fix(deps): update dependency openpgp to v5

Open renovate[bot] opened this issue 4 years ago • 0 comments

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
openpgp (source)	`4.10.10` -> `5.5.0`

Release Notes

openpgpjs/openpgpjs

`v5.5.0`

Compare Source

Remove leading newline from clearsigned messages armoring (https://github.com/openpgpjs/openpgpjs/pull/1560)
Ignore improperly formatted armor headers (https://github.com/openpgpjs/openpgpjs/pull/1557)
Leave unhashed subpackets as-is when re-serializing signatures (https://github.com/openpgpjs/openpgpjs/pull/1561)
Hash all signature subpackets (https://github.com/openpgpjs/openpgpjs/pull/1562)
printDebug: add label to identify source of the log (https://github.com/openpgpjs/openpgpjs/pull/1555)

`v5.4.0`

Compare Source

Fix CleartextMessage signature generation over text with trailing whitespace and \r\n line endings (#1548)
Throw in encryptSessionKey if no keys or passwords are provided (#1547)
TypeScript: add missing allowInsecureVerificationWithReformattedKeys field to Config (#1551)

`v5.3.1`

Compare Source

Fix error handling when parsing malformed armor (https://github.com/openpgpjs/openpgpjs/pull/1541)
Add support for Node.js 18 (https://github.com/openpgpjs/openpgpjs/pull/1542)

`v5.3.0`

Compare Source

Throw on empty passphrase in encryptKey and SecretKeyPacket.encrypt (https://github.com/openpgpjs/openpgpjs/pull/1508)
Throw on decryption of messages that don't contain any encrypted data packet (https://github.com/openpgpjs/openpgpjs/pull/1529)
Add UnparseablePacket to properly deal with key blocks that include malformed/unsupported packets (https://github.com/openpgpjs/openpgpjs/pull/1522)
Throw UnsupportedError on unknown algorithm in keys, signatures and encrypted session keys (https://github.com/openpgpjs/openpgpjs/pull/1523)
Add memory benchmark tests for streamed decryption of large files (https://github.com/openpgpjs/openpgpjs/pull/1462)
Fix loading browser built in JSDom environment (https://github.com/openpgpjs/openpgpjs/pull/1518)

`v5.2.1`

Compare Source

Fix AES encryption error in browsers for messages larger than 3MB (#1506)
TS: Rely on new web-stream-tools types, fix SignOptions (#1502)
Lint: error if imported name is not found in module (#1507)

`v5.2.0`

Compare Source

Drop MS Edge Legacy support (#1474)
Check existence of navigator before using it (#1475)
Fix Key.isRevoked() and SignaturePacket.verify() TypeScript definitions, and remove SignaturePacket.verified from Typescript declarations (#1486, #1494)
CI: Update mocha (#1503)

`v5.1.0`

Compare Source

Add support for constant-time decryption of PKCS#1 v1.5-encoded session keys (#1445)

Implement optional constant-time decryption flow to hinder Bleichenbacher-like attacks against RSA- and ElGamal public-key encrypted session keys.

Changes:
- Add config.constantTimePKCS1Decryption to enable the constant-time processing (defaults to false). The constant-time option is off by default since it has measurable performance impact on message decryption, and it is only helpful in specific application scenarios (more info below).
- Add config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms (defaults to the AES algorithms). The set of supported ciphers is restricted by default since the number of algorithms negatively affects performance.
Bleichenbacher-like attacks are of concern for applications where both of the following conditions are met:
1. New/incoming messages are automatically decrypted (without user interaction);
2. An attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).
Check key requirements in PrivateKey.addSubkey() (#1423)

Breaking change: when generating new subkeys through key.addSubkey(), we now check config.rejectCurves and prevent adding subkeys using the corresponding curves. By default, config.rejectCurves includes the brainpool curves (brainpoolP256r1, brainpoolP384r1, brainpoolP512r1) and the Bitcoin curve (secp256k1).

