Public-Key Cryptography:

• Public-key cryptography using elliptic curves P-256, P-384, P-521, SECP-256k1, Curve25519, and Ed25519 is now supported. The implementation uses Fedor Indutny’s Elliptic library and utilizes native Node.js and browser APIs when possible. We recommend using ed25519 for security and efficiency.
  To generate ECC keys, pass a curve parameter to the generateKey function; e.g. curve='ed25519'.

• In other public-key cryptography news: jsbn.js is dead, long live bn.js! All public-key algorithms and MPI handling functions have been refactored to use bn.js. In particular, new probabilistic random prime generation algorithms have been added to assist with RSA key generation. If you need RSA keys, for instance for compatibility purposes, we recommend at least a 2048-bit key size.

• Generating and receiving wild card key IDs in public-key encrypted session key packets is now supported. A wild card key ID indicates that the receiving implementation should try all available private keys, checking whether each can be used to decrypt any session key, with an associated performance cost. To generate key packets with wild card key IDs, the wildcard option can be set to true in the encrypt and encryptSessionKey functions.

• A new optional date input to the encrypt, decrypt, sign, and verify functions allows for performing operations in the context of that date. This can be helpful for hiding the true encryption/signature time of scheduled messages or for verifying signatures of old messages with currently expired public keys that may not have been expired at the time of receipt.

Breaking API Changes:

• The high-level decrypt function now accepts arrays of private keys, passwords, or session keys as input and attempts to decrypt session keys with all values. All possible decrypted session keys are then used to attempt to decrypt the message data. This is necessary because there is no way to a priori validate decrypted session keys from wild card key IDs or passwords if the algorithm enum happens to be valid, and this happens an appreciable fraction of the time (~1/20). The input variables privateKey, password, and sessionKey have been renamed to privateKeys, passwords, and sessionKeys respectively.

• The decryptSessionKey function has been renamed to decryptSessionKeys and similarly accepts arrays of private keys and passwords as input.

Compression:

• Bzip2 compression and decompression using the compressjs library is now supported.

• Zlib compression now uses pako’s zlib module or the native zlib module on Node.js when possible. This represents a significant performance increase in compression.

• Compression can now be enabled by either altering the compression value in the config file or passing in a compression option to the high-level encrypt function.

Randomness:

• Fixed an issue where the random number buffer would get depleted when running many concurrent processes with web workers

• It is now possible to specify the number of worker threads when initializing the web worker

Development:

• JavaScript style checking now uses ESLint. Run grunt eslint before submitting pull-requests.
  Also before submitting pull requests, run grunt browsertest and open localhost:3000/test/unittests.html to test web worker compatibility.

• The library has been refactored to use ES6 variable declaration syntax (const, let) and ES7 asynchronous code syntax (async, await). Babel ensures compatibility with older browsers.

Future Roadmap:

• Improve the performance of public-key operations via improving the bn.js library. See the benchmarks.

• Add support for streaming cryptography.

• Add support for Brainpool elliptic curves.

• Add support for the RFC4880 draft version 5, which include changes in the S2K function and specifications for supporting AEAD in V5 keys. This includes AES-EAX, an authenticated mode of operation for AES, as well as two new authenticated public key options: AEDH and AEDSA. See issue #627.