Skip to content

Commit

Permalink
Temporarily add config.ignoreSEIPDv2FeatureFlag for compatibility
Browse files Browse the repository at this point in the history
SEIPDv2 is a more secure and faster choice, but it is
not necessarily compatible with other libs and our mobile apps.
  • Loading branch information
larabr committed Apr 19, 2024
1 parent 4694d77 commit c6b290c
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 1 deletion.
8 changes: 8 additions & 0 deletions src/config/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,14 @@ export default {
* @property {Boolean} aeadProtect
*/
aeadProtect: false,
/**
* Whether to disable encrypton using SEIPDv2 even if the encryption keys include the SEIPDv2 feature flag.
* If true, SEIPDv1 (i.e. no AEAD) packets are always used instead.
* SEIPDv2 is a more secure and faster choice, but it is not necessarily compatible with other libs and our mobile apps.
* @memberof module:config
* @property {Boolean} ignoreSEIPDv2FeatureFlag
*/
ignoreSEIPDv2FeatureFlag: false,
/**
* When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`)
* which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`,
Expand Down
3 changes: 2 additions & 1 deletion src/key/helper.js
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,8 @@ export async function getPreferredCompressionAlgo(keys = [], date = new Date(),
export async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {
const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config)));
const withAEAD = keys.length ?
selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) :
selfSigs.every(selfSig => (
selfSig.features && (selfSig.features[0] & enums.features.seipdv2) && !config.ignoreSEIPDv2FeatureFlag)) :
config.aeadProtect;

if (withAEAD) {
Expand Down
11 changes: 11 additions & 0 deletions test/general/openpgp.js
Original file line number Diff line number Diff line change
Expand Up @@ -2253,6 +2253,17 @@ k0mXubZvyl4GBg==
expect(seipd).to.be.instanceOf(openpgp.SymEncryptedIntegrityProtectedDataPacket);
expect(seipd.version).to.equal(2);
expect(seipd.aeadAlgorithm).to.equal(openpgp.enums.aead.ocb);

const encryptedWithoutAEAD = await openpgp.encrypt({
message: await openpgp.createMessage({ text: 'test' }),
encryptionKeys: [v4PrivateKeyWithOCBPref, v6PrivateKeyWithOCBPref],
format: 'object',
config: { ignoreSEIPDv2FeatureFlag: true }
});

const seipdV1 = encryptedWithoutAEAD.packets[2];
expect(seipdV1).to.be.instanceOf(openpgp.SymEncryptedIntegrityProtectedDataPacket);
expect(seipdV1.version).to.equal(1);
});

it('should support encrypting to a key without features (missing SEIPDv1 feature)', async function () {
Expand Down

0 comments on commit c6b290c

Please sign in to comment.