This is a follow up to #1395, which introduced the same check to openpgp.generateKey.
Initial Deno support (#1448)
Replace strings with integer algorithm identifiers in packet classes (#1410)

In several packet classes, we used to store string identifiers for public-key, aead, cipher or hash algorithms. To make the code consistent and to avoid having to convert to/from string values, we now always store integer values instead, e.g. enums.symmetric.aes128 is used instead of 'aes128'.

This is not expected to be a breaking change for most library users. Note that the type of Key.getAlgorithmInfo() and of the session key objects returned and accepted by top-level functions remain unchanged.

Affected classes (type changes for some properties and method's arguments):
- PublicKeyPacket, PublicSubkeyPacket, SecretKeyPacket, SecretSubkeyPacket
- SymEncryptedIntegrityProtectedDataPacket, AEADEncryptedDataPacket, SymmetricallyEncryptedDataPacket
- LiteralDataPacket, CompressedDataPacket
- PublicKeyEncryptedSessionKey, SymEncryptedSessionKeyPacket
- SignaturePacket
Other potentially breaking changes:
- Removed property AEADEncryptedDataPacket.aeadAlgo, since it was redudant given .aeadAlgorithm.
- Renamed AEADEncryptedDataPacket.cipherAlgo -> .cipherAlgorithm
CI: create annotations on performance regression warnings/errors (#1441)
CI: use Node v16 instead of v15
Update documentation link (#1455)
Rename master branch to main

`v5.0.1`

Compare Source

Remove stream from type definitions (#1413) It was removed in v5.0.0; the type definition was left behind.
Try to use process.env.NODE_ENV directly (#1402) Properly detect development / production mode when using tools like webpack or Vite, but don't throw an error if it's not available.
CI: Add performance and memory usage regression monitoring for pull requests (#1411)
Add config.allowInsecureVerificationWithReformattedKeys (#1231) Allows verifying signatures using keys that have been reformatted after the signature was created. To avoid this issue entirely, we recommend passing the key creation date to reformatKey.
Do not include checksum values in error messages when armor integrity check fails (#1428)
Update web stream tools and improve performance (#1439)
Remove line terminators from randomly generated test messages (#1440)

This is the first stable release of OpenPGP.js v5 (no more breaking changes to the high-level API will be made). There are no changes since the last prerelease (v5.0.0-6). The changelog since OpenPGP.js v4 is:

Security improvements

Improve the security of newly generated keys:
- Generate ECC keys by default (#1065)
- RSA keys can still be generated with the new type parameter of generateKey: (#1179)
```
import { generateKey } from 'openpgp';
const { privateKey } = await generateKey({
  userIDs: [{ name: 'Test', email: 'test@email' }],
  type: 'rsa'
});
```
- Newly generated RSA keys are now 4096-bits by default
- Remove SHA-1 from the default preferred hash algorithms (#1067)
- Remove 3DES and CAST5 from the default preferred symmetric algorithms (#1068)
Reject certain insecure keys by default:
- Add config.rejectPublicKeyAlgorithms, and default to disallowing the use of ElGamal and DSA for encrypting new messages and signing and verifying signatures, respectively (#1264)
- Reject RSA keys with fewer than config.minRSABits bits (defaulting to 2048) when encrypting new messages and signing and verifying signatures, not just on key generation (#1264)
- If you want to make an exception for a certain key or algorithm, rather than adjusting the global openpgp.config, you can now pass a config to a single function call, perhaps after warning the user / confirming that they want to allow this; for example:
```
import { createMessage, encrypt } from 'openpgp';
const message = await createMessage('Hello world!');
try {
  await encrypt({
    message,
    encryptionKeys: publicKeys
  });
} catch (err) {
  if (err.message.includes('...') && confirm('Warning: keys are insecure. Use anyway?')) {
    await encrypt({
      message,
      encryptionKeys: publicKeys,
      config: { minRSABits: 1024, rejectPublicKeyAlgorithms: new Set() }
    });
  } else {
    throw err;
  }
}
```
  Of course, if at all possible, it's better to (ask users to) generate new keys, instead.
… and a few smaller configuration changes

Library size reductions

openpgp.HKP has been moved to a separate package: openpgpjs/hkp-client
openpgp.WKD has been moved to a separate package: openpgpjs/wkd-client
openpgp.Keyring and LocalStore have been removed, because keyring handling and storage should be handled in the application, as localStorage may not meet the durability requirements of the application.
The built-in Web Worker and openpgp.createWorker have been removed (for the rationale, please see #1072)
The "lightweight build" has been greatly reduced in size. The lightweight build loads certain dependencies on demand only when needed:
- The indutny/elliptic library is loaded only when using or generating an ECC key with a brainpool or secp256k1 curve (or the NIST curves if Web Crypto is not supported). When using Curve25519/Ed25519, "elliptic" is never loaded.
- The indutny/bn.js library is only loaded when the native BigInt API is not supported (see caniuse.com/bigint), and/or when the elliptic library is loaded (as it depends on bn.js).
- The web-streams-polyfill and web-streams-adapter libraries are only loaded when streaming is used, and only if TransformStreams aren't natively supported (see caniuse.com/transformstream).
- To use the lightweight build:
```
import * as openpgp from 'openpgp/lightweight';
```
OpenPGP.js has been refactored to be more amenable to dead-code elimination, such that it's now more beneficial to only import the functions you need. For example, if you only import generateKey, support for encrypting and compressing messages is not needed, reducing the size of the build when using a build system such as webpack:
```
import { generateKey } from 'openpgp/lightweight';
```

High-level API changes

(Examples below)

