New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
not encrypting with weak keys - using preference settings #3444
Comments
Hey @tomholub ✌️ I would be interested in this as I wrote a similar helper functions when it comes to dealing with keys, one of those is Something like the below and we check the RSA bits? (definitely rewritten in the context of /**
* checks whether the underlying algorithm is suitable for encryption
* regardless of the validity of the signature
* @param key
*/
export const canEncrypt = (key: OpenpgpKey) => {
const keyPacket = getKeyPacket(key);
if (! keyPacket) {
return false;
}
const r: any = enums.read;
if (! keyPacket.algorithm) {
return false;
}
return keyPacket.algorithm !== r(enums.publicKey, enums.publicKey.rsa_encrypt) &&
keyPacket.algorithm !== r(enums.publicKey, enums.publicKey.elgamal) &&
keyPacket.algorithm !== r(enums.publicKey, enums.publicKey.ecdh);
} |
Hello, thanks for reaching out! @rrrooommmaaa may be a better fit for answering. |
Whoops, sorry for that. I thought it's the openpgpjs/openpgpjs repository |
No wonder :) Feel free to create a sister issue there, and link this too. My usecase is that I don't want to use certain algorithms, like RSA less then 2048 bits, or SHA1, or 3DES, ever. We did make this work with v4 openpgpjs library but it feels like a workaround the way we did it, it would be nicer to have that option straight in the library 👍 for which your PR may have helped. |
Conversation for OpenPGP.js v5 work that may simplify this for us: |
Here relevant library PR openpgpjs/openpgpjs#1264 |
on our end we've already done this |
on our end we've already done this |
Once we move to OpenPGP.js v5, I wonder if this PR would address the need we had in #2715 ?
It would be cleaner that way: openpgpjs/openpgpjs#1238
I haven't investigated it in detail.
The text was updated successfully, but these errors were encountered: