Proton
RSS ile abone olun

We have released version 3.0 of OpenPGPjs, an open source OpenPGP library

Proton Team

Bu sayfayı paylaşın

At Proton Mail, a big part of our mission is to make strong encryption and privacy accessible to every single person. While the Proton Mail and