Encrypted private key is authenticated using an insecure two-byte hash #1631
Replies: 1 comment
-
We don't support this use-case, since it's a deprecated format. If you have access to the library used to encrypt the key, or another one that supports this format (you could try OpenPGP.js v3), then I suggest you re-export the key. I haven't tried, but I think OpenPGP.js v3 would re-encrypt the key in a format compatible with OpenPGP.js v4. If you use a different library, where a more recent encryption option is not available, then I'd suggest you export the unencrypted key and encrypt it as part of an OpenPGP message to be able to transfer between devices (if needed). After reading the armored key in OpenPGP.js, I suggest you call |
Beta Was this translation helpful? Give feedback.
-
NodeJS v12.X
OpenPGP v4.10.10
We are getting the error as 'Encrypted private key is authenticated using an insecure two-byte hash' while decryption of the message.
To solve this issue we tried updating the encryption algorithm of the key with below steps:
const openpgp = require('openpgp');
const privateKey = '...'; // your existing private key string
const privKeyObj = await openpgp.key.readArmored(privateKey);
const privateKeyPacket = privKeyObj.keys[0]
const newKeyOptions = {
userIds: [{ name: 'Your Name', email: 'youremail@example.com' }],
curve: 'ed25519', // or any other curve that you prefer
passphrase: 'your passphrase', // choose a strong passphrase
s2k: {
algo: 9, // AES256
hash: 10 // SHA512
}
};
const { privateKeyArmored, publicKeyArmored } = await openpgp.generateKey(newKeyOptions)
const newPrivKeyObj = await openpgp.key.readArmored(privateKeyArmored);
await privKeyObj.keys[0].update(newPrivKeyObj.keys[0]);
But on this we are getting error like fingerprint of old key and new key is not same.
Could you please suggest what can be done to resolve this issue?
It was working fine with Node v10.X and OpenPGP v4.6.2.
Beta Was this translation helpful? Give feedback.
All reactions