-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to OpenPGP v5 #4725
Switch to OpenPGP v5 #4725
Conversation
looking great, finally :-) are we able to drop any functionality related to dropping weak algorithms? There should be settings on v5 to do this natively. |
@rrrooommmaaa how is this looking at this moment? |
I need to find a way to neatly wire the new library to the browser page, most of incompatibilities were resolved 2 months ago and unit tests are looking good. |
45c2d40
to
52d98cf
Compare
While waiting for openpgpjs/openpgpjs#1583 to be merged and published, looking at other issues |
const possibleExpirations: number[] = []; | ||
const primaryKeyExpiration = OpenPGPKey.getExpirationAsDateOrUndefined(await key.getExpirationTime())?.getTime(); | ||
if (!encryptionKey || !signingKey) { | ||
possibleExpirations.push( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I reworked this method to make use of getSigningKey
and getEncryptionKey
calls from OpenPGP.js instead of trying to replicate OpenPGP.js behaviour when selecting keys, but it turned out to be not so simple. Supplying date: null
(meaning: ignore date) parameter instead of date: undefined
(meaning: take current date) it is possible to find a (sub)key for singing/encryption, but it may not be the subkey we're looking for ( 1) the subkey may have created
property after primary key's expiration is in the key was never usable
unit test, 2) the subkey may tell us an incorrect expiration date, as there may be another subkey with later expiration that didn't show up because OpenPGP.js sorts subkeys by created
property)
So, for already expired keys the following algo is implemented:
- create a list of all the subkey's expiration dates (prior to primary key's expiration)
(todo: we can make it faster by manually collecting expirations from signatures?) - call
getEncryptionKey
/getSigningKey
with dates from the list in descending order until we get a usable key.
If a not-expired encryption key is returned for the current date, then we'll call getEncryptionKey
with the expiration date of the found key to find a next valid key to figure out the final expiration
date over all the subkeys.
What do you think, @tomholub ? Is this approach good?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's a reasonable compromise to do it they way you did. It still relies on original functionality in OpenPGP.js, and the guess-try approach is understandable in this situation. You should comment it as such, eg by adding a code comment with a link to our conversation here.
In the long term, we should decide if we really want to support this use case or not, and maybe we'll drop it. These days I'm leaning towards dropping it, but not just yet - first we'll ensure that all possible avenues of getting updated keys are working properly (eg we didn't connect keys.openpgp.org yet).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
delta review - looks good
I tested the extension in Firefox and it seems to setup and send/receive messages with attachments ok |
@rrrooommmaaa I tried to build extension with
Should I change something to make it work? |
This PR switches to OpenPGP v5
close #3324
close #4904
Tests (delete all except exactly one):
To be filled by reviewers
I have reviewed that this PR... (tick whichever items you personally focused on during this review):