greenkeeper[bot]
commented
6 years ago Version 3.0.1 just got published.
Update to this version instead π
Commits
The new version differs by 7 commits.
8dd4b3fRelease new versionb4055f4fix #6704d40c60Merge pull request #668 from openpgpjs/rev_fixes96c9cd0Fixes dead links in the documentation3945912remove some redundant code38508b3if primary key is invalid, so are subkeysa94ca90add test for key revoked with cert, no revoked subkeys
See the full diff
βοΈ Greenkeeperβs updated Terms of Service will come into effect on April 6th, 2018.
Version 3.0.0 of openpgp was just published.
The version 3.0.0 is not covered by your current version range.
If you donβt accept this pull request, your project will work just like it did before. However, you might be missing out on a bunch of new features, fixes and/or performance improvements from the dependency update.
It might be worth looking into these changes and trying to get this project onto the latest version of openpgp.
If you have a solid test suite and good coverage, a passing build is a strong indicator that you can take advantage of these changes directly by merging the proposed change into your project. If the build fails or you donβt have such unconditional trust in your tests, this branch is a great starting point for you to work on the update.
Release Notes
v3.0.0Public-Key Cryptography:
Public-key cryptography using elliptic curves P-256, P-384, P-521, SECP-256k1, Curve25519, and Ed25519 is now supported. The implementation uses Fedor Indutnyβs Elliptic library and utilizes native Node.js and browser APIs when possible. We recommend using ed25519 for security and efficiency.
To generate ECC keys, pass a
curveparameter to the generateKey function; e.g.curve='ed25519'.In other public-key cryptography news: jsbn.js is dead, long live bn.js! All public-key algorithms and MPI handling functions have been refactored to use bn.js. In particular, new probabilistic random prime generation algorithms have been added to assist with RSA key generation. If you need RSA keys, for instance for compatibility purposes, we recommend at least a 2048-bit key size.
Generating and receiving wild card key IDs in public-key encrypted session key packets is now supported. A wild card key ID indicates that the receiving implementation should try all available private keys, checking whether each can be used to decrypt any session key, with an associated performance cost. To generate key packets with wild card key IDs, the
wildcardoption can be set to true in the encrypt and encryptSessionKey functions.A new optional date input to the encrypt, decrypt, sign, and verify functions allows for performing operations in the context of that date. This can be helpful for hiding the true encryption/signature time of scheduled messages or for verifying signatures of old messages with currently expired public keys that may not have been expired at the time of receipt.
Breaking API Changes:
The high-level decrypt function now accepts arrays of private keys, passwords, or session keys as input and attempts to decrypt session keys with all values. All possible decrypted session keys are then used to attempt to decrypt the message data. This is necessary because there is no way to a priori validate decrypted session keys from wild card key IDs or passwords if the algorithm enum happens to be valid, and this happens an appreciable fraction of the time (~1/20). The input variables privateKey, password, and sessionKey have been renamed to privateKeys, passwords, and sessionKeys respectively.
The decryptSessionKey function has been renamed to decryptSessionKeys and similarly accepts arrays of private keys and passwords as input.
Compression:
Bzip2 compression and decompression using the compressjs library is now supported.
Zlib compression now uses pakoβs zlib module or the native zlib module on Node.js when possible. This represents a significant performance increase in compression.
Compression can now be enabled by either altering the compression value in the config file or passing in a compression option to the high-level encrypt function.
Randomness:
Fixed an issue where the random number buffer would get depleted when running many concurrent processes with web workers
It is now possible to specify the number of worker threads when initializing the web worker
Development:
JavaScript style checking now uses ESLint. Run
grunt eslintbefore submitting pull-requests.Also before submitting pull requests, run
grunt browsertestand open localhost:3000/test/unittests.html to test web worker compatibility.The library has been refactored to use ES6 variable declaration syntax (const, let) and ES7 asynchronous code syntax (async, await). Babel ensures compatibility with older browsers.
Future Roadmap:
Improve the performance of public-key operations via improving the bn.js library. See the benchmarks.
Add support for streaming cryptography.
Add support for Brainpool elliptic curves.
Add support for the RFC4880 draft version 5, which include changes in the S2K function and specifications for supporting AEAD in V5 keys. This includes AES-EAX, an authenticated mode of operation for AES, as well as two new authenticated public key options: AEDH and AEDSA. See issue #627.
Commits
The new version differs by 212 commits.
4ded3f9Documentation improvements in src/packeta5e7562Many documentation improvements; more to come184a988Release new version08da24ddocumentation fixesd3f42b2update commentsc5b5bf7utils fix6c7a73bREADME formatting843d94fMerge pull request #660 from openpgpjs/bug/subkey-revocations6fefe22Finished fixing key.js; fixes async tests0b2817bLast little things become async ...4700606Added test for encryption with revoked subkey23a4141Addresses @sanjanarajan's comments73a240dSimplifies (Key|User|SubKey).isRevoked, API changes in key.jsec22dabSlightly simplifies key.js; adds key.verifyKeyPackets which should be run before getEncryption/SigningKeyPacket354b961primegen bugfix, recalculate iThere are 212 commits in total.
See the full diff
FAQ and help
There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html). If those donβt help, you can always [ask the humans behind Greenkeeper](https://github.com/greenkeeperio/greenkeeper/issues/new).Your Greenkeeper bot :palm_tree: