- All signatures using MD5 or RIPEMD are now rejected by default (#1043)
Setopenpgp.config.reject_hash_algorithms.add(openpgp.enums.hash.sha1);
to add SHA1 to this list, for extra security. This may break compatiblity with encrypting to old public keys, which may still use SHA1 for their self-signatures. We may add SHA1 to this list by default in the future. - Message signatures using MD5, RIPEMD or SHA1 are now rejected by default
Setopenpgp.config.reject_message_hash_algorithms.delete(openpgp.enums.hash.sha1);
to remove SHA1 from this list, in order to maintain increased compatibility with very old signatures. await signatures[*].verified
afterconst { signatures } = await openpgp.decrypt/verify()
now throws rather than returningfalse
for all signature verification failures (it already threw for some errors)- (When not streaming)
signatures[*].valid
is nowfalse
for all signature verification failures (it used to benull
for some errors; now it's onlynull
if the signing public key was unavailable or invalid) Key.prototype.validate
now throws if the private key parameters don't match the public key parametersKey.prototype.verifyPrimaryKey
now throws if the primary key is invalidKey.prototype.getPrimaryUser
now throws if there is no valid primary userKey.prototype.getSigningKey
andKey.prototype.getEncryptionKey
now throw if there is no valid signing/encryption keyKey.prototype.getRevocationCertificate
now throws if there is no valid revocation certificateSubKey.prototype.verify
now throws if the subkey is invalidUser.prototype.verify
now throws if there are no valid self certificatesUser.prototype.verifyCertificate
now throws if the user certificate is invalid- Optimize reading and writing armored messages (#1043)
- Fix error message for legacy encrypted private keys