You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following only lists the changes from the previous v6 prerelease.
For more context about the crypto-refresh changes introduced by OpenPGP.js v6, refer to the changelog of the initial prerelease.
Breaking changes:
Fix wrong serialization of PKESK v6 for x25519/x448 ([v6] Fix wrong serialization of PKESK v6 for x25519/x448 #1734): invalid encrypted messages are generated by the alpha releases of OpenPGP.js v6 when using encryption keys of algorithms enums.publicKey.x25519/x448 with SEIPDv2 feature flag.
Such encryption keys could be generated by OpenPGP.js v6 (but not by older versions) via generateKey by:
enabling config.aeadProtect (off by default) and
requesting type: 'curve448'|'curve25519' (which is the default only if config.v6Keys: true).
The affected messages will fail to parse and decrypt in OpenPGP.js v6.0.0-beta.0+ as well as in other OpenPGP libraries.
Add back armor checksum for non-v6 artifacts ([v6] Add back armor checksum for non-v6 artifacts #1741): the change is needed to work around a GnuPG decoding bug affecting some messages without the checksum. It causes a breaking change, limited to openpgp.armor, which takes an additional emitChecksum argument (defaults to false).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
What's Changed
The following only lists the changes from the previous v6 prerelease.
For more context about the crypto-refresh changes introduced by OpenPGP.js v6, refer to the changelog of the initial prerelease.
Breaking changes:
Fix wrong serialization of PKESK v6 for x25519/x448 ([v6] Fix wrong serialization of PKESK v6 for x25519/x448 #1734): invalid encrypted messages are generated by the alpha releases of OpenPGP.js v6 when using encryption keys of algorithms
enums.publicKey.x25519/x448
with SEIPDv2 feature flag.Such encryption keys could be generated by OpenPGP.js v6 (but not by older versions) via
generateKey
by:config.aeadProtect
(off by default) andtype: 'curve448'|'curve25519'
(which is the default only ifconfig.v6Keys: true
).The affected messages will fail to parse and decrypt in OpenPGP.js v6.0.0-beta.0+ as well as in other OpenPGP libraries.
Drop
config.revocationsExpire
, always honour revocation expiration ([v6] Dropconfig.revocationsExpire
, always honour revocation expiration instead #1736): the option used to default to false, and ignore revocation expirations. We now honour those expirations, namely match the behaviour resulting from setting the option to true.Add back armor checksum for non-v6 artifacts ([v6] Add back armor checksum for non-v6 artifacts #1741): the change is needed to work around a GnuPG decoding bug affecting some messages without the checksum. It causes a breaking change, limited to
openpgp.armor
, which takes an additionalemitChecksum
argument (defaults to false).Main non-breaking changes:
Randomise v4 and v5 signatures via custom notation ([v6] Randomise v4 and v5 signatures via custom notation, add
config.nonDeterministicSignaturesViaNotation
to disable feature #1737): while this notation solution is interoperable, it will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases. For this reason, the optionconfig.nonDeterministicSignaturesViaNotation
(defaulting to true) has been added to turn off the feature.Fix email address validity check to still allow unicode values, and further relax constraints ([v6] Fix email address validity check to still allow unicode values, and further relax constraints #1739): this follows up to a change made in v6.0.0-alpha.1; previous versions already accepted unicode values.
Full Changelog: v6.0.0-alpha.1...v6.0.0-beta.0
This discussion was created from the release v6.0.0-beta.0.
Beta Was this translation helpful? Give feedback.
All reactions