationTime = options.keyExpirationTime;
|
|
101
|
-
subkeySignaturePacket.keyNeverExpires = false;
|
|
102
|
-
}
|
|
103
|
-
await subkeySignaturePacket.sign(primaryKey, dataToSign);
|
|
104
|
-
return subkeySignaturePacket;
|
|
105
|
-
}
|
|
106
|
-
|
|
107
|
-
/**
|
|
108
|
-
* Returns the preferred signature hash algorithm of a key
|
|
109
|
-
* @param {module:key.Key} key (optional) the key to get preferences from
|
|
110
|
-
* @param {module:packet.SecretKey|module:packet.SecretSubkey} keyPacket key packet used for signing
|
|
111
|
-
* @param {Date} date (optional) use the given date for verification instead of the current time
|
|
112
|
-
* @param {Object} userId (optional) user ID
|
|
113
|
-
* @returns {Promise<String>}
|
|
114
|
-
* @async
|
|
115
|
-
*/
|
|
116
|
-
export async function getPreferredHashAlgo(key, keyPacket, date = new Date(), userId = {}) {
|
|
117
|
-
let hash_algo = config.prefer_hash_algorithm;
|
|
118
|
-
let pref_algo = hash_algo;
|
|
119
|
-
if (key) {
|
|
120
|
-
const primaryUser = await key.getPrimaryUser(date, userId);
|
|
121
|
-
if (primaryUser.selfCertification.preferredHashAlgorithms) {
|
|
122
|
-
[pref_algo] = primaryUser.selfCertification.preferredHashAlgorithms;
|
|
123
|
-
hash_algo = crypto.hash.getHashByteLength(hash_algo) <= crypto.hash.getHashByteLength(pref_algo) ?
|
|
124
|
-
pref_algo : hash_algo;
|
|
125
|
-
}
|
|
126
|
-
}
|
|
127
|
-
switch (Object.getPrototypeOf(keyPacket)) {
|
|
128
|
-
case packet.SecretKey.prototype:
|
|
129
|
-
case packet.PublicKey.prototype:
|
|
130
|
-
case packet.SecretSubkey.prototype:
|
|
131
|
-
case packet.PublicSubkey.prototype:
|
|
132
|
-
switch (keyPacket.algorithm) {
|
|
133
|
-
case 'ecdh':
|
|
134
|
-
case 'ecdsa':
|
|
135
|
-
case 'eddsa':
|
|
136
|
-
pref_algo = crypto.publicKey.elliptic.getPreferredHashAlgo(keyPacket.params[0]);
|
|
137
|
-
}
|
|
138
|
-
}
|
|
139
|
-
return crypto.hash.getHashByteLength(hash_algo) <= crypto.hash.getHashByteLength(pref_algo) ?
|
|
140
|
-
pref_algo : hash_algo;
|
|
141
|
-
}
|
|
142
|
-
|
|
143
|
-
/**
|
|
144
|
-
* Returns the preferred symmetric/aead algorithm for a set of keys
|
|
145
|
-
* @param {symmetric|aead} type Type of preference to return
|
|
146
|
-
* @param {Array<module:key.Key>} keys Set of keys
|
|
147
|
-
* @param {Date} date (optional) use the given date for verification instead of the current time
|
|
148
|
-
* @param {Array} userIds (optional) user IDs
|
|
149
|
-
* @returns {Promise<module:enums.symmetric>} Preferred symmetric algorithm
|
|
150
|
-
* @async
|
|
151
|
-
*/
|
|
152
|
-
export async function getPreferredAlgo(type, keys, date = new Date(), userIds = []) {
|
|
153
|
-
const prefProperty = type === 'symmetric' ? 'preferredSymmetricAlgorithms' : 'preferredAeadAlgorithms';
|
|
154
|
-
const defaultAlgo = type === 'symmetric' ? enums.symmetric.aes128 : enums.aead.eax;
|
|
155
|
-
const prioMap = {};
|
|
156
|
-
await Promise.all(keys.map(async function(key, i) {
|
|
157
|
-
const primaryUser = await key.getPrimaryUser(date, userIds[i]);
|
|
158
|
-
if (!primaryUser.selfCertification[prefProperty]) {
|
|
159
|
-
return defaultAlgo;
|
|
160
|
-
}
|
|
161
|
-
primaryUser.selfCertification[prefProperty].forEach(function(algo, index) {
|
|
162
|
-
const entry = prioMap[algo] || (prioMap[algo] = { prio: 0, count: 0, algo: algo });
|
|
163
|
-
entry.prio += 64 >> index;
|
|
164
|
-
entry.count++;
|
|
165
|
-
});
|
|
166
|
-
}));
|
|
167
|
-
let prefAlgo = { prio: 0, algo: defaultAlgo };
|
|
168
|
-
Object.values(prioMap).forEach(({ prio, count, algo }) => {
|
|
169
|
-
try {
|
|
170
|
-
if (algo !== enums[type].plaintext &&
|
|
171
|
-
algo !== enums[type].idea && // not implemented
|
|
172
|
-
enums.read(enums[type], algo) && // known algorithm
|
|
173
|
-
count === keys.length && // available for all keys
|
|
174
|
-
prio > prefAlgo.prio) {
|
|
175
|
-
prefAlgo = prioMap[algo];
|
|
176
|
-
}
|
|
177
|
-
} catch (e) {}
|
|
178
|
-
});
|
|
179
|
-
return prefAlgo.algo;
