github openpgpjs/openpgpjs v5.1.0

latest releases: v6.0.0-beta.1, v6.0.0-beta.0, v5.11.1...
2 years ago
  • Add support for constant-time decryption of PKCS#1 v1.5-encoded session keys (#1445)

    Implement optional constant-time decryption flow to hinder Bleichenbacher-like attacks against RSA- and ElGamal public-key encrypted session keys.

    Changes:

    • Add config.constantTimePKCS1Decryption to enable the constant-time processing (defaults to false). The constant-time option is off by default since it has measurable performance impact on message decryption, and it is only helpful in specific application scenarios (more info below).
    • Add config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms (defaults to the AES algorithms). The set of supported ciphers is restricted by default since the number of algorithms negatively affects performance.

    Bleichenbacher-like attacks are of concern for applications where both of the following conditions are met:

    1. New/incoming messages are automatically decrypted (without user interaction);
    2. An attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).
  • Check key requirements in PrivateKey.addSubkey() (#1423)

    Breaking change: when generating new subkeys through key.addSubkey(), we now check config.rejectCurves and prevent adding subkeys using the corresponding curves. By default, config.rejectCurves includes the brainpool curves (brainpoolP256r1, brainpoolP384r1, brainpoolP512r1) and the Bitcoin curve (secp256k1).

    This is a follow up to #1395, which introduced the same check to openpgp.generateKey.

  • Initial Deno support (#1448)

  • Replace strings with integer algorithm identifiers in packet classes (#1410)

    In several packet classes, we used to store string identifiers for public-key, aead, cipher or hash algorithms. To make the code consistent and to avoid having to convert to/from string values, we now always store integer values instead, e.g. enums.symmetric.aes128 is used instead of 'aes128'.

    This is not expected to be a breaking change for most library users. Note that the type of Key.getAlgorithmInfo() and of the session key objects returned and accepted by top-level functions remain unchanged.

    Affected classes (type changes for some properties and method's arguments):

    • PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket
    • SymEncryptedIntegrityProtectedDataPacket, AEADEncryptedDataPacket, SymmetricallyEncryptedDataPacket
    • LiteralDataPacket, CompressedDataPacket
    • PublicKeyEncryptedSessionKey, SymEncryptedSessionKeyPacket
    • SignaturePacket

    Other potentially breaking changes:

    • Removed property AEADEncryptedDataPacket.aeadAlgo, since it was redudant given .aeadAlgorithm.
    • Renamed AEADEncryptedDataPacket.cipherAlgo -> .cipherAlgorithm
  • CI: create annotations on performance regression warnings/errors (#1441)

  • CI: use Node v16 instead of v15

  • Update documentation link (#1455)

  • Rename master branch to main

Don't miss a new openpgpjs release

NewReleases is sending notifications on new releases.