Skip to content

Commit

Permalink
Do not automatically generate SEIPDv2 messages when encrypting to pub…
Browse files Browse the repository at this point in the history 
…lic keys (default to `config.ignoreSEIPDv2FeatureFlag: true`)

We want to avoid generating SEIPDv2 messages until support is rolled out to other platforms,
in case e.g. some users have already imported v4 keys with SEIPDv2 feature flags.

This change affects `encryptMessage` and `generateSessionKeys` when `encryptionKeys` are given
(rather than `passwords`).
  • Loading branch information
@larabr
larabr committed May 28, 2024
1 parent bffb3ff commit 3ed72ad
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 2 deletions.
4 changes: 4 additions & 0 deletions lib/openpgp.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,10 @@ export const setConfig = () => {
config.rejectPublicKeyAlgorithms = new Set();
config.rejectCurves = new Set();
config.minRSABits = 1023;

// we want to avoid generating SEIPDv2 messages until support is rolled out to other platforms,
// in case e.g. some users have already imported v4 keys with SEIPDv2 feature flags.
config.ignoreSEIPDv2FeatureFlag = true;
};

export * from 'openpgp/lightweight';
19 changes: 19 additions & 0 deletions test/message/encryptMessage.data.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,22 @@ PPekG4ttm6z3/BqqVplanIRSXlsqyp6J8A==
=Pyb1
-----END PGP PRIVATE KEY BLOCK-----
`;

export const v4PrivateKeySEIPDv2 = `-----BEGIN PGP PRIVATE KEY BLOCK-----
xVgEZiKDOhYJKwYBBAHaRw8BAQdA7385RPR9IUnltQaU69+dBvhcBpEmUcq6
1NuzvTUa+jAAAQCAvEGrOzTT+V3zXCc4kX0DDb4GLAmStSwxC5Qsj53TlQ2J
zRU8djQuc2VpcGR2MkB0ZXN0LmNvbT7CwCEEEBYKAJMFgmYigzoDCwkHCZAa
sntz03f7H0UUAAAAAAAcACBzYWx0QG5vdGF0aW9ucy5vcGVucGdwanMub3Jn
L3qVuwZ47dt0laNb59H4cNNKQSYpLcdKjuisodtSH2MFFQgKDA4EFgACAQIZ
AQKbAwIeCRYhBL07eB3EoXYt6W648Rqye3PTd/sfDScJAwcDCQEHAQkCBwIA
AHOJAQC4KUcadSVnITnWWTFo0zZQQhSzaJUNPgDZx01AAw9i6AD/RoghlvJ7
8z3hNsyCNb+NCEPkmPcyowyeUO94Cwj79APHXQRmIoM6EgorBgEEAZdVAQUB
AQdAkuVHAppv0L83T/1hCx5RI3FS9sKkdSH+9TAunZiTOzEDAQgHAAD/dgQ8
lWjXzQTPsEJyI6V0ZjVzO+2Qj63TSIeYkVQc6mAQUMK+BBgWCgBwBYJmIoM6
CZAasntz03f7H0UUAAAAAAAcACBzYWx0QG5vdGF0aW9ucy5vcGVucGdwanMu
b3JntJzrDSb7c/1bOSWUmILw9r+sieq0bBwyN0CIiouR9MACmwwWIQS9O3gd
xKF2LeluuPEasntz03f7HwAAGYUA/27EABU50mfEuEyINNiR0D+OPpi2mWui
IWNiCe1I3qcjAQCVH60EOD00m4w7INdBGisK2inIUoNnZOGL9sGvKuKmBQ==
=dVyZ
-----END PGP PRIVATE KEY BLOCK-----`;
19 changes: 17 additions & 2 deletions test/message/encryptMessage.spec.ts
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
import { expect } from 'chai';
import { readToEnd, toStream, WebStream } from '@openpgp/web-stream-tools';
import { config as globalConfig, CompressedDataPacket, enums, SymEncryptedSessionKeyPacket, PartialConfig } from '../../lib/openpgp';
import { config as globalConfig, CompressedDataPacket, enums, SymEncryptedSessionKeyPacket, PartialConfig, SymEncryptedIntegrityProtectedDataPacket } from '../../lib/openpgp';

import { decryptKey, readPrivateKey, verifyMessage, encryptMessage, decryptMessage, generateSessionKey, readSignature, readMessage, encryptSessionKey, decryptSessionKey } from '../../lib';
import { hexStringToArray, arrayToBinaryString, stringToUtf8Array } from '../../lib/utils';
import { testPrivateKeyLegacy } from './encryptMessage.data';
import { testPrivateKeyLegacy, v4PrivateKeySEIPDv2 } from './encryptMessage.data';
import { VERIFICATION_STATUS } from '../../lib/constants';

const generateStreamOfData = (): { stream: WebStream<string>, data: string } => ({
Expand Down Expand Up @@ -61,6 +61,21 @@ describe('message encryption and decryption', () => {
expect(verified).to.equal(VERIFICATION_STATUS.SIGNED_AND_VALID);
});

it('it does not encrypt with SEIPDv2 by default', async () => {
const privateKey = await readPrivateKey({ armoredKey: v4PrivateKeySEIPDv2 });

const { message: encryptedWithSEIPDv1 } = await encryptMessage({
binaryData: stringToUtf8Array('Hello world!'),
encryptionKeys: privateKey.toPublic(),
format: 'object'
});
expect(encryptedWithSEIPDv1.packets).to.have.length(2);
const seipdV1 = encryptedWithSEIPDv1.packets[1] as SymEncryptedIntegrityProtectedDataPacket;
expect(seipdV1).to.be.instanceOf(SymEncryptedIntegrityProtectedDataPacket);
// @ts-ignore missing `version` field declaration
expect(seipdV1.version).to.equal(1);
});

it('can encrypt with argon2 s2k', async () => {
const config: PartialConfig = { s2kType: enums.s2k.argon2 };
const passwords = 'password';
Expand Down

0 comments on commit 3ed72ad

Please sign in to comment.