Version 3.0.0 of openpgp was just published.

Dependency	openpgp
Current Version	2.6.2
Type	dependency

The version 3.0.0 is not covered by your current version range.

If you don’t accept this pull request, your project will work just like it did before. However, you might be missing out on a bunch of new features, fixes and/or performance improvements from the dependency update.

It might be worth looking into these changes and trying to get this project onto the latest version of openpgp.

If you have a solid test suite and good coverage, a passing build is a strong indicator that you can take advantage of these changes directly by merging the proposed change into your project. If the build fails or you don’t have such unconditional trust in your tests, this branch is a great starting point for you to work on the update.

Release Notes

v3.0.0

Public-Key Cryptography:

Public-key cryptography using elliptic curves P-256, P-384, P-521, SECP-256k1, Curve25519, and Ed25519 is now supported. The implementation uses Fedor Indutny’s Elliptic library and utilizes native Node.js and browser APIs when possible. We recommend using ed25519 for security and efficiency.
To generate ECC keys, pass a curve parameter to the generateKey function; e.g. curve='ed25519'.
In other public-key cryptography news: jsbn.js is dead, long live bn.js! All public-key algorithms and MPI handling functions have been refactored to use bn.js. In particular, new probabilistic random prime generation algorithms have been added to assist with RSA key generation. If you need RSA keys, for instance for compatibility purposes, we recommend at least a 2048-bit key size.
Generating and receiving wild card key IDs in public-key encrypted session key packets is now supported. A wild card key ID indicates that the receiving implementation should try all available private keys, checking whether each can be used to decrypt any session key, with an associated performance cost. To generate key packets with wild card key IDs, the wildcard option can be set to true in the encrypt and encryptSessionKey functions.
A new optional date input to the encrypt, decrypt, sign, and verify functions allows for performing operations in the context of that date. This can be helpful for hiding the true encryption/signature time of scheduled messages or for verifying signatures of old messages with currently expired public keys that may not have been expired at the time of receipt.

Breaking API Changes:

The high-level decrypt function now accepts arrays of private keys, passwords, or session keys as input and attempts to decrypt session keys with all values. All possible decrypted session keys are then used to attempt to decrypt the message data. This is necessary because there is no way to a priori validate decrypted session keys from wild card key IDs or passwords if the algorithm enum happens to be valid, and this happens an appreciable fraction of the time (~1/20). The input variables privateKey, password, and sessionKey have been renamed to privateKeys, passwords, and sessionKeys respectively.
The decryptSessionKey function has been renamed to decryptSessionKeys and similarly accepts arrays of private keys and passwords as input.

Compression:

Bzip2 compression and decompression using the compressjs library is now supported.
Zlib compression now uses pako’s zlib module or the native zlib module on Node.js when possible. This represents a significant performance increase in compression.
Compression can now be enabled by either altering the compression value in the config file or passing in a compression option to the high-level encrypt function.

Randomness:

Fixed an issue where the random number buffer would get depleted when running many concurrent processes with web workers
It is now possible to specify the number of worker threads when initializing the web worker

Development:

JavaScript style checking now uses ESLint. Run grunt eslint before submitting pull-requests.
Also before submitting pull requests, run grunt browsertest and open localhost:3000/test/unittests.html to test web worker compatibility.
The library has been refactored to use ES6 variable declaration syntax (const, let) and ES7 asynchronous code syntax (async, await). Babel ensures compatibility with older browsers.

Future Roadmap:

Improve the performance of public-key operations via improving the bn.js library. See the benchmarks.
Add support for streaming cryptography.
Add support for Brainpool elliptic curves.
Add support for the RFC4880 draft version 5, which include changes in the S2K function and specifications for supporting AEAD in V5 keys. This includes AES-EAX, an authenticated mode of operation for AES, as well as two new authenticated public key options: AEDH and AEDSA. See issue #627.

Commits

The new version differs by 212 commits.

4ded3f9 Documentation improvements in src/packet
a5e7562 Many documentation improvements; more to come
184a988 Release new version
08da24d documentation fixes
d3f42b2 update comments
c5b5bf7 utils fix
6c7a73b README formatting
843d94f Merge pull request #660 from openpgpjs/bug/subkey-revocations
6fefe22 Finished fixing key.js; fixes async tests
0b2817b Last little things become async ...
4700606 Added test for encryption with revoked subkey
23a4141 Addresses @sanjanarajan's comments
73a240d Simplifies (Key|User|SubKey).isRevoked, API changes in key.js
ec22dab Slightly simplifies key.js; adds key.verifyKeyPackets which should be run before getEncryption/SigningKeyPacket
354b961 primegen bugfix, recalculate i

There are 212 commits in total.

See the full diff

FAQ and help

There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html). If those don’t help, you can always [ask the humans behind Greenkeeper](https://github.com/greenkeeperio/greenkeeper/issues/new).

Your Greenkeeper bot :palm_tree:

greenkeeper[bot] commented 4 years ago