Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add config.rejectPublicKeyAlgorithms #1264

Merged
merged 13 commits into from Mar 25, 2021
Merged

Add config.rejectPublicKeyAlgorithms #1264

merged 13 commits into from Mar 25, 2021

Conversation

@larabr
Copy link
Contributor

@larabr larabr commented Mar 10, 2021

Changes:

  • add config.rejectPublicKeyAlgorithms to disallow using the given algos to verify, sign or encrypt new messages or third-party certifications
  • consider config.minRsaBits when signing, verifying and encrypting messages and third-party certifications, not just on key generation
  • when verifying a message, if the verification key is not found (i.e. not provided or too weak), the corresponding signature will have signature.valid=false (used to be signature.valid=null). signature.error will detail whether the key is missing/too weak/other.

Generating and verifying key certification signatures is still permitted in all cases.

@tomholub
Copy link
Contributor

@tomholub tomholub commented Mar 10, 2021

Excellent!

Loading

Copy link
Member

@twiss twiss left a comment

👍 Thanks, looks good! Small nitpicks below 😊

Loading

src/key/factory.js Outdated Show resolved Hide resolved
Loading
src/key/user.js Outdated Show resolved Hide resolved
Loading
src/message.js Outdated Show resolved Hide resolved
Loading
src/message.js Outdated Show resolved Hide resolved
Loading
src/key/helper.js Outdated Show resolved Hide resolved
Loading
src/key/key.js Outdated Show resolved Hide resolved
Loading
src/key/key.js Outdated Show resolved Hide resolved
Loading
@larabr larabr force-pushed the algo-blacklist branch 3 times, most recently from 292d04f to 2f04938 Mar 15, 2021
src/key/factory.js Outdated Show resolved Hide resolved
Loading
src/key/helper.js Show resolved Hide resolved
Loading
src/key/helper.js Outdated Show resolved Hide resolved
Loading
src/key/key.js Outdated Show resolved Hide resolved
Loading
src/key/key.js Outdated Show resolved Hide resolved
Loading
@larabr larabr force-pushed the algo-blacklist branch from 62c074e to 1ce7292 Mar 18, 2021
@larabr larabr mentioned this pull request Mar 19, 2021
1 task
src/key/helper.js Outdated Show resolved Hide resolved
Loading
@twiss twiss merged commit 8a57246 into openpgpjs:master Mar 25, 2021
6 checks passed
Loading
@larabr larabr deleted the algo-blacklist branch Jun 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants