not encrypting with weak keys - using preference settings #3444
Comments
|
Hey @tomholub ✌️ I would be interested in this as I wrote a similar helper functions when it comes to dealing with keys, one of those is Something like the below and we check the RSA bits? (definitely rewritten in the context of /**
* checks whether the underlying algorithm is suitable for encryption
* regardless of the validity of the signature
* @param key
*/
export const canEncrypt = (key: OpenpgpKey) => {
const keyPacket = getKeyPacket(key);
if (! keyPacket) {
return false;
}
const r: any = enums.read;
if (! keyPacket.algorithm) {
return false;
}
return keyPacket.algorithm !== r(enums.publicKey, enums.publicKey.rsa_encrypt) &&
keyPacket.algorithm !== r(enums.publicKey, enums.publicKey.elgamal) &&
keyPacket.algorithm !== r(enums.publicKey, enums.publicKey.ecdh);
} |
|
Hello, thanks for reaching out! @rrrooommmaaa may be a better fit for answering. |
|
Whoops, sorry for that. I thought it's the openpgpjs/openpgpjs repository |
|
No wonder :) Feel free to create a sister issue there, and link this too. My usecase is that I don't want to use certain algorithms, like RSA less then 2048 bits, or SHA1, or 3DES, ever. We did make this work with v4 openpgpjs library but it feels like a workaround the way we did it, it would be nicer to have that option straight in the library 👍 for which your PR may have helped. |
|
Conversation for OpenPGP.js v5 work that may simplify this for us: |
|
Here relevant library PR openpgpjs/openpgpjs#1264 |
|
on our end we've already done this |
|
on our end we've already done this |
Once we move to OpenPGP.js v5, I wonder if this PR would address the need we had in #2715 ?
It would be cleaner that way: openpgpjs/openpgpjs#1238
I haven't investigated it in detail.
The text was updated successfully, but these errors were encountered: