Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto-refresh: add support for Argon2 S2K #1597

Merged
merged 8 commits into from
Apr 4, 2023
Merged

Conversation

larabr
Copy link
Collaborator

@larabr larabr commented Feb 14, 2023

Added support for encrypting and decrypting messages or keys that use Argon2 as S2K (#1442).
This feature is backwards compatible, no breaking changes.

Newly introduced config fields (relevant for encryption only):

  • config.s2kType (defaulting to enums.s2k.iterated): s2k to use on password-based encryption as well as private key encryption;
  • config.s2kArgon2Params (defaulting to "uniformly safe settings" from Argon RFC): parameters to use on encryption when config.s2kType is set to enums.s2k.argon2;

More technical details:
Argon2 hashes are computed in Wasm, using a module that is only loaded if needed. The Wasm module is automatically reloaded -- to force memory deallocation -- if more than 1GB of memory is used.

Also fixes #1565 .

src/type/s2k/generic.js Outdated Show resolved Hide resolved
src/type/s2k/index.js Outdated Show resolved Hide resolved
src/type/s2k/index.js Outdated Show resolved Hide resolved
src/type/s2k/index.js Outdated Show resolved Hide resolved
src/type/s2k/argon2.js Show resolved Hide resolved
src/type/s2k/argon2.js Outdated Show resolved Hide resolved
@twiss
Copy link
Member

twiss commented Feb 14, 2023

Also, just to keep track, this will cause conflicts with #1567, we'll need to rebase one or the other, whichever is merged last.

@larabr larabr requested a review from twiss February 16, 2023 11:53
@larabr larabr changed the base branch from main to v6 April 3, 2023 15:46
@larabr larabr changed the base branch from v6 to main April 3, 2023 15:53
@larabr larabr changed the base branch from main to v6 April 3, 2023 15:53
@larabr larabr merged commit dd55ec5 into openpgpjs:v6 Apr 4, 2023
larabr added a commit that referenced this pull request Jul 26, 2023
In terms of API, this feature is backwards compatible, no breaking changes.
However, since a Wasm module is loaded for the Argon2 computation, browser apps
might need to make changes to their CSP policy in order to use the feature.

Newly introduced config fields:
- `config.s2kType` (defaulting to `enums.s2k.iterated`): s2k to use on
password-based encryption as well as private key encryption;
- `config.s2kArgon2Params` (defaulting to "uniformly safe settings" from Argon
RFC): parameters to use on encryption when `config.s2kType` is set to
`enums.s2k.argon2`;
larabr added a commit that referenced this pull request Aug 3, 2023
In terms of API, this feature is backwards compatible, no breaking changes.
However, since a Wasm module is loaded for the Argon2 computation, browser apps
might need to make changes to their CSP policy in order to use the feature.

Newly introduced config fields:
- `config.s2kType` (defaulting to `enums.s2k.iterated`): s2k to use on
password-based encryption as well as private key encryption;
- `config.s2kArgon2Params` (defaulting to "uniformly safe settings" from Argon
RFC): parameters to use on encryption when `config.s2kType` is set to
`enums.s2k.argon2`;
larabr added a commit that referenced this pull request Sep 1, 2023
In terms of API, this feature is backwards compatible, no breaking changes.
However, since a Wasm module is loaded for the Argon2 computation, browser apps
might need to make changes to their CSP policy in order to use the feature.

Newly introduced config fields:
- `config.s2kType` (defaulting to `enums.s2k.iterated`): s2k to use on
password-based encryption as well as private key encryption;
- `config.s2kArgon2Params` (defaulting to "uniformly safe settings" from Argon
RFC): parameters to use on encryption when `config.s2kType` is set to
`enums.s2k.argon2`;
larabr added a commit that referenced this pull request Oct 20, 2023
In terms of API, this feature is backwards compatible, no breaking changes.
However, since a Wasm module is loaded for the Argon2 computation, browser apps
might need to make changes to their CSP policy in order to use the feature.

Newly introduced config fields:
- `config.s2kType` (defaulting to `enums.s2k.iterated`): s2k to use on
password-based encryption as well as private key encryption;
- `config.s2kArgon2Params` (defaulting to "uniformly safe settings" from Argon
RFC): parameters to use on encryption when `config.s2kType` is set to
`enums.s2k.argon2`;
larabr added a commit that referenced this pull request Oct 24, 2023
In terms of API, this feature is backwards compatible, no breaking changes.
However, since a Wasm module is loaded for the Argon2 computation, browser apps
might need to make changes to their CSP policy in order to use the feature.

Newly introduced config fields:
- `config.s2kType` (defaulting to `enums.s2k.iterated`): s2k to use on
password-based encryption as well as private key encryption;
- `config.s2kArgon2Params` (defaulting to "uniformly safe settings" from Argon
RFC): parameters to use on encryption when `config.s2kType` is set to
`enums.s2k.argon2`;
larabr added a commit that referenced this pull request Oct 25, 2023
In terms of API, this feature is backwards compatible, no breaking changes.
However, since a Wasm module is loaded for the Argon2 computation, browser apps
might need to make changes to their CSP policy in order to use the feature.

Newly introduced config fields:
- `config.s2kType` (defaulting to `enums.s2k.iterated`): s2k to use on
password-based encryption as well as private key encryption;
- `config.s2kArgon2Params` (defaulting to "uniformly safe settings" from Argon
RFC): parameters to use on encryption when `config.s2kType` is set to
`enums.s2k.argon2`;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Clarify usage of config.s2kIterationCountByte
2 participants