What's Changed
The following only lists the changes from the previous v6 prerelease.
For more context about the crypto-refresh changes introduced by OpenPGP.js v6, refer to the changelog of the initial prerelease.
Breaking changes:
-
Fix wrong serialization of PKESK v6 for x25519/x448 (#1734): invalid encrypted messages are generated by the alpha releases of OpenPGP.js v6 when using encryption keys of algorithms
enums.publicKey.x25519/x448with SEIPDv2 feature flag.
Such encryption keys could be generated by OpenPGP.js v6 (but not by older versions) viagenerateKeyby:- enabling
config.aeadProtect(off by default) and - requesting
type: 'curve448'|'curve25519'(which is the default only ifconfig.v6Keys: true).
The affected messages will fail to parse and decrypt in OpenPGP.js v6.0.0-beta.0+ as well as in other OpenPGP libraries.
- enabling
-
Drop
config.revocationsExpire, always honour revocation expiration (#1736): the option used to default to false, and ignore revocation expirations. We now honour those expirations, namely match the behaviour resulting from setting the option to true. -
Add back armor checksum for non-v6 artifacts (#1741): the change is needed to work around a GnuPG decoding bug affecting some messages without the checksum. It causes a breaking change, limited to
openpgp.armor, which takes an additionalemitChecksumargument (defaults to false).
Main non-breaking changes:
-
Randomise v4 and v5 signatures via custom notation (#1737): while this notation solution is interoperable, it will reveal that the signature has been generated using OpenPGP.js, which may not be desirable in some cases. For this reason, the option
config.nonDeterministicSignaturesViaNotation(defaulting to true) has been added to turn off the feature. -
Fix email address validity check to still allow unicode values, and further relax constraints (#1739): this follows up to a change made in v6.0.0-alpha.1; previous versions already accepted unicode values.
Full Changelog: v6.0.0-alpha.1...v6.0.0-beta.0