npm - @protontech/openpgp - Versions diffs - 5.4.0 → 5.5.0 - Mend

@protontech/openpgp 5.4.0 → 5.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

package/dist/lightweight/bn.interface.min.mjs +1 -1
package/dist/lightweight/bn.interface.mjs +1 -1
package/dist/lightweight/bn.min.mjs +1 -1
package/dist/lightweight/bn.mjs +1 -1
package/dist/lightweight/elliptic.min.mjs +1 -1
package/dist/lightweight/elliptic.mjs +1 -1
package/dist/lightweight/openpgp.min.mjs +2 -2
package/dist/lightweight/openpgp.min.mjs.map +1 -1
package/dist/lightweight/openpgp.mjs +33 -26
package/dist/lightweight/ponyfill.es6.min.mjs +1 -1
package/dist/lightweight/ponyfill.es6.mjs +1 -1
package/dist/lightweight/web-streams-adapter.min.mjs +1 -1
package/dist/lightweight/web-streams-adapter.mjs +1 -1
package/dist/node/openpgp.js +33 -26
package/dist/node/openpgp.min.js +2 -2
package/dist/node/openpgp.min.js.map +1 -1
package/dist/node/openpgp.min.mjs +2 -2
package/dist/node/openpgp.min.mjs.map +1 -1
package/dist/node/openpgp.mjs +33 -26
package/dist/openpgp.js +33 -26
package/dist/openpgp.min.js +2 -2
package/dist/openpgp.min.js.map +1 -1
package/dist/openpgp.min.mjs +2 -2
package/dist/openpgp.min.mjs.map +1 -1
package/dist/openpgp.mjs +33 -26
package/package.json +1 -1

package/dist/openpgp.mjs CHANGED Viewed

@@ -1,4 +1,4 @@
-/*! OpenPGP.js v5.4.0 - 2022-08-08 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
+/*! OpenPGP.js v5.5.0 - 2022-10-31 - this is LGPL licensed code, see LICENSE/our website https://openpgpjs.org/ for more information. */
 const globalThis = typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {};
 const doneWritingPromise = Symbol('doneWritingPromise');
@@ -1770,7 +1770,7 @@ const util = {
    */
   printDebug: function (str) {
     if (debugMode) {
-      console.log(str);
+      console.log('[OpenPGP.js debug]', str);
     }
   },
@@ -1781,7 +1781,7 @@ const util = {
    */
   printDebugError: function (error) {
     if (debugMode) {
-      console.error(error);
+      console.error('[OpenPGP.js debug]', error);
     }
   },
@@ -2884,7 +2884,7 @@ var defaultConfig = {
    * @memberof module:config
    * @property {String} versionString A version string to be included in armored messages
    */
-  versionString: 'OpenPGP.js 5.4.0',
+  versionString: 'OpenPGP.js 5.5.0',
   /**
    * @memberof module:config
    * @property {String} commentString A comment string to be included in armored messages
@@ -3101,15 +3101,17 @@ function createcrc24(input) {
 }
 /**
- * Verify armored headers. RFC4880, section 6.3: "OpenPGP should consider improperly formatted
- * Armor Headers to be corruption of the ASCII Armor."
+ * Verify armored headers. crypto-refresh-06, section 6.2:
+ * "An OpenPGP implementation may consider improperly formatted Armor
+ * Headers to be corruption of the ASCII Armor, but SHOULD make an
+ * effort to recover."
  * @private
  * @param {Array<String>} headers - Armor headers
  */
 function verifyHeaders(headers) {
   for (let i = 0; i < headers.length; i++) {
     if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) {
-      throw new Error('Improperly formatted armor header: ' + headers[i]);
+      util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));
     }
     if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {
       util.printDebugError(new Error('Unknown header: ' + headers[i]));
@@ -3303,7 +3305,7 @@ function armor(messageType, body, partIndex, partTotal, customComment, config =
       result.push('-----END PGP MESSAGE, PART ' + partIndex + '-----\n');
       break;
     case enums.armor.signed:
-      result.push('\n-----BEGIN PGP SIGNED MESSAGE-----\n');
+      result.push('-----BEGIN PGP SIGNED MESSAGE-----\n');
       result.push('Hash: ' + hash + '\n\n');
       result.push(text.replace(/^-/mg, '- -'));
       result.push('\n-----BEGIN PGP SIGNATURE-----\n');
@@ -23254,6 +23256,11 @@ class SignaturePacket {
     // Add hashed subpackets
     arr.push(this.writeHashedSubPackets());
+    // Remove unhashed subpackets, in case some allowed unhashed
+    // subpackets existed, in order not to duplicate them (in both
+    // the hashed and unhashed subpackets) when re-signing.
+    this.unhashedSubpackets = [];
     this.signatureData = util.concat(arr);
     const toHash = this.toHash(this.signatureType, data, detached);
@@ -23316,6 +23323,11 @@ class SignaturePacket {
       bytes = util.concat([bytes, this.revocationKeyFingerprint]);
       arr.push(writeSubPacket(sub.revocationKey, bytes));
     }
+    if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {
+      // If the version of [the] key is greater than 4, this subpacket
+      // MUST NOT be included in the signature.
+      arr.push(writeSubPacket(sub.issuer, this.issuerKeyID.write()));
+    }
     this.rawNotations.forEach(([{ name, value, humanReadable }]) => {
       bytes = [new Uint8Array([humanReadable ? 0x80 : 0, 0, 0, 0])];
       // 2 octets of name length
@@ -23369,6 +23381,14 @@ class SignaturePacket {
       bytes = util.concat(bytes);
       arr.push(writeSubPacket(sub.signatureTarget, bytes));
     }
+    if (this.embeddedSignature !== null) {
+      arr.push(writeSubPacket(sub.embeddedSignature, this.embeddedSignature.write()));
+    }
+    if (this.issuerFingerprint !== null) {
+      bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];
+      bytes = util.concat(bytes);
+      arr.push(writeSubPacket(sub.issuerFingerprint, bytes));
+    }
     if (this.preferredAEADAlgorithms !== null) {
       bytes = util.stringToUint8Array(util.uint8ArrayToString(this.preferredAEADAlgorithms));
       arr.push(writeSubPacket(sub.preferredAEADAlgorithms, bytes));
@@ -23381,26 +23401,11 @@ class SignaturePacket {
   }
   /**
-   * Creates Uint8Array of bytes of Issuer and Embedded Signature subpackets
+   * Creates an Uint8Array containing the unhashed subpackets
    * @returns {Uint8Array} Subpacket data.
    */
   writeUnhashedSubPackets() {
-    const sub = enums.signatureSubpacket;
     const arr = [];
-    let bytes;
-    if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) {
-      // If the version of [the] key is greater than 4, this subpacket
-      // MUST NOT be included in the signature.
-      arr.push(writeSubPacket(sub.issuer, this.issuerKeyID.write()));
-    }
-    if (this.embeddedSignature !== null) {
-      arr.push(writeSubPacket(sub.embeddedSignature, this.embeddedSignature.write()));
-    }
-    if (this.issuerFingerprint !== null) {
-      bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint];
-      bytes = util.concat(bytes);
-      arr.push(writeSubPacket(sub.issuerFingerprint, bytes));
-    }
     this.unhashedSubpackets.forEach(data => {
       arr.push(writeSimpleLength(data.length));
       arr.push(data);
@@ -23420,9 +23425,11 @@ class SignaturePacket {
     const critical = bytes[mypos] & 0x80;
     const type = bytes[mypos] & 0x7F;
-    if (!hashed && !allowedUnhashedSubpackets.has(type)) {
+    if (!hashed) {
       this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length));
-      return;
+      if (!allowedUnhashedSubpackets.has(type)) {
+        return;
+      }
     }
     mypos++;

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@protontech/openpgp",
   "description": "OpenPGP.js is a Javascript implementation of the OpenPGP protocol. This is defined in RFC 4880.",
-  "version": "5.4.0",
+  "version": "5.5.0",
   "license": "LGPL-3.0+",
   "homepage": "https://openpgpjs.org/",
   "engines": {