|
|
180
|
-
}
|
|
181
|
-
|
|
182
|
-
/**
|
|
183
|
-
* Create signature packet
|
|
184
|
-
* @param {Object} dataToSign Contains packets to be signed
|
|
185
|
-
* @param {module:packet.SecretKey|
|
|
186
|
-
* module:packet.SecretSubkey} signingKeyPacket secret key packet for signing
|
|
187
|
-
* @param {Object} signatureProperties (optional) properties to write on the signature packet before signing
|
|
188
|
-
* @param {Date} date (optional) override the creationtime of the signature
|
|
189
|
-
* @param {Object} userId (optional) user ID
|
|
190
|
-
* @param {Object} detached (optional) whether to create a detached signature packet
|
|
191
|
-
* @param {Boolean} streaming (optional) whether to process data as a stream
|
|
192
|
-
* @returns {module:packet/signature} signature packet
|
|
193
|
-
*/
|
|
194
|
-
export async function createSignaturePacket(dataToSign, privateKey, signingKeyPacket, signatureProperties, date, userId, detached = false, streaming = false) {
|
|
195
|
-
if (!signingKeyPacket.isDecrypted()) {
|
|
196
|
-
throw new Error('Private key is not decrypted.');
|
|
197
|
-
}
|
|
198
|
-
const signaturePacket = new packet.Signature(date);
|
|
199
|
-
Object.assign(signaturePacket, signatureProperties);
|
|
200
|
-
signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;
|
|
201
|
-
signaturePacket.hashAlgorithm = await getPreferredHashAlgo(privateKey, signingKeyPacket, date, userId);
|
|
202
|
-
await signaturePacket.sign(signingKeyPacket, dataToSign, detached, streaming);
|
|
203
|
-
return signaturePacket;
|
|
204
|
-
}
|
|
205
|
-
|
|
206
|
-
/**
|
|
207
|
-
* Merges signatures from source[attr] to dest[attr]
|
|
208
|
-
* @private
|
|
209
|
-
* @param {Object} source
|
|
210
|
-
* @param {Object} dest
|
|
211
|
-
* @param {String} attr
|
|
212
|
-
* @param {Function} checkFn optional, signature only merged if true
|
|
213
|
-
*/
|
|
214
|
-
export async function mergeSignatures(source, dest, attr, checkFn) {
|
|
215
|
-
source = source[attr];
|
|
216
|
-
if (source) {
|
|
217
|
-
if (!dest[attr].length) {
|
|
218
|
-
dest[attr] = source;
|
|
219
|
-
} else {
|
|
220
|
-
await Promise.all(source.map(async function(sourceSig) {
|
|
221
|
-
if (!sourceSig.isExpired() && (!checkFn || await checkFn(sourceSig)) &&
|
|
222
|
-
!dest[attr].some(function(destSig) {
|
|
223
|
-
return util.equalsUint8Array(destSig.signature, sourceSig.signature);
|
|
224
|
-
})) {
|
|
225
|
-
dest[attr].push(sourceSig);
|
|
226
|
-
}
|
|
227
|
-
}));
|
|
228
|
-
}
|
|
229
|
-
}
|
|
230
|
-
}
|
|
231
|
-
|
|
232
|
-
/**
|
|
233
|
-
* Checks if a given certificate or binding signature is revoked
|
|
234
|
-
* @param {module:packet.SecretKey|
|
|
235
|
-
* module:packet.PublicKey} primaryKey The primary key packet
|
|
236
|
-
* @param {Object} dataToVerify The data to check
|
|
237
|
-
* @param {Array<module:packet.Signature>} revocations The revocation signatures to check
|
|
238
|
-
* @param {module:packet.Signature} signature The certificate or signature to check
|
|
239
|
-
* @param {module:packet.PublicSubkey|
|
|
240
|
-
* module:packet.SecretSubkey|
|
|
241
|
-
* module:packet.PublicKey|
|
|
242
|
-
* module:packet.SecretKey} key, optional The key packet to check the signature
|
|
243
|
-
* @param {Date} date Use the given date instead of the current time
|
|
244
|
-
* @returns {Promise<Boolean>} True if the signature revokes the data
|
|
245
|
-
* @async
|
|
246
|
-
*/
|
|
247
|
-
export async function isDataRevoked(primaryKey, signatureType, dataToVerify, revocations, signature, key, date = new Date()) {
|
|
248
|
-
key = key || primaryKey;
|
|
249
|
-
const normDate = util.normalizeDate(date);
|
|
250
|
-
const revocationKeyIds = [];
|
|
251
|
-
await Promise.all(revocations.map(async function(revocationSignature) {
|
|
252
|
-
try {
|
|
253
|
-
if (
|
|
254
|
-
// Note: a third-party revocation signature could legitimately revoke a
|
|
255
|
-
// self-signature if the signature has an authorized revocation key.
|
|
256
|
-
// However, we don't support passing authorized revocation keys, nor
|
|
257
|
-
// verifying such revocation signatures. Instead, we indicate an error
|
|
258
|
-
// when parsing a key with an authorized revocation key, and ignore
|
|
259
|
-
// third-party revocation signatures here. (It could also be revoking a
|
|
260
|
-
// third-party key certification, which should only affect
|
|
261
|
-
// `verifyAllCertifications`.)
|
|
262
|
-
(!signature || revocationSignature.issuerKeyId.equals(signature.issuerKeyId)) &&
|
|
263
|
-
!(config.revocations_expire && revocationSignature.isExpired(normDate)) &&
|
|
264
|
-
(revocationSignature.verified || await revocationSignature.verify(key, signatureType, dataToVerify))
|
|
265
|
-
) {
|
|
266
|
-
// TODO get an identifier of the revoked object instead
|
|
267
|
-
revocationKeyIds.push(revocationSignature.issuerKeyId);
|
|
268
|
-
}
|
|
269
|
-
} catch (e) {}
|
|
270
|
-
}));
|
|
271
|
-
// TODO further verify that this is the signature that should be revoked
|
|
272
|
-
if (signature) {
|
|
273
|
-
signature.revoked = revocationKeyIds.some(keyId => keyId.equals(signature.issuerKeyId)) ? true :
|
|
274
|
-
signature.revoked || false;
|
|
275
|
-
return signature.revoked;
|
|
276
|
-
}
|
|
277
|
-
return revocationKeyIds.length > 0;
|
|
278
|
-
}
|
|
279
|
-
|
|
280
|
-
export function getExpirationTime(keyPacket, signature) {
|
|
281
|
-
let expirationTime;
|
|
282
|
-
// check V4 expiration time
|
|
283
|
-
if (signature.keyNeverExpires === false) {
|
|
284
|
-
expirationTime = keyPacket.created.getTime() + signature.keyExpirationTime * 1000;
|
|
285
|
-
}
|
|
286
|
-
return expirationTime ? new Date(expirationTime) : Infinity;
|
|
287
|
-
}
|
|
288
|
-
|
|
289
|
-
/**
|
|
290
|
-
* Returns whether aead is supported by all keys in the set
|
|
291
|
-
* @param {Array<module:key.Key>} keys Set of keys
|
|
292
|
-
* @param {Date} date (optional) use the given date for verification instead of the current time
|
|
293
|
-
* @param {Array} userIds (optional) user IDs
|
|
294
|
-
* @returns {Promise<Boolean>}
|
|
295
|
-
* @async
|
|
296
|
-
*/
|
|
297
|
-
export async function isAeadSupported(keys, date = new Date(), userIds = []) {
|
|
298
|
-
let supported = true;
|
|
299
|
-
// TODO replace when Promise.some or Promise.any are implemented
|
|
300
|
-
await Promise.all(keys.map(async function(key, i) {
|
|
301
|
-
const primaryUser = await key.getPrimaryUser(date, userIds[i]);
|
|
302
|
-
if (!primaryUser.selfCertification.features ||
|
|
303
|
-
!(primaryUser.selfCertification.features[0] & enums.features.aead)) {
|
|
304
|
-
supported = false;
|
|
305
|
-
}
|
|
306
|
-
}));
|
|
307
|
-
return supported;
|
|
308
|
-
}
|
|
309
|
-
|
|
310
|
-
export function sanitizeKeyOptions(options, subkeyDefaults = {}) {
|
|
311
|
-
options.curve = options.curve || subkeyDefaults.curve;
|
|
312
|
-
options.rsaBits = options.rsaBits || subkeyDefaults.rsaBits;
|
|
313
|
-
options.keyExpirationTime = options.keyExpirationTime !== undefined ? options.keyExpirationTime : subkeyDefaults.keyExpirationTime;
|
|
314
|
-
options.passphrase = util.isString(options.passphrase) ? options.passphrase : subkeyDefaults.passphrase;
|
|
315
|
-
options.date = options.date || subkeyDefaults.date;
|
|
316
|
-
|
|
317
|
-
options.sign = options.sign || false;
|
|
318
|
-
|
|
319
|
-
if (options.curve) {
|
|
320
|
-
try {
|
|
321
|
-
options.curve = enums.write(enums.curve, options.curve);
|
|
322
|
-
} catch (e) {
|
|
323
|
-
throw new Error('Not valid curve.');
|
|
324
|
-
}
|
|
325
|
-
if (options.curve === enums.curve.ed25519 || options.curve === enums.curve.curve25519) {
|
|
326
|
-
options.curve = options.sign ? enums.curve.ed25519 : enums.curve.curve25519;
|
|
327
|
-
}
|
|
328
|
-
if (options.sign) {
|
|
329
|
-
options.algorithm = options.curve === enums.curve.ed25519 ? enums.publicKey.eddsa : enums.publicKey.ecdsa;
|
|
330
|
-
} else {
|
|
331
|
-
options.algorithm = enums.publicKey.ecdh;
|
|
332
|
-
}
|
|
333
|
-
} else if (options.rsaBits) {
|
|
334
|
-
options.algorithm = enums.publicKey.rsa_encrypt_sign;
|
|
335
|
-
} else {
|
|
336
|
-
throw new Error('Unrecognized key type');
|
|
337
|
-
}
|
|
338
|
-
return options;
|
|
339
|
-
}
|
|
340
|
-
|
|
341
|
-
export function isValidSigningKeyPacket(keyPacket, signature) {
|
|
342
|
-
if (!signature.verified || signature.revoked !== false) { // Sanity check
|
|
343
|
-
throw new Error('Signature not verified');
|
|
344
|
-
}
|
|
345
|
-
return keyPacket.algorithm !== enums.read(enums.publicKey, enums.publicKey.rsa_encrypt) &&
|
|
346
|
-
keyPacket.algorithm !== enums.read(enums.publicKey, enums.publicKey.elgamal) &&
|
|
347
|
-
keyPacket.algorithm !== enums.read(enums.publicKey, enums.publicKey.ecdh) &&
|
|
348
|
-
(!signature.keyFlags ||
|
|
349
|
-
(signature.keyFlags[0] & enums.keyFlags.sign_data) !== 0);
|
|
350
|
-
}
|
|
351
|
-
|
|
352
|
-
export function isValidEncryptionKeyPacket(keyPacket, signature) {
|
|
353
|
-
if (!signature.verified || signature.revoked !== false) { // Sanity check
|
|
354
|
-
throw new Error('Signature not verified');
|
|
355
|
-
}
|
|
356
|
-
return keyPacket.algorithm !== enums.read(enums.publicKey, enums.publicKey.dsa) &&
|
|
357
|
-
keyPacket.algorithm !== enums.read(enums.publicKey, enums.publicKey.rsa_sign) &&
|
|
358
|
-
keyPacket.algorithm !== enums.read(enums.publicKey, enums.publicKey.ecdsa) &&
|
|
359
|
-
keyPacket.algorithm !== enums.read(enums.publicKey, enums.publicKey.eddsa) &&
|
|
360
|
-
(!signature.keyFlags ||
|
|
361
|
-
(signature.keyFlags[0] & enums.keyFlags.encrypt_communication) !== 0 ||
|
|
362
|
-
(signature.keyFlags[0] & enums.keyFlags.encrypt_storage) !== 0);
|
|
363
|
-
}
|
package/src/key/index.js
DELETED
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* @fileoverview helper, factory methods, constructors dealing with openPGP key object
|
|
3
|
-
* @module key
|
|
4
|
-
*/
|
|
5
|
-
|
|
6
|
-
import {
|
|
7
|
-
readArmored,
|
|
8
|
-
generate,
|
|
9
|
-
read,
|
|
10
|
-
reformat
|
|
11
|
-
} from './factory';
|
|
12
|
-
|
|
13
|
-
import {
|
|
14
|
-
getPreferredAlgo,
|
|
15
|
-
isAeadSupported,
|
|
16
|
-
getPreferredHashAlgo,
|
|
17
|
-
createSignaturePacket
|
|
18
|
-
} from './helper';
|
|
19
|
-
|
|
20
|
-
import Key from './key.js';
|
|
21
|
-
|
|
22
|
-
export {
|
|
23
|
-
readArmored,
|
|
24
|
-
generate,
|
|
25
|
-
read,
|
|
26
|
-
reformat,
|
|
27
|
-
getPreferredAlgo,
|
|
28
|
-
isAeadSupported,
|
|
29
|
-
getPreferredHashAlgo,
|
|
30
|
-
createSignaturePacket,
|
|
31
|
-
Key
|
|
32
|
-
};
|