-
Notifications
You must be signed in to change notification settings - Fork 795
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v6] Refuse to use keys without key flags, add config.allowMissingKeyFlags
#1677
Conversation
src/key/helper.js
Outdated
case enums.publicKey.ed25519: { | ||
if (!signature.keyFlags && !config.allowMissingKeyFlags) { | ||
throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); | ||
} | ||
|
||
return !signature.keyFlags || | ||
(signature.keyFlags[0] & enums.keyFlags.signData) !== 0; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for missing these last time (and being very nitpicky ^.^), but these brackets are also not necessary. They're only necessary if you need a block scope, e.g. if you're creating block-scoped variables.
case enums.publicKey.ed25519: { | |
if (!signature.keyFlags && !config.allowMissingKeyFlags) { | |
throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); | |
} | |
return !signature.keyFlags || | |
(signature.keyFlags[0] & enums.keyFlags.signData) !== 0; | |
} | |
case enums.publicKey.ed25519: | |
if (!signature.keyFlags && !config.allowMissingKeyFlags) { | |
throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`'); | |
} | |
return !signature.keyFlags || | |
(signature.keyFlags[0] & enums.keyFlags.signData) !== 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know they are not needed, but it's not a big deal to add them IMO -- I just find it confusing to have a lot of code without brackets.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Er, OK, but I think it's more important to have a consistent code style. JS cases normally don't have brackets, and most other code in the library doesn't have them, so we should only add them when needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, but then I'll add a linting rule for this, so that it's automatically enforced
0c2a1be
to
91fa87b
Compare
3160172
to
a28ae91
Compare
Key flags are needed to restrict key usage to specific purposes: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29 . Some older keys (e.g. from OpenPGP.js v1) do not declare any key flags. In previous OpenPGP.js versions, we've allowed such keys to be used for any operation for which they were compatible. This behaviour has now changed, and these keys are not allowed to be used for any operation. The setting `config.allowMissingKeyFlags` has been added to selectively revert to the past behaviour.
Also fix some indent issues with armoring code detected after required ESLint update. s
a28ae91
to
e69b1db
Compare
Key flags are needed to restrict key usage to specific purposes: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29 . Some older keys (e.g. from OpenPGP.js v0) do not declare any key flags. In previous OpenPGP.js versions, we've allowed such keys to be used for any operation for which they were compatible. This behaviour has now changed, and these keys are not allowed to be used for any operation.
The setting
config.allowMissingKeyFlags
has been added to selectively revert to the past behaviour.