- exported the BaseX class
- exposed BaseX encoders to typescript
- require_packet_hash flag
- unbreak browser version due to browserify
- fixed types for ukm.get_sig_body
- dohash flag passed into .box
- types for ukm.get_sig_body
- Add a simple verifier system that works either for PGP or keybase keys and sigs
- Add some preliminary typing
- Add ability to override
@hasher
when signing keys (self-signing and subkeys, as well as primary key signing with a subkey).
- Add
assert_pgp_hash
arguments so API consumers can reject hash algorithms. - Add
hasher
when boxing / signing so default hash algorithm (SHA512) can be overridden if needed.
- fix tests
- keybase-nacl dep
- update keybase-ecurve dep
- catch uncaught errors in keybase/packet#alloc
- Add a KeyManager::verify_raw function, for simple signature verifications
- Add a prefix option for signatures, considered separately from the payload
- Change the browserify strategy for excluding native sodium, we'll now pass
browserify -i sodium
in all downstream modules - This is to unbreak webpack, which didn't like our hack to trick browserify
- Hence the minor version update, since this is a breaking change
- Deprecate (new Buffer) and use Buffer.from or Buffer.allow
- Dependency upgrades
- Upgrade to Triplesec v3.0.27 to get rid of
use asm
, which no longer worked on FF
- Fix bug introduced in version 2.0.78 related to re-signing already signed KeyManager when loading / generating and modifying keys.
- Fix handling of subkeys with multiple binding signatures. Mimic GPG and go-crypto behavior: one binding signature is selected, and the key is configured according to it.
- Upgrade browserify to 15.0.0
- fix tests
- drop
keybase dir sign
in the "release" process
- Version bump only
decode_strict
parameter inKeyManager.import_from_armored_pgp
opts to make it accept only well-formed ASCII armors.
- Only allow whitespace after the end of the --BEGIN PGP-- block, not any characters.
- Ability to import expired keys from p3skb by running import_from_p3skb with
no_key_check
andtime_travel
.
- Don't crash if a signature unbox runs on an encrypted message
- Checking if
hex
argument is valid in high level import_private and import_public (calling back with an err instead of crashing). - EdDSA: Left-pad R and S separately if shorter than 32 bytes. Fixes validation of rare GPG-created signatures.
- allow us to pass a nonce through a box{}
- Support for designated revokers
- break up unbox into two pieces so that we can sanity-check a box without being to decrypt it
- Better errors for revoked key/subkeys
- Also use KeyManager detection from KeyRing for revoked keys
Security Fix!
- Certain paths through export/import/export/import would wind up exporting secret key material along with the public key material. Fix, and add a test.
- Handled malformed EdDSA keys and sigs better
- Add bitlength checks for EdDSA keys
- Fix broken CI tests due to expiring keys
Via PR from @zapu:
- Curve25519 support
- Bugfixes for p521 padding issues
Upgrades:
- New dearmorer (reject UTF8 chars in comments) and make tests pass
Security Bugfix:
- Handle key_revocation signatures on primaries, which were previously being ignored.
Feature:
- Subpacket33 support
- Curve25519 support
Bugfix:
- Allow a space after
Hash: SHA256
field in headers of clearsigned docs
Feature:
- Typed error message for wrong signing key in SigEngine::unbox
- Recompile with new ICS (108.0.11)
- Fix some wonky tests
Security bugfix:
- Disclose less info in error messages; we don't know how it might be used
Bugfixes:
- Fix bug in eror path in unknown GNU S2K
Feature:
- slightly more specific error
Feature:
- Expose the
bn
library via exports.
Bugfixes:
- Upgrade pgp-utils to 0.0.30 to fix bug in recognizing bad PGP armor
Bugfixes:
- Use
iced-lock
class rather than buggy reimplementation via copy/paste
Security upgrade:
- force cross-signatures on signing subkeys unless strict:false is supplied
Feature:
- General
get_sig_body
function that works for KB or OpenPGP
Bugfix:
- Use the best encryption subkey if there are multiple possibilities
Bugfixes:
- Signal an error if you try to merge a PGP private key and nothing happens
Bugfixes:
- Yet another rework of key expiration. Use the UID that expires furthest into the future.
- Correct parsing of V3 subkeys.
Bugfix:
pgp_full_hash
givesnull
for a non-PGP-key
Feature:
- New
pgp_full_hash
method on openpgp KeyManager, which generates the SHA256 hash of the armored public key
Security fix:
- Upgrade to [email protected] and use strict unpacking; to lessen chance of semantic disagrements over signature meanings
Feature:
- Stash passphrase generation in P3SKB packets, so we can keep track of which locked secret keys are encrypted with which version of a user's passphrase.
Bugfix:
- Another error in computing subkey expiration; use the creation time of the subkey, and not creatinon of the primary. This isn't a security bug, since it's too conversative in computing the expire time. It just prevents people from getting their work done.
Enhancements:
- Add merge_userids() and merge_everything() to KeyManager.
Enhancements:
- Back out previous changes to export_pgp_public, and also add some new virtualization layers there.
Features:
- Brainpool curve support. Thanks to @jkolo on GitHub
Features:
- More changes to the export_pgp_public
Features:
- Export pgp public can be called in an sync context
Features:
- Initial EdDSA support; parse keys and verify signatures.
- See Issue #55
Bugfixes:
- PGP key merge methods now ignore key revocations. (These are probably not safe to use on signatures that aren't provably timestampted. We plan to move away from them in general in favor of more exact key pinning.)
Bugfixes:
- Fix ECDSA p521: bug in hash -> int conversion (close #80)
Bugfixes:
- Merge public keys too, not just subkeys. This means pushing back primary key expirations too. Close #81
Tweaks:
- Slightly improved error messages for inability to find the needed subkey in verification.
Bugfixes:
- Fix primary key expiration computation
- Clean up key v sig expriation
- Get time-travel signatures working better, and accounting for primary key expiration as above (close #82)
Bugfixes:
- The change in 2.0.29 was a mistake. Revert.
Bugfixes:
- Calculate PGP key creation times properly. (keybase/keybase-issues#1686)
Bugfixes:
- Improved subkey merge system, for keybase/node-client#203
- I have several key bundles updated, some with subkeys that have expired, and others with that same subkey's lifetime extended. So play my key sequence forward and backwards and make sure it's possible to verify with that subkey in either case.
Features:
- Add a rudimentary subkey merge system
Features:
- Expose openpgp SignatureEngine
- Expose get_all_pgp_ids() via key manager
Bugfix:
- pass more options through to ukm
Bugfix:
- For reviewing signatures that were signed deep in the past, we have an issue that the subkey that signed the sig might have been valid at the time but has since expired. The ugly way to deal with this situation would be require the KeyManager to be repeatedly reimported if reviewing multiple signatures. Instead, we allow for keys to be imported with "time_travel : true" mode, in which subkeys are allowed to be imported even though they're currently expired. The question of whether the subkey is expired is then postponed until the actual signature check. Get this working, and then add a test case that brought the issue to our attention.
Bufix:
- When considering several self-signed key expiry times, take the maximum and not the minimum. GPG appears to work this way.
Cleanups:
- better code refactoring from the preivous commit
- more sensisble API
Features:
- extract unverfied payload bodies from signatures
Bugfix:
- Second half of the below commit
Bugfix:
- Set signed flag on imported PGP blocks.
Cleanup:
- Remove the "ephemeral" bit from encryption/decryption via NaCl DH in the keybase packet system.
Features:
- Better DH/EDDSA import/export
Features:
- Utility functions for exporting/importing NaCl secret keys, mainly useful now for testing.
Bugfixes:
- Stop returning default 4yr expiration times for non-expiring PGP keys.
Bugfixes:
- Specify compression algorithms in key generation (otherwise RFC4880 says zip by default).
Features:
- ukm.decode_sig() method
Features:
- get_body() for signatures, for computing sigIds without verifying sigs.
Features:
- Can pass
opts = { now : 333 }
toSignatureEngine.unbox
. It's a 3rd arg - NaCl signatures operations can be native via sodium wrapper (in keybase-nacl)
Bugfixes:
- Pass buffers, not strings to box. Enforce with bufferify
Features:
- A simpler bzip2 implementation
Feature:
- KMI can_encrypt(), can_decrypt(), can_sign() methods Bugfix:
ophelia
's key expired, so implement a "time travel" feature for reading in keys as if it were 10-Dec-2014, when everything worked.
Bugfixes:
- Support of raw parameter in unbox{} was broken; fix and test
- Close: keybase/keybase-issues#1415
Features:
- Add a
no_check_keys
to KeyManager import routines for PGP. Needed in the case of replacing an expired key.- See here: keybase/keybase-issues#1410
Features:
- Add get_fp2() and get_fp2_formatted() to KeyManager. For PGP it's the same as a regular fingerprint, but for NaCl, it's base64-encoding of the whole key.
- Add get_type() to KeyManager so make further display decisions.
Bugfixes:
- Update reg tests; my subkey had expired, so I just refreshed it.
- Node.js changed zlib, which can now return empty buffers.
Bugfix
- Fix bug in DH NACL KeyManager, it's not able to verify
Bugfix:
can_Sign()
is a misleading name, better to havecan_verify()
, which says whether or not this key is a sign/verify keypair, and makes no indications about whether it has a privkey or not.
Bugfix:
- Fix error condition in kb.SignatureEngine.unbox in which we didn't handle a wrong public key properly
- get_ekid() implementation for openpgp KeyManagers
- SignatureEngine.box for keybase and openpgp-style packets
- generate EdDSA keys from deterministic seed (#59)
- wrap DH as we do EdDSA (#60)
- allow split key-generation for server-assists
- Partially address #62, a bug in EC point output (improper padding)
- SignatureEngine::decode now does some of the work for unbox, on a per-sig-eng basis (different from openpgp and kb)
- Vbump to 2.0.0; we changed where the SignatureEngine is, thereby breaking API compatibility.
New features:
- NaCl support for keybase-formatted signatures
- OpenPGP EdDSA support still to come...
- Most work done on Issue #48
- Fix #53 -- get keymanagers back from detached sigs
- Slight hack for "streaming data" in which it doesn't make sense to have a literal. So have an empty placeholder literal instead
Bugfix:
- Fix for previous bugfix (#47). Better check for e < 2^32.
Bugfix:
- Relax exponent e requirement, don't require it to be prime or <2^16+1. See #47.
Performance:
- Speed up Iterated S2K by caching results (since subkeys need to reuse the result from the primary). And by not allocating the buffer in one huge chunk
SECURITY BUGFIX
- Don't use revoked subkeys
Bufixes:
- Primary userid flag on the first user ID given
- generate_rsa and generate_ecc also get userids parameters
Feature:
- KeyManager.generate() takes userids vector, for multiple UIDs in key
- Closes #45
Bugfixes:
- After merging a private key, try to "unlock" it if it's not PW-protected. We were already doing the same for import, but need it here for keybase's key_path.iced
Bugfixes:
- I can't find it in the RFC, but it seems as if we need to assume all reasonable
key flags for a primary if none were specified.
- This should address keybase/keybase-issues#1110
Nit:
- Expose keyring.KeyRing, equivalent to keyring.PgpKeyRing
Feature:
- The
encrypt_for
parameter tobox
can handle mutliple parties, meaning messages can be encrypted for your friend(s) and yourself. ( this one was a long-time coming....)
Bugfix:
- Expose RipeMD160
- Address keybase/keybase-issues#1020
Feature:
- Changes to unbox (in response to #42)
- Can pass
{ strict : false }
tounbox
, and it won't crap out if it can't verify signatures. - Now calls back with an
err, Array<Literals>, Warnings
triple.
- Can pass
Security upgrade:
- Run various validity checks in incoming PGP keys;
- See this thread for more info: http://www.metzdowd.com/pipermail/cryptography/2014-September/022758.html
Bugfixes:
- Fix bug in
export_pgp_private
wrapper routine...
