Skip to content

Commit

Permalink
Temporarily add config.ignoreSEIPDv2FeatureFlag for compatibility (#15
Browse files Browse the repository at this point in the history
)

SEIPDv2 is a more secure and faster choice, but it is
not necessarily compatible with other libs and our mobile apps.

Co-authored-by: Daniel Huigens <[email protected]>
  • Loading branch information
larabr and twiss committed Nov 22, 2024
1 parent 35783c5 commit d010e0e
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 1 deletion.
1 change: 1 addition & 0 deletions openpgp.d.ts
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,7 @@ interface Config {
showVersion: boolean;
showComment: boolean;
aeadProtect: boolean;
ignoreSEIPDv2FeatureFlag: boolean;
allowUnauthenticatedMessages: boolean;
allowUnauthenticatedStream: boolean;
allowForwardedMessages: boolean;
Expand Down
8 changes: 8 additions & 0 deletions src/config/config.js
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,14 @@ export default {
* @property {Boolean} aeadProtect
*/
aeadProtect: false,
/**
* Whether to disable encrypton using SEIPDv2 even if the encryption keys include the SEIPDv2 feature flag.
* If true, SEIPDv1 (i.e. no AEAD) packets are always used instead.
* SEIPDv2 is a more secure and faster choice, but it is not necessarily compatible with other libs and our mobile apps.
* @memberof module:config
* @property {Boolean} ignoreSEIPDv2FeatureFlag
*/
ignoreSEIPDv2FeatureFlag: false,
/**
* When reading OpenPGP v4 private keys (e.g. those generated in OpenPGP.js when not setting `config.v5Keys = true`)
* which were encrypted by OpenPGP.js v5 (or older) using `config.aeadProtect = true`,
Expand Down
2 changes: 1 addition & 1 deletion src/key/helper.js
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ export async function getPreferredCompressionAlgo(keys = [], date = new Date(),
export async function getPreferredCipherSuite(keys = [], date = new Date(), userIDs = [], config = defaultConfig) {
const selfSigs = await Promise.all(keys.map((key, i) => key.getPrimarySelfSignature(date, userIDs[i], config)));
const withAEAD = keys.length ?
selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) :
!config.ignoreSEIPDv2FeatureFlag && selfSigs.every(selfSig => selfSig.features && (selfSig.features[0] & enums.features.seipdv2)) :
config.aeadProtect;

if (withAEAD) {
Expand Down
11 changes: 11 additions & 0 deletions test/general/openpgp.js
Original file line number Diff line number Diff line change
Expand Up @@ -2384,6 +2384,17 @@ k0mXubZvyl4GBg==
expect(seipd).to.be.instanceOf(openpgp.SymEncryptedIntegrityProtectedDataPacket);
expect(seipd.version).to.equal(2);
expect(seipd.aeadAlgorithm).to.equal(openpgp.enums.aead.ocb);

const encryptedWithoutAEAD = await openpgp.encrypt({
message: await openpgp.createMessage({ text: 'test' }),
encryptionKeys: [v4PrivateKeyWithOCBPref, v6PrivateKeyWithOCBPref],
format: 'object',
config: { ignoreSEIPDv2FeatureFlag: true }
});

const seipdV1 = encryptedWithoutAEAD.packets[2];
expect(seipdV1).to.be.instanceOf(openpgp.SymEncryptedIntegrityProtectedDataPacket);
expect(seipdV1.version).to.equal(1);
});

it('should support encrypting to a key without features (missing SEIPDv1 feature)', async function () {
Expand Down

0 comments on commit d010e0e

Please sign in to comment.