v6.0.0-alpha.0

What's Changed

OpenPGP.js v6 includes only minor API changes while adding full support for the OpenPGP crypto refresh.

Main non-breaking changes:

• Implement crypto refresh features (some behind flags, given the limited ecosystem support):
  • Add support for v6 keys, signatures and encrypted-session keys & more (behind feature flag openpgp.config.v6Keys)
  • Add support for AEAD-protected encrypted messages (new format, behind feature flag openpgp.config.aeadProtect)
  • Add support for Argon2 (#1597) (since WASM is used, it might require specific configurations in web apps, see note under "Breaking changes" below)
  • Add support for Ed448 & X448 (#1676)
  • Add support for generating Ed25519 & X25519 keys in new format (#1676, following up to #1620)
• Drop elliptic.js in favor of noble-curves (#1694)
• Add support for SHA3 (#1680)

Breaking changes:

• Drop support for Node 14 (EOL end of April '23)
• The library is now declared as a module, and declares exports, alongside the legacy package.json entrypoints, which should ensure backwards compatibility. Still, bundlers might be affected by the package.json changes depending on how they load the library.
• Remove embedded Web Streams ponyfill, since it's now supported in all browsers (applications can load a polyfill themselves instead, if they need to support older browser versions: see README).
• The crypto refresh has updated parts of the draft RFC4880bis as implemented by OpenPGP.js v4 and v5. Related changes in v6 are:
  • Drop config.v5Keys flag and corresponding key generation. The flag is replaced by .v6Keys, and results in a different key format.
  • Keys generated without .v5Keys flag and encrypted with config.aeadProtect = true cannot be decrypted by OpenPGP.js v6 out-of-the-box. Support for decrypting these keys will be added in the next v6 prerelease (see #1672).
  • The config.aeadProtect flag has a different effect than in v5:
    • for private keys, a new encryption mechanism is used;
    • for password-encrypted messages, a new message format is used;
    • when encrypting messages to public keys, the flag is ignored (see #1678).
• Argon2 relies on a WASM module, thus web apps might need to make changes to their CSP policy in order to use the feature. Alternatively, since the Argon2 WASM module is only loaded if needed, apps can manually reject password-encrypted messages and private keys which use Argon2 by checking e.g. SymEncryptedSessionKeyPacket.s2k?.type === 'argon2' or SecretKeyPacket|SecretSubkeyPacket.keyPacket.s2k?.type === 'argon2'.
• Refuse to use keys without key flags, but add config.allowMissingKeyFlags to bypass the check if needed (see #1677)
• Drop config.minBytesForWebCrypto, and always use WebCrypto if available, since there is no longer a performance overhead for small messages.
• Rename EdDSA-related enums following the standardisation of new key formats:
  • Drop enums.publicKey.eddsa in favour of enums.publicKey.eddsaLegacy
  • Rename string value of enums.curve.ed25519Legacy to 'ed25519Legacy' (was: 'ed25519')
  • Rename string value of enums.curve.curve25519Legacy to 'curve25519Legacy' (was: 'curve25519')
• Rename config.useIndutnyElliptic to .useEllipticFallback, to reflect the change of underlying library.
• Remove enums.symmetric.plaintext (internally unused)

Full Changelog: v5.11.0...v6.0.0-alpha.0