-
Notifications
You must be signed in to change notification settings - Fork 791
V5 Changelog
Daniel Huigens edited this page Mar 3, 2021
·
20 revisions
- Generate ECC keys by default (#1065)
- RSA keys can still be generated with the new
type
parameter ofgenerateKey
: (#1179)const { key } = await openpgp.generateKey({ userIds: [{ name: 'Test', email: 'test@email' }], type: 'rsa' });
- Newly generated RSA keys are now 4096-bits by default
- Remove SHA-1 from default preferred hash algorithms (#1067)
- Remove 3DES and CAST5 from default preferred symmetric algorithms (#1068)
- … and a few smaller configuration changes
-
openpgp.HKP
has been moved to a separate package: openpgpjs/hkp-client -
openpgp.WKD
has been moved to a separate package: openpgpjs/wkd-client -
openpgp.Keyring
andLocalStore
have been removed, because keyring handling and storage should be handled in the application, as localStorage may not meet the durability requirements of the application. - The built-in Web Worker and
openpgp.createWorker
have been removed (for the rationale, please see #1072)
- Replace
openpgp.key.read/readArmored
withopenpgp.readKey
-
openpgp.readKey
now takes an options object (either{ armoredKey }
or{ binaryKey }
) - It now only returns a single key object, rather than a
{ keys: [key...], err }
object - It now throws an error if the key failed to parse or if the key block contains multiple keys
-
- Add
openpgp.readKeys
- It takes an options object (either
{ armoredKeys }
or{ binaryKeys }
) - It returns an array of key objects
- It throws if any of the keys in the key block failed to parse
- It takes an options object (either
- Replace
openpgp.message.read/readArmored
withopenpgp.readMessage
,openpgp.signature.read/readArmored
withopenpgp.readSignature
, andopenpgp.cleartext.readArmored
withopenpgp.readCleartextMessage
-
openpgp.readMessage
now takes an options object (either{ armoredMessage }
or{ binaryMessage }
) -
openpgp.readSignature
now takes an options object (either{ armoredSignature }
or{ binarySignature }
) -
openpgp.readCleartextMessage
now takes an options object ({ cleartextMessage }
)
-
- Replace
openpgp.message.fromText
withopenpgp.Message.fromText
,openpgp.message.fromBinary
withopenpgp.Message.fromBinary
, andopenpgp.cleartext.fromText
withopenpgp.CleartextMessage.fromText
- In
openpgp.encrypt
,sign
,encryptSessionKey
,encryptKey
anddecryptKey
, return the result directly without wrapping it in a "results" object - Remove the
detached
option ofopenpgp.encrypt
. You can separately callopenpgp.sign({ message, privateKeys, detached: true })
instead (don't forget to remove theprivateKeys
option fromopenpgp.encrypt
as well if you do so, if you don't want the message to be signed inline). However, note that storing detached signatures of plaintext data together with the encrypted data is not secure - Add a new
openpgp.generateSessionKey
function - Remove the
returnSessionKey
option ofopenpgp.encrypt
. You can separately callopenpgp.generateSessionKey({ publicKeys })
instead and callopenpgp.encrypt({ sessionKey })
with the result - Rename all
openpgp.enum.*.value_names
to camelCaseopenpgp.enum.*.valueNames
(#1093) - Remove
openpgp.util
(#1175)
- Rename all
openpgp.config.option_names
to camelCaseopenpgp.config.optionNames
(#1088)- Rename
openpgp.config.versionstring
toversionString
, andcommentstring
tocommentString
- Rename
- Don't add version and comment strings to armored messages and keys by default
- Rename
openpgp.config.ignore_mdc_error
toallowUnauthenticatedMessages
, and add a warning in the documentation that this option is insecure - Remove the option to generate non-integrity-protected messages (
openpgp.config.integrityProtect
) -
openpgp.config.aeadProtect
now controls whether private key encryption uses AEAD; previously this was dependent on the key version, and could only be used for v5 keys - All top-level functions (including the new ones mentioned above) now take a
config
property of theiroptions
parameter- This can be helpful when you want to change the configuration for a single function call, rather than all OpenPGP.js function cals
- For example, you can now generate a single V5 key as follows:
const { key } = await openpgp.generateKey({ userIds: [{ name: 'Test', email: 'test@email' }], config: { v5Keys: true } });
- Config options that aren't passed still default to
openpgp.config
- Rename
openpgp.packet.*
toopenpgp.*Packet
- Rename
openpgp.packet.Userid
toopenpgp.UserIDPacket
- Rename
openpgp.packet.Literal
toopenpgp.LiteralDataPacket
- Rename
openpgp.packet.Compressed
toopenpgp.CompressedDataPacket
- Rename
openpgp.packet.SymmetricallyEncrypted
toopenpgp.SymmetricallyEncryptedDataPacket
- Rename
openpgp.packet.SymEncryptedIntegrityProtected
toopenpgp.SymEncryptedIntegrityProtectedDataPacket
- Rename
openpgp.packet.SymEncryptedAEADProtected
toopenpgp.AEADEncryptedDataPacket
- Rename
openpgp.enums.packet.userid
toopenpgp.enums.packet.userID
- Rename
openpgp.enums.packet.literal
toopenpgp.enums.packet.literalData
- Rename
openpgp.enums.packet.compressed
toopenpgp.enums.packet.compressedData
- Rename
openpgp.enums.packet.symmetricallyEncrypted
toopenpgp.enums.packet.symmetricallyEncryptedData
- Rename
openpgp.enums.packet.symEncryptedIntegrityProtected
toopenpgp.enums.packet.symEncryptedIntegrityProtectedData
- Rename
openpgp.enums.packet.symEncryptedAEADProtected
toopenpgp.enums.packet.AEADEncryptedData
- Rename
openpgp.message.generateSessionKey
toopenpgp.Message.generateSessionKey
- Rename
openpgp.message.encryptSessionKey
toopenpgp.Message.encryptSessionKey
v4:
import * as openpgp from 'openpgp';
const privateKey = (await openpgp.key.readArmored(armoredKey)).keys[0];
v5:
import { readKey } from 'openpgp';
const privateKey = await readKey({ armoredKey });
v4:
import * as openpgp from 'openpgp';
const publicKeys = (await openpgp.key.readArmored(armoredKeys)).keys;
v5:
import { readKeys } from 'openpgp';
const publicKeys = await readKeys({ armoredKeys });
v4:
import * as openpgp from 'openpgp';
const message = openpgp.message.fromText(text);
const encrypted = await openpgp.encrypt({ publicKeys, message });
console.log(encrypted.data); // String
v5:
import { Message, encrypt } from 'openpgp';
const message = Message.fromText(text);
const encrypted = await encrypt({ publicKeys, message });
console.log(encrypted); // String
v4:
import * as openpgp from 'openpgp';
const message = openpgp.message.fromBinary(data);
const encrypted = await openpgp.encrypt({ publicKeys, message, armor: false });
console.log(encrypted.message.packets.write()); // Uint8Array
v5:
import { Message, encrypt } from 'openpgp';
const message = Message.fromBinary(data);
const encrypted = await encrypt({ publicKeys, message, armor: false });
console.log(encrypted); // Uint8Array
v4:
import * as openpgp from 'openpgp';
const encrypted = await openpgp.encrypt({ publicKeys, message, armor: false });
console.log(encrypted.message.packets); // Array
v5:
import { encrypt, readMessage } from 'openpgp';
import stream from 'web-stream-tools';
const encrypted = await encrypt({ publicKeys, message, armor: false });
const message = await readMessage({ binaryMessage: encrypted });
message.packets.concat(await stream.readToEnd(message.packets.stream, _ => _)); // Optional, if you want to inspect trailing signature packets
console.log(message.packets); // Array
v4:
import * as openpgp from 'openpgp';
const message = openpgp.cleartext.fromText(text);
const signed = await openpgp.sign({ privateKeys, message });
console.log(signed.data); // String
v5:
import { CleartextMessage, sign } from 'openpgp';
const message = CleartextMessage.fromText(text);
const signed = await sign({ privateKeys, message });
console.log(signed); // String
v4:
import * as openpgp from 'openpgp';
const message = openpgp.message.fromText(text);
const signed = await openpgp.sign({ privateKeys, message, armor: false });
