Skip to content

Releases: openpgpjs/openpgpjs

v3.0.2

17 Mar 09:18
Compare
Choose a tag to compare

Fixes the sorting function that retrieves the primary user

v3.0.1

15 Mar 18:33
Compare
Choose a tag to compare

This release includes some bugfixes related to key expiration times and key revocation.

v3.0.0

08 Mar 21:06
Compare
Choose a tag to compare

Public-Key Cryptography:

  • Public-key cryptography using elliptic curves P-256, P-384, P-521, SECP-256k1, Curve25519, and Ed25519 is now supported. The implementation uses Fedor Indutny’s Elliptic library and utilizes native Node.js and browser APIs when possible. We recommend using ed25519 for security and efficiency.
    To generate ECC keys, pass a curve parameter to the generateKey function; e.g. curve='ed25519'.

  • In other public-key cryptography news: jsbn.js is dead, long live bn.js! All public-key algorithms and MPI handling functions have been refactored to use bn.js. In particular, new probabilistic random prime generation algorithms have been added to assist with RSA key generation. If you need RSA keys, for instance for compatibility purposes, we recommend at least a 2048-bit key size.

  • Generating and receiving wild card key IDs in public-key encrypted session key packets is now supported. A wild card key ID indicates that the receiving implementation should try all available private keys, checking whether each can be used to decrypt any session key, with an associated performance cost. To generate key packets with wild card key IDs, the wildcard option can be set to true in the encrypt and encryptSessionKey functions.

  • A new optional date input to the encrypt, decrypt, sign, and verify functions allows for performing operations in the context of that date. This can be helpful for hiding the true encryption/signature time of scheduled messages or for verifying signatures of old messages with currently expired public keys that may not have been expired at the time of receipt.

Breaking API Changes:

  • The high-level decrypt function now accepts arrays of private keys, passwords, or session keys as input and attempts to decrypt session keys with all values. All possible decrypted session keys are then used to attempt to decrypt the message data. This is necessary because there is no way to a priori validate decrypted session keys from wild card key IDs or passwords if the algorithm enum happens to be valid, and this happens an appreciable fraction of the time (~1/20). The input variables privateKey, password, and sessionKey have been renamed to privateKeys, passwords, and sessionKeys respectively.

  • The decryptSessionKey function has been renamed to decryptSessionKeys and similarly accepts arrays of private keys and passwords as input.

Compression:

  • Bzip2 compression and decompression using the compressjs library is now supported.

  • Zlib compression now uses pako’s zlib module or the native zlib module on Node.js when possible. This represents a significant performance increase in compression.

  • Compression can now be enabled by either altering the compression value in the config file or passing in a compression option to the high-level encrypt function.

Randomness:

  • Fixed an issue where the random number buffer would get depleted when running many concurrent processes with web workers

  • It is now possible to specify the number of worker threads when initializing the web worker

Development:

  • JavaScript style checking now uses ESLint. Run grunt eslint before submitting pull-requests.
    Also before submitting pull requests, run grunt browsertest and open localhost:3000/test/unittests.html to test web worker compatibility.

  • The library has been refactored to use ES6 variable declaration syntax (const, let) and ES7 asynchronous code syntax (async, await). Babel ensures compatibility with older browsers.

Future Roadmap:

  • Improve the performance of public-key operations via improving the bn.js library. See the benchmarks.

  • Add support for streaming cryptography.

  • Add support for Brainpool elliptic curves.

  • Add support for the RFC4880 draft version 5, which include changes in the S2K function and specifications for supporting AEAD in V5 keys. This includes AES-EAX, an authenticated mode of operation for AES, as well as two new authenticated public key options: AEDH and AEDSA. See issue #627.

2.5.0

15 Mar 03:47
Compare
Choose a tag to compare

Detached signature support

2.4.0

15 Mar 01:29
Compare
Choose a tag to compare

Public key signing

OpenPGP.js v2.0.0

13 Feb 10:51
Compare
Choose a tag to compare

Release notes

  • Completely new public api written in ES6 (breaking change to v1.x). You can review it here and see some usage examples in the README.
  • Refactor to ES6 modules instead of common.js (uses Babel and browserify to generate ES5 UMD build).
  • Uint8Array all the things! (kudos go to @bartbutler for the initial refactoring).
  • Native node.js crypto for AES-CFB and all hashing (SHA-1, SHA-256, SHA-384, SHA-512, MD5, RIPE).
  • Use asm.js implementations of AES-CFB, SHA-1, SHA-256 when no native crypto is available. Uses Rusha and asmCrypto Lite (a minimal subset of asmCrypto.js built specifically for OpenPGP.js).
  • Use transferable objects to pass ArrayBuffers between main thread and Web Worker (must currently be activated by setting openpgp.config.zeroCopy = true).
  • All code under src/ has been cleaned up and now runs in strict mode (with a few exceptions). This prevents a large class of bugs and lets JS runtimes to optimize more easily. Grunt jobs for JShint and JSCS (code style linting) now run automatically before each travis build so that PRs from outside must adhere to strict mode and our code style e.g. indentations using 2 spaces.

Future roadmap

  • Native WebCrypto apis for SHA hashing. This would require refactoring of most private apis from sync to async/promise style.
  • Use WebCrypto or at least asmCrypto for RSA en/decrypt. Replacing current jsbn/rsa implementation (big performance bottleneck for larger RSA keys).
  • Add resync-mode support to asmCrypto AES-CFB for non-integrity-protected symmetric encrypted packets. Replacing current AES/CFB implementation (right have two atm).
  • Add support for elliptic curve cryptography (ECC) keys to stay compatible with GnuPG v2.x and the upcoming Google End-to-End.

v1.3.0

06 Oct 14:45
Compare
Choose a tag to compare

Release builds are in the source code packages under dist/

v0.10.1

13 Feb 04:01
Compare
Choose a tag to compare

Attention: release builds are now under dist/

v0.10.0

11 Feb 13:29
Compare
Choose a tag to compare

Release notes:

  • Fix invalid range check in DSA signature verification: #286 (Thanks Daniel Bleichenbacher and @koto of Google)
  • Fix comparison fix for broken getRandomBigIntegerInRange function: #285
  • Pass window.openpgp.config to AsyncProxy: #261

v0.9.0

09 Dec 14:54
Compare
Choose a tag to compare

Release notes

  • Add compression support (zip & zlib) in #272