• All signatures using MD5 or RIPEMD are now rejected by default (#1043)
  Set openpgp.config.reject_hash_algorithms.add(openpgp.enums.hash.sha1); to add SHA1 to this list, for extra security. This may break compatiblity with encrypting to old public keys, which may still use SHA1 for their self-signatures. We may add SHA1 to this list by default in the future.
• Message signatures using MD5, RIPEMD or SHA1 are now rejected by default
  Set openpgp.config.reject_message_hash_algorithms.delete(openpgp.enums.hash.sha1); to remove SHA1 from this list, in order to maintain increased compatibility with very old signatures.
• await signatures[*].verified after const { signatures } = await openpgp.decrypt/verify() now throws rather than returning false for all signature verification failures (it already threw for some errors)
• (When not streaming) signatures[*].valid is now false for all signature verification failures (it used to be null for some errors; now it's only null if the signing public key was unavailable or invalid)
• Key.prototype.validate now throws if the private key parameters don't match the public key parameters
• Key.prototype.verifyPrimaryKey now throws if the primary key is invalid
• Key.prototype.getPrimaryUser now throws if there is no valid primary user
• Key.prototype.getSigningKey and Key.prototype.getEncryptionKey now throw if there is no valid signing/encryption key
• Key.prototype.getRevocationCertificate now throws if there is no valid revocation certificate
• SubKey.prototype.verify now throws if the subkey is invalid
• User.prototype.verify now throws if there are no valid self certificates
• User.prototype.verifyCertificate now throws if the user certificate is invalid
• Optimize reading and writing armored messages (#1043)
• Fix error message for legacy encrypted private keys