You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The library is now declared as a module, and declares exports, alongside the legacy package.json entrypoints, which should ensure backwards compatibility. Still, bundlers might be affected by the package.json changes depending on how they load the library.
Remove embedded Web Streams ponyfill, since it's now supported in all browsers (applications can load a polyfill themselves instead, if they need to support older browser versions: see README).
The crypto refresh has updated parts of the draft RFC4880bis as implemented by OpenPGP.js v4 and v5. Related changes in v6 are:
Drop config.v5Keys flag and corresponding key generation. The flag is replaced by .v6Keys, and results in a different key format.
Argon2 relies on a WASM module, thus web apps might need to make changes to their CSP policy in order to use the feature. Alternatively, since the Argon2 WASM module is only loaded if needed, apps can manually reject password-encrypted messages and private keys which use Argon2 by checking e.g. SymEncryptedSessionKeyPacket.s2k?.type === 'argon2' or SecretKeyPacket|SecretSubkeyPacket.keyPacket.s2k?.type === 'argon2'.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
What's Changed
OpenPGP.js v6 includes only minor API changes while adding full support for the OpenPGP crypto refresh.
Main non-breaking changes:
openpgp.config.v6Keys
)openpgp.config.aeadProtect
)crypto-refresh
: add support for Argon2 S2K #1597) (since WASM is used, it might require specific configurations in web apps, see note under "Breaking changes" below)crypto-refresh
: support generating Curve448 and Curve25519 keys (new format) #1676)crypto-refresh
: support generating Curve448 and Curve25519 keys (new format) #1676, following up tocrypto-refresh
: add support for new Ed25519/X25519 keys, signatures and messages #1620)Breaking changes:
module
, and declaresexports
, alongside the legacy package.json entrypoints, which should ensure backwards compatibility. Still, bundlers might be affected by the package.json changes depending on how they load the library.config.v5Keys
flag and corresponding key generation. The flag is replaced by.v6Keys
, and results in a different key format..v5Keys
flag and encrypted withconfig.aeadProtect = true
cannot be decrypted by OpenPGP.js v6 out-of-the-box. Support for decrypting these keys will be added in the next v6 prerelease (see [v6] Addconfig.parseAEADEncryptedV4KeysAsLegacy
to support AEAD-encrypted v4 keys from OpenPGP.js v5 or older #1672).config.aeadProtect
flag has a different effect than in v5:config.aeadProtect
when encrypting to public keys #1678).SymEncryptedSessionKeyPacket.s2k?.type === 'argon2'
orSecretKeyPacket|SecretSubkeyPacket.keyPacket.s2k?.type === 'argon2'
.config.allowMissingKeyFlags
to bypass the check if needed (see [v6] Refuse to use keys without key flags, addconfig.allowMissingKeyFlags
#1677)config.minBytesForWebCrypto
, and always use WebCrypto if available, since there is no longer a performance overhead for small messages.enums.publicKey.eddsa
in favour ofenums.publicKey.eddsaLegacy
enums.curve.ed25519Legacy
to'ed25519Legacy'
(was:'ed25519'
)enums.curve.curve25519Legacy
to'curve25519Legacy'
(was:'curve25519'
)config.useIndutnyElliptic
to.useEllipticFallback
, to reflect the change of underlying library.enums.symmetric.plaintext
(internally unused)Full Changelog: v5.11.0...v6.0.0-alpha.0
This discussion was created from the release v6.0.0-alpha.0.
Beta Was this translation helpful? Give feedback.
All reactions