Releases: openpgpjs/openpgpjs
Releases Β· openpgpjs/openpgpjs
v5.9.0
v5.8.0
- Add
additionalAllowedPackets
config option, to allow parsing packets that are not usually expected/allowed in a given context (#1618) - Fix shorthand check on user revoked status in
getPrimaryUser
method (#1623) - Run Sequoia's OpenPGP interoperability test suite in CI, to catch interoperability regressions (#1603)
v5.7.0
- Add support for creating critical signature subpackets (#1599)
- Most subpackets are now assigned a criticality based on whether failing to interpret their meaning would negatively impact security.
- If subpackets that are now marked as critical (such as signature creation date, issuer Key ID, key expiration time if set, etc.) are not supported by another OpenPGP implementation, it will now be considered invalid by the implementation rather than ignored. However, since these subpackets are fundamental to the functioning of OpenPGP, they should indeed never be ignored. If an implementation doesn't support them, please upgrade or report it to the relevant implementation as well as or instead of here.
- For Notation Data subpackets, the caller can now set their criticality using the
signatureNotations[*].critical
property. When set to critical, if the OpenPGP implementation reading the signature doesn't understand their meaning, they will be rejected rather than ignored. This is useful if the notation is indeed critical (:slightly_smiling_face:) to the functioning of the signature or the key that contains it.
- Remove default known notations (#1600)
- Since OpenPGP.js doesn't interpret any notations, we shouldn't consider any of them "known" by default. Rather, we let the calling application indicate the known notations, and it is then responsible for handling them.
- Specifically, signatures with a critical notation named "preferred-email-encoding@pgp.com" or "pka-address@gnupg.org" will now be rejected by default. We believe that these are not common "in the wild", but if you encounter them, you can add them to the
config.knownNotations
array, or (preferably) pass aknownNotations
array in theconfig
property when verifying a signature, and then handle the preference indicated by the notation data afterwards by inspecting thesignaturePacket.notations
orrawNotations
property.
- TypeScript: added
selfCertification
property to thePrimaryUser
interface definition (#1594) - Docs: mark global
generateSessionKeys
'sencryptionKeys
parameter as optional (#1596) - CI: Update browser targets (#1549)
- Update ESLint and other minor dependencies; clean up linting rules (#1602)
v5.6.0
- Allow use of Brainpool curves by default (#1563)
- These curves were added back to the crypto refresh of the OpenPGP standard, so we allow them by default again, but please note that their implementation is not constant-time (#720), so their use is still discouraged in favor of Curve25519.
- Add revoke method to User (#1584)
- Add support for creating Notation Data subpackets when signing or encrypting messages (#1598)
- Add RawNotations Type to type definitions (#1571)
- Adding missing functions in SubKey class type definition (#1588)
- TypeScript: fix signature of armor function (#1576, #1585)
- TypeScript: fix SymEncryptedSessionKeyPacket type name (#1583)
- Docs: add typescript setup notice (#1586)
- Docs: clarify
Key.clone()
behaviour (#1589) - CI: move away from Node.js v12 (#1568)
- Remove internal, unused
RandomBuffer
(#1593)
v5.5.0
v5.4.0
v5.3.1
v5.3.0
- Throw on empty passphrase in
encryptKey
andSecretKeyPacket.encrypt
(#1508) - Throw on decryption of messages that don't contain any encrypted data packet (#1529)
- Add
UnparseablePacket
to properly deal with key blocks that include malformed/unsupported packets (#1522) - Throw
UnsupportedError
on unknown algorithm in keys, signatures and encrypted session keys (#1523) - Add memory benchmark tests for streamed decryption of large files (#1462)
- Fix loading browser built in JSDom environment (#1518)