Bugfixes:
- Address errant iced-coffee-script inclusion via [email protected] upgrade
- Official release!
Bugfixes:
- Strip out stray debug message
- Use 'armored' rather than 'raw' in KeyManager interface, for consistency's sake. Still allow 'raw' but mark it as DEPRECATED.
- Don't require unlock_pgp() to be called on an unlocked key. Do it internally so as not to confuse people.
- Upgrade to Triplesec v3.0.18 for less-wasteful entropy generation
Features:
- ASPs now accepted and supported in box/unbox operations
- API streamlining: easier to get the key_manager from a packetsig
Tweaks:
- Rename generate_std to generate_rsa
- Alias KeyManager.export_pgp_private
Bugfixes:
- Close keybase/keybase-issues#921 -- fix a zip/browserify bug by ignoring an error that seems harmless. This might break in the future, so keep on eye on it. The break will be that valid messages refuse to decrypt and inflate.
Tweaks:
- Change the KeyFetcher::fetch interface. Callback now callsback with (err, key_manager, index) triple rather than the shmorgasbord of parameters we had before. Do a minor version update to show lack of compatibility with previous 0.2.0 release
Features:
- RFC 6637: ECC crypto: ECDSA and ECDH. Experimental and not recommended, since more GPG clients do not support it.
- Add new API entrance points for cleaner code and consistent metaphors. Don't throw away the old entrance points just yet
Optimizations:
- Switch to bigint squaring, rather than modPowInt(2), and expose a few more features of bn to make this work.
- Upgrade to the newest version of bn, @v1.0.0
Bugfix:
- Fix a bug in clearsign parsing; we were being to liberal in our understanding
of BEGIN PGP blocks. They have to start at the beginning of a line, as made
explicit in the "clearsign your public key" test case.
- Fix via upgrade to pgp-utils@
Bugfix:
- Fix a bug in clearsign dash-encoding
- Address keybase/keybase-issues#768
Bugfix:
- Fix incorrect dependencies, and loosen them up....
Bugfix:
- We broke the high-level interface, fix it. We need regtests too...
Features:
- Browserified release
- New interface to KeyManager.generate, you can provide primary and subkeys, each of which have nbits, expire_in and flags fields.
- Expose interior hash wrapper class
- Better API for burner
- Upgrade to ICS v1.7.1-c for refactored runtime
Documentation:
- Fixes for KeyManager.generate and burner.burn
Bugfixes:
- Fix bugs with 5-byte signature subpacket lengths
- Address keybase/keybase-issues#752
Features:
- Detached signature generation and verification.
Bugfixes:
- Slight change in the hiding interface to burn.
- Pass
expire_in
through toKeyManager.generate
- get_issuer_key_id looks in either signed or unsigned subpackets
- Address keybase/keybase-issues#304
Features:
- dirsign!
Features:
- Add an RSA hiding feature, to hide what the public key is. Also, blind the output ciphertext.
Bugfixes:
- iced-error is a dependency
- @terinjokes points out ICS is a real dep and not a devDep
Features:
- Expose nbits() on public keys
Bugfixes:
- Handle "critical" subpackets properly; address keybase/keybase-issues#682
Bugfixes:
- Strip out some profane debugging info (sorry)
- Allow unlocking of keys that were not actually locked.
Bugfixes:
- Handle v2 signatures, which are the same as v3 signatures. See the ancient RFC 1991 fore more details. This closes keybase/keybase-issues#572
Bugfixes:
- Fix has_pgp_private() --- it's good enough to have one private, don't need all of them....
Bugfixes:
- Better versions of fulfills_flags that take into account whether there's an available unlocked secret key to do it.
- Better handle a secret key export in which no primary key is exported, and no signing subkey is available (since typically, only the primary can sign).
- Able to write out partial secret keys in P3SKB mode (via reversing the GNU dummy extension).
Bugfixes:
- Better support for private key merging --- don't require an exact-key-for-key match, but rather, allow only some of the secret subkeys (and not the primary) to be merged. This addresses Keybase Issue #216
Bugfixes:
- Remove debugging code
Bugfixes:
- Upgrade to Triplesec v3.0.10 for SHA384 and SHA224 bugfix
Features:
- Upgrade to Triplesec v3.0.8 for SHA384
Bugfixes:
- Support slightly relaxed header parsing for clearsign messages; Can have spaces in the separator between Hash: and the text.
- MD5 is the default, so use that if nothing was specified.
- Don't crash on an unknown hash algorithm, raise an exception
- MD5 ASN headers included so that MD5 can work.
- Upgrade to [email protected]
Test cases
- Integrate some of OpenPGP.Js's test cases, included as a result of their audit.
Bugfixes:
- Key ID can be either in hashed or unhashed sig subpackets, so look for it in either place.
Bugfixes:
- compile for the below
Bugfixes:
- Do not crash on malformed signatures (with a null open or close key id)
No change, npm failure.
Nits:
- Better header comments
- Bump to v0.1.0, first minor release.
Bugfixes:
- Version lockdown in package.json
- Upgrade to [email protected] without test junk
Bugfixes:
- Fix broken firefox, which was caused by [email protected] w/ console.assert not being defined.
Bugfixes:
- Close #36 -- bzip2 support for inflation. Leave deflation out for now to save CPU...
Bugfixes:
- Fix bug in parsing EmbeddedSignature subpackets. Address keybase/keybase-issues#289
Bugfixes:
- Close #38 - Handle ElGamal encrypt and sign. Throw it away, don't puke
- Close keybase/keybase-issues#273 as well.
Bugfixes:
- Upgrade to [email protected] to address keybase/keybase-issues#269
Features:
- Figure out which keyid is primary
Bugfixes:
- Be a bit more liberal when compute key flags; infer for ElGamal and DSA. See keybase/keybase-issues#247
Bugfixes:
- Fix broken handling of NotationData signature subpacket See keybase/keybase-issues#133
Bugfixes:
- Address keybase/keybase-issues#219: upgrade to pgp-utils v0.0.15 which has more robust message decoding
Bugfixes:
- Close keybase/keybase-issues#196: better support for v3 signatures mixed in with v4 signatures in public key blocks.
Bugfixes:
- Close keybase/keybase-issues#133: Parse (and ignore) experimental subpackets.
- Support MD5 via triplesec v3.0.7 (see keybase/keybase-issues#111 for problem key)
Bugfixes:
- keybase/keybase-issues#194: verify version 3 signatures on upload of key proof.
Bugfixes:
- Get 8192-RSA keys works. Close keybase/keybase-issues#128
Bugfixes:
- Fix some bugs in exporting classes via main
- Change the signature type of self-signed key to
positive
rather thanissuer
- Fixes to key expirations in generated keys
Bugfixes:
- Address keybase/keybase-issues#101: loosen failure model on expired subkeys. Just warn and discard the key.
Bugfixes:
- Ignore signatures that are expired, don't fail to accept key, so long as there is a good signature. (closes keybase/keybase-issues#59, and keybase/keybase-issues#42)
- More tests for good and expired signatures within keys
Bugfixes:
- Finish support for v3 Signatures, and close #34
- Fix bug in Revocation Key sub packets (type=12), in which we weren't reading in any bytes of the signature.
- Upgrade to PGP-utils v0.0.15 to handle null email addresses in UserIds
Features
- Support signature type 0x1F ("signature directly on a key")
- Support signature type 0x28 ("Subkey revocation"). See keybase/keybase-issues#27
Bugifxes:
- Upgrade to pgp-utils v0.0.14 to close keybase/node-client#106
Bugfixes:
- Upgrade to triplesec v3.0.6 for windows IE 11 support
Bugfixes:
- Close keybase/keybase-issues#11 - Signatures certification revocations
Features:
- DSA and ElGamal support
Bugfixes:
- Fixed a bug with validating clearsign signatures, which was causing the crypto form on the site to barf on them, if they were generated from the CLI
Features:
- Inaugural Changelog!