console.log(signed.message.packets.write()); // Uint8Array
v5:
import { Message, sign } from 'openpgp';
const message = Message.fromText(text);
const signed = await sign({ privateKeys, message, armor: false });
console.log(signed); // Uint8Array
v4:
import * as openpgp from 'openpgp';
const message = openpgp.cleartext.fromText(text);
const signed = await openpgp.sign({ privateKeys, message, detached: true });
console.log(signed.signature); // String
v5:
import { Message, sign } from 'openpgp';
const message = Message.fromText(util.removeTrailingSpaces(text));
const signed = await sign({ privateKeys, message, detached: true });
console.log(signed); // String
v4:
import * as openpgp from 'openpgp';
const message = openpgp.message.fromText(text);
const signed = await openpgp.sign({ privateKeys, message, detached: true, armor: false });
console.log(signed.signature.packets.write()); // Uint8Array
v5:
import { Message, sign } from 'openpgp';
const message = Message.fromText(text);
const signed = await sign({ privateKeys, message, detached: true, armor: false });
console.log(signed); // Uint8Array
v4:
import * as openpgp from 'openpgp';
const message = await openpgp.message.readArmored(armor);
const verified = await openpgp.verify({ publicKeys, message });
console.log(openpgp.util.nativeEOL(openpgp.util.decode_utf8(verified.data))); // String
console.log(verified.signatures); // Array
v5:
import { readMessage, verify } from 'openpgp';
const message = await readMessage({ armoredMessage });
const verified = await verify({ publicKeys, message });
console.log(verified.data); // String
console.log(verified.signatures); // Array
v4:
import * as openpgp from 'openpgp';
const message = await openpgp.message.read(binary);
const verified = await openpgp.verify({ publicKeys, message });
console.log(verified.data); // Uint8Array
console.log(verified.signatures); // Array
v5:
import { readMessage, verify } from 'openpgp';
const message = await readMessage({ binaryMessage });
const verified = await verify({ publicKeys, message, format: 'binary' });
console.log(verified.data); // Uint8Array
console.log(verified.signatures); // Array
v4:
import * as openpgp from 'openpgp';
const encrypted = await openpgp.encryptSessionKey({ publicKeys, data, algorithm });
console.log(encrypted.message.armor()); // String
v5:
import { encryptSessionKey } from 'openpgp';
const encrypted = await encryptSessionKey({ publicKeys, data, algorithm });
console.log(encrypted); // String
v4:
import * as openpgp from 'openpgp';
const encrypted = await openpgp.encryptSessionKey({ publicKeys, data, algorithm });
console.log(encrypted.message.packets.write()); // Uint8Array
v5:
import { encryptSessionKey } from 'openpgp';
const encrypted = await encryptSessionKey({ publicKeys, data, algorithm, armor: false });
console.log(encrypted); // Uint8Array
v4:
import * as openpgp from 'openpgp';
const data = fs.createReadStream(filename, { encoding: 'utf8' });
const message = openpgp.message.fromText(data);
const encrypted = await openpgp.encrypt({ publicKeys, message });
encrypted.data.on('data', chunk => {
console.log(openpgp.util.Uint8Array_to_str(chunk)); // String
});
v5:
import { Message, encrypt } from 'openpgp';
const data = fs.createReadStream(filename, { encoding: 'utf8' });
const message = Message.fromText(data);
const encrypted = await encrypt({ publicKeys, message });
encrypted.on('data', chunk => {
console.log(chunk); // String
});
v4:
import * as openpgp from 'openpgp';
const data = fs.createReadStream(filename);
const message = openpgp.message.fromBinary(data);
const encrypted = await openpgp.encrypt({ publicKeys, message, armor: false });
openpgp.stream.webToNode(encrypted.message.packets.write()).pipe(targetStream);
v5:
import { Message, encrypt } from 'openpgp';
const data = fs.createReadStream(filename);
const message = Message.fromBinary(data);
const encrypted = await encrypt({ publicKeys, message, armor: false });
encrypted.pipe(targetStream);