New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto-refresh
: add support for new Ed25519/X25519 keys, signatures and messages
#1620
Conversation
ed0b0e4
to
c7003f9
Compare
dd814b5
to
785b47b
Compare
This addition is backwards compatible. We offer no way to generate v4 keys in the new format.
await Promise.all(encryptionKeys.map(key => key.getEncryptionKey() | ||
.catch(() => null) // ignore key strength requirements | ||
.then(maybeKey => { | ||
if (maybeKey && (maybeKey.keyPacket.algorithm === enums.publicKey.x25519) && !util.isAES(algo)) { | ||
throw new Error('Could not generate a session key compatible with the given `encryptionKeys`: X22519 keys can only be used to encrypt AES session keys; change `config.preferredSymmetricAlgorithm` accordingly.'); | ||
} | ||
}) | ||
)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would be safer to just use AES128 in this scenario. After all, we're always allowed to use that, and the config is called preferredSymmetricAlgorithm
, it's not a guarantee it will be used (and in this case we can just say that the key doesn't support it - although tbh it would be a bit strange if the key's algorithm preferences claim otherwise).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is an edge case which requires passing config.preferredSymmetricAlgorithm
with a non-AES algo as well as (all) encryptionKeys with that algo appearing in the prefs.
So I think a specific error can make sense in this case, also considering that AES-128 is not the best fallback for x488, so users might want to go with AES-256 at that point? 🤞
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, fair enough 👍
7dc1b9e
to
460a491
Compare
// OpenPGP.js - An OpenPGP implementation in javascript | ||
// Copyright (C) 2018 Proton Technologies AG | ||
// | ||
// This library is free software; you can redistribute it and/or | ||
// modify it under the terms of the GNU Lesser General Public | ||
// License as published by the Free Software Foundation; either | ||
// version 3.0 of the License, or (at your option) any later version. | ||
// | ||
// This library is distributed in the hope that it will be useful, | ||
// but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
// Lesser General Public License for more details. | ||
// | ||
// You should have received a copy of the GNU Lesser General Public | ||
// License along with this library; if not, write to the Free Software | ||
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// OpenPGP.js - An OpenPGP implementation in javascript | |
// Copyright (C) 2018 Proton Technologies AG | |
// | |
// This library is free software; you can redistribute it and/or | |
// modify it under the terms of the GNU Lesser General Public | |
// License as published by the Free Software Foundation; either | |
// version 3.0 of the License, or (at your option) any later version. | |
// | |
// This library is distributed in the hope that it will be useful, | |
// but WITHOUT ANY WARRANTY; without even the implied warranty of | |
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
// Lesser General Public License for more details. | |
// | |
// You should have received a copy of the GNU Lesser General Public | |
// License along with this library; if not, write to the Free Software | |
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was already there, I just renamed the file. Maybe we should review these copyright notes in a separate PR?
|
||
const webCrypto = util.getWebCrypto(); | ||
const nodeCrypto = util.getNodeCrypto(); | ||
const nodeSubtleCrypto = nodeCrypto && nodeCrypto.webcrypto && nodeCrypto.webcrypto.subtle; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(For now this is fine but maybe long-term we can just make getWebCrypto
return Node's Web Crypto too? And then the code can decide by the ordering which they prefer between Node Crypto and Node Web Crypto.)
As specified in openpgp-crypto-refresh-09. Instead of encoding the symmetric key algorithm in the PKESK ciphertext (requiring padding), the symmetric key algorithm is left unencrypted. Co-authored-by: Lukas Burkhalter <lukas.burkhalter@proton.ch>
Fail on PKESK parsing as well as session key generation and encryption
Following the addition of the new format for Montgomery curves, which do not rely on OIDs.
SubtleCrypto not available in the latter due to stricter secure context checks
This addition is backwards compatible. We offer no way to generate v4 keys in the new format, since existing implementations might not support them.
TODO
merge after introducing support for intended recipient (no longer needed after spec's kdf change)change base branch (to be merged into v6)we merge to v5 as there are no breaking changes