Replace openpgp.key.read/readArmored with openpgp.readKey
- openpgp.readKey now takes an options object (either { armoredKey } or { binaryKey })
- It now only returns a single key object, rather than a { keys: [key...], err } object
- It now throws an error if the key failed to parse or if the key block contains multiple keys
Add openpgp.readKeys
- It takes an options object (either { armoredKeys } or { binaryKeys })
- It returns an array of key objects
- It throws if any of the keys in the key block failed to parse
Add openpgp.readPrivateKey and openpgp.readPrivateKeys
- These behave identically to readKey and readKeys, but additionally guarantee that a private key is returned
- They throw an error if the parsed key is a public key
Remove Key.prototype.encrypt/decrypt in favor of openpgp.encryptKey/decryptKey
- These functions take an option object ({ privateKey, passphrase })
- They return a clone of the key object, rather than mutating the key
- This eliminates the possibility of ending up in an inconsistent state where Key.prototype.decrypt would throw when decrypting one subkey after already decrypting (and mutating) others
Replace openpgp.message.read/readArmored with openpgp.readMessage, openpgp.signature.read/readArmored with openpgp.readSignature, and openpgp.cleartext.readArmored with openpgp.readCleartextMessage
- openpgp.readMessage now takes an options object (either { armoredMessage } or { binaryMessage })
- openpgp.readSignature now takes an options object (either { armoredSignature } or { binarySignature })
- openpgp.readCleartextMessage now takes an options object ({ cleartextMessage })
Replace openpgp.message.fromText/fromBinary with openpgp.createMessage, and openpgp.cleartext.fromText with openpgp.createCleartextMessage
- openpgp.createMessage now takes an options object (either { text } or { binary })
- openpgp.createCleartextMessage now takes an options object ({ text })
- Both of these functions are now async, and need to be awaited, like all the other top-level functions
In openpgp.generateKey, reformatKey, and revokeKey, return a simplified "key pair" object:
- The returned object now contains privateKey and publicKey properties, and no longer contains key, privateKeyArmored, and publicKeyArmored
- These functions now take the option format: 'armored' | 'binary' | 'object' to determine the format of privateKey and privateKey (defaulting to 'armored')
- The object returned from generateKey and reformatKey still contains a revocationCertificate property, which is not affected by the format option
In openpgp.encrypt, sign, encryptSessionKey, encryptKey and decryptKey, return the result directly without wrapping it in a "results" object
In all top-level functions, rename public/privateKeys to encryption/decryption/signing/verificationKeys depending on their use
- In openpgp.encrypt, encryptSessionKey, and generateSessionKey (see below), publicKeys is now called encryptionKeys
- In openpgp.encrypt and sign, privateKeys is now called signingKeys
- In openpgp.decrypt and decryptSessionKeys, privateKeys is now called decryptionKeys
- In openpgp.decrypt and verify, publicKeys is now called verificationKeys
- Similarly, rename toUserIDs to encryptionUserIDs and fromUserIDs to signingUserIDs
Remove the detached option of openpgp.encrypt. You can separately call openpgp.sign({ message, privateKeys, detached: true }) instead (don't forget to remove the privateKeys option from openpgp.encrypt as well if you do so, if you don't want the message to be signed inline). However, note that storing detached signatures of plaintext data together with the encrypted data is not secure
Add a new openpgp.generateSessionKey function
Remove the returnSessionKey option of openpgp.encrypt. You can separately call openpgp.generateSessionKey({ encryptionKeys: publicKeys }) instead and call openpgp.encrypt({ sessionKey }) with the result.
Remove the streaming option of openpgp.encrypt, decrypt, sign and verify. These functions now only use streaming when a ReadableStream or Node.js Readable stream is passed.
Replace the armor option in openpgp.encrypt and sign with a format option accepting the values 'armored' (default), 'binary' or 'object':
- format: 'armored' is equivalent to armor: true
- format: 'object' is equivalent to armor: false
- format: 'binary' returns the message serialized as a Uint8Array (this was not supported before)
Add an expectSigned option to openpgp.encrypt and verify, which causes these functions to throw if there was no valid signature in the message.
Throughout the API, userId has been changed to userID, and keyId has been changed to keyID. This affects the userIDs option of openpgp.generateKey, the fromUserIDs and toUserIDs options of openpgp.encrypt and decrypt, Key.prototype.getKeyID and getKeyIDs, Message.prototype.getEncryptionKeyID and getSigningKeyID, etc.
Rename all openpgp.enum.*.value_names to camelCase openpgp.enum.*.valueNames (#1093)
Remove openpgp.util (#1175)

Configuration changes

Rename all openpgp.config.option_names to camelCase openpgp.config.optionNames (#1088)
- Rename openpgp.config.versionstring to versionString, and commentstring to commentString
Don't add version and comment strings to armored messages and keys by default
Rename openpgp.config.ignore_mdc_error to allowUnauthenticatedMessages, and add a warning in the documentation that this option is insecure
Remove the option to generate non-integrity-protected messages (openpgp.config.integrityProtect)
openpgp.config.aeadProtect now controls whether private key encryption uses AEAD; previously this was dependent on the key version, and could only be used for v5 keys
All top-level functions (including the new ones mentioned above) now take a config property of their options parameter
- This can be helpful when you want to change the configuration for a single function call, rather than all OpenPGP.js function cals
- For example, you can now generate a single V5 key as follows:
```
const { privateKey } = await openpgp.generateKey({
  userIDs: [{ name: 'Test', email: 'test@email' }],
  config: { v5Keys: true }
});
```
- Config options that aren't passed still default to openpgp.config

Low-level API changes

Rename openpgp.packet.* to openpgp.*Packet
Rename openpgp.packet.Userid to openpgp.UserIDPacket
Rename openpgp.packet.Literal to openpgp.LiteralDataPacket
Rename openpgp.packet.Compressed to openpgp.CompressedDataPacket
Rename openpgp.packet.SymmetricallyEncrypted to openpgp.SymmetricallyEncryptedDataPacket
Rename openpgp.packet.SymEncryptedIntegrityProtected to openpgp.SymEncryptedIntegrityProtectedDataPacket
Rename openpgp.packet.SymEncryptedAEADProtected to openpgp.AEADEncryptedDataPacket

Rename openpgp.enums.packet.userid to openpgp.enums.packet.userID
Rename openpgp.enums.packet.literal to openpgp.enums.packet.literalData
Rename openpgp.enums.packet.compressed to openpgp.enums.packet.compressedData
Rename openpgp.enums.packet.symmetricallyEncrypted to openpgp.enums.packet.symmetricallyEncryptedData
Rename openpgp.enums.packet.symEncryptedIntegrityProtected to openpgp.enums.packet.symEncryptedIntegrityProtectedData
Rename openpgp.enums.packet.symEncryptedAEADProtected to openpgp.enums.packet.aeadEncryptedData

Rename openpgp.message.generateSessionKey to openpgp.Message.generateSessionKey
Rename openpgp.message.encryptSessionKey to openpgp.Message.encryptSessionKey

Examples

Generate an armored key pair

v4:

import * as openpgp from 'openpgp';
const { privateKeyArmored, publicKeyArmored, revocationCertificate } = await openpgp.generateKey({ userIds: [{ name: 'Test', email: 'test@email' }] });

v5:

import { generateKey } from 'openpgp';
const { privateKey, publicKey, revocationCertificate } = await generateKey({ userIDs: [{ name: 'Test', email: 'test@email' }] });

Generate a private key object

v4:

import * as openpgp from 'openpgp';
const { key } = await generateKey({ userIds: [{ name: 'Test', email: 'test@email' }] });

v5:

import { generateKey } from 'openpgp';
const { privateKey } = await generateKey({ userIDs: [{ name: 'Test', email: 'test@email' }], format: 'object' });

Parse a public key (armored)

v4:

import * as openpgp from 'openpgp';
const publicKey = (await openpgp.key.readArmored(armoredKey)).keys[0];

v5:

import { readKey } from 'openpgp';
const publicKey = await readKey({ armoredKey });

Parse a public key (binary)

v4:

import * as openpgp from 'openpgp';
const publicKey = (await openpgp.key.read(armoredKey)).keys[0];

v5:

import { readKey } from 'openpgp';
const publicKey = await readKey({ binaryKey });

Parse one or more public keys (armored)

v4:

import * as openpgp from 'openpgp';
const publicKeys = (await openpgp.key.readArmored(armoredKeys)).keys;

v5:

import { readKeys } from 'openpgp';
const publicKeys = await readKeys({ armoredKeys });

Parse and decrypt a private key (armored)

v4:

import * as openpgp from 'openpgp';
const privateKey = (await openpgp.key.readArmored(armoredKey)).keys[0];
await privateKey.decrypt(passphrase);

v5:

import { readPrivateKey, decryptKey } from 'openpgp';
const privateKey = await readPrivateKey({ armoredKey }); // Or `readKey` - `readPrivateKey` is helpful for better TypeScript type hinting.
const decryptedPrivateKey = await decryptKey({ privateKey, passphrase });

Encrypt and sign text message (armored output)

v4:

import * as openpgp from 'openpgp';
const message = openpgp.message.fromText(text);
const encrypted = await openpgp.encrypt({ publicKeys: publicKeys, privateKeys: privateKeys, message });
console.log(encrypted.data); // String

v5:

import { createMessage, encrypt } from 'openpgp';
const message = await createMessage({ text });
const encrypted = await encrypt({ encryptionKeys: publicKeys, signingKeys: privateKeys, message });
console.log(encrypted); // String

Encrypt and sign binary message (binary output)

v4:

import * as openpgp from 'openpgp';
const message = openpgp.message.fromBinary(data);
const encrypted = await openpgp.encrypt({ publicKeys: publicKeys, privateKeys: privateKeys, message, format: 'binary' });
console.log(encrypted.message.packets.write()); // Uint8Array

v5:

import { createMessage, encrypt } from 'openpgp';
const message = await createMessage({ binary: data });
const encrypted = await encrypt({ encryptionKeys: publicKeys, signingKeys: privateKeys, message, format: 'binary' });
console.log(encrypted); // Uint8Array

Encrypt and sign message (inspect packets)

v4:

import * as openpgp from 'openpgp';
const encrypted = await openpgp.encrypt({ publicKeys: publicKeys, privateKeys: privateKeys, message, armor: false });
console.log(encrypted.message.packets); // Array

v5:

import { encrypt, readMessage } from 'openpgp';
const encrypted = await encrypt({ encryptionKeys: publicKeys, signingKeys: privateKeys, message, format: 'object' });
console.log(encrypted.packets); // Array

Decrypt and verify text message (armored input)

v4:

import * as openpgp from 'openpgp';
const message = openpgp.message.readArmored(armoredMessage);
const decrypted = await openpgp.decrypt({ privateKeys: privateKeys, publicKeys: publicKeys, message });
console.log(decrypted.data); // String
console.log(decrypted.signatures[0].valid); // Boolean

v5:

import { readMessage, decrypt } from 'openpgp';
const message = await readMessage({ armoredMessage });
const decrypted = await decrypt({ decryptionKeys: privateKeys, verificationKeys: publicKeys, message });
console.log(decrypted.data); // String
console.log(await decrypted.signatures[0].verified); // Boolean

Decrypt and verify binary message (binary input)

v4:

import * as openpgp from 'openpgp';
const message = openpgp.message.read(binaryMessage);
const decrypted = await openpgp.decrypt({ privateKeys: privateKeys, publicKeys: publicKeys, message });
console.log(decrypted.data); // String
console.log(decrypted.signatures[0].valid); // Boolean

v5:

import { readMessage, decrypt } from 'openpgp';
const message = await readMessage({ binaryMessage });
const decrypted = await decrypt({ decryptionKeys: privateKeys, verificationKeys: publicKeys, message, format: 'binary' });
console.log(decrypted.data); // Uint8Array
console.log(await decrypted.signatures[0].verified); // Boolean

Decrypt and verify message, and throw if it's not verified

v4:

import * as openpgp from 'openpgp';
const decrypted = await openpgp.decrypt({ privateKeys: privateKeys, publicKeys: publicKeys, message });
if (!decrypted.signatures.some(signature => signature.valid)) {
  throw new Error("Couldn't find valid signature in message");
}

v5:

import { decrypt } from 'openpgp';
const decrypted = await decrypt({ decryptionKeys: privateKeys, verificationKeys: publicKeys, message, expectSigned: true });

Sign cleartext message (armored output)

v4:

import * as openpgp from 'openpgp';
const message = openpgp.cleartext.fromText(text);
const signed = await openpgp.sign({ privateKeys: privateKeys, message });
console.log(signed.data); // String

v5:

import { createCleartextMessage, sign } from 'openpgp';
const message = await createCleartextMessage({ text });
const signed = await sign({ signingKeys: privateKeys, message });
console.log(signed); // String

Sign text message (binary output)

v4:

import * as openpgp from 'openpgp';
const message = openpgp.message.fromText(text);
const signed = await openpgp.sign({ privateKeys: privateKeys, message, armor: false });
console.log(signed.message.packets.write()); // Uint8Array

v5:

import { createMessage, sign } from 'openpgp';
const message = await createMessage({ text });
const signed = await sign({ signingKeys: privateKeys, message, format: 'binary' });
console.log(signed); // Uint8Array

Detached-sign cleartext message (armored output)

v4:

import * as openpgp from 'openpgp';
const message = openpgp.cleartext.fromText(text);
const signed = await openpgp.sign({ privateKeys: privateKeys, message, detached: true });
console.log(signed.signature); // String

v5:

import { createMessage, sign } from 'openpgp';
const message = await createMessage({ text: util.removeTrailingSpaces(text) });
const signed = await sign({ signingKeys: privateKeys, message, detached: true });
console.log(signed); // String

Detached-sign binary message (binary output)

v4:

import * as openpgp from 'openpgp';
const message = openpgp.message.fromText(text);
const signed = await openpgp.sign({ privateKeys: privateKeys, message, detached: true, armor: false });
console.log(signed.signature.packets.write()); // Uint8Array

v5:

import { createMessage, sign } from 'openpgp';
const message = await createMessage({ text });
const signed = await sign({ signingKeys: privateKeys, message, detached: true, format: 'binary' });
console.log(signed); // Uint8Array

Verify signed text message (armored input)

v4:

import * as openpgp from 'openpgp';
const message = await openpgp.message.readArmored(armor);
const verified = await openpgp.verify({ publicKeys: publicKeys, message });
console.log(openpgp.util.nativeEOL(openpgp.util.decode_utf8(verified.data))); // String
console.log(verified.signatures); // Array

v5:

import { readMessage, verify } from 'openpgp';
const message = await readMessage({ armoredMessage });
const verified = await verify({ verificationKeys: publicKeys, message });
console.log(verified.data); // String
console.log(verified.signatures); // Array

Verify signed binary message (binary input)

v4:

import * as openpgp from 'openpgp';
const message = await openpgp.message.read(binary);
const verified = await openpgp.verify({ publicKeys: publicKeys, message });
console.log(verified.data); // Uint8Array
console.log(verified.signatures); // Array

v5:

import { readMessage, verify } from 'openpgp';
const message = await readMessage({ binaryMessage });
const verified = await verify({ verificationKeys: publicKeys, message, format: 'binary' });
console.log(verified.data); // Uint8Array
console.log(verified.signatures); // Array

Encrypt session keys (armored output)

v4:

import * as openpgp from 'openpgp';
const encrypted = await openpgp.encryptSessionKey({ publicKeys: publicKeys, data, algorithm });
console.log(encrypted.message.armor()); // String

v5:

import { encryptSessionKey } from 'openpgp';
const encrypted = await encryptSessionKey({ encryptionKeys: publicKeys, data, algorithm });
console.log(encrypted); // String

Encrypt session keys (binary output)

v4:

import * as openpgp from 'openpgp';
const encrypted = await openpgp.encryptSessionKey({ publicKeys: publicKeys, data, algorithm });
console.log(encrypted.message.packets.write()); // Uint8Array

v5:

import { encryptSessionKey } from 'openpgp';
const encrypted = await encryptSessionKey({ encryptionKeys: publicKeys, data, algorithm, format: 'binary' });
console.log(encrypted); // Uint8Array

Streaming-encrypt text message on Node.js (armored output)

v4:

import * as openpgp from 'openpgp';
const data = fs.createReadStream(filename, { encoding: 'utf8' });
const message = openpgp.message.fromText(data);
const encrypted = await openpgp.encrypt({ publicKeys: publicKeys, message });
encrypted.data.on('data', chunk => {
  console.log(openpgp.util.Uint8Array_to_str(chunk)); // String
});

v5:

import { createMessage, encrypt } from 'openpgp';
const data = fs.createReadStream(filename, { encoding: 'utf8' });
const message = await createMessage({ text: data });
const encrypted = await encrypt({ encryptionKeys: publicKeys, message });
encrypted.on('data', chunk => {
  console.log(chunk); // String
});

Streaming-encrypt binary message on Node.js (binary output)

v4:

import * as openpgp from 'openpgp';
const data = fs.createReadStream(filename);
const message = openpgp.message.fromBinary(data);
const encrypted = await openpgp.encrypt({ publicKeys: publicKeys, message, armor: false });
openpgp.stream.webToNode(encrypted.message.packets.write()).pipe(targetStream);

v5:

import { createMessage, encrypt } from 'openpgp';
const data = fs.createReadStream(filename);
const message = await createMessage({ binary: data });
const encrypted = await encrypt({ encryptionKeys: publicKeys, message, format: 'binary' });
encrypted.pipe(targetStream);

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

Sep 02 '21 15:09 renovate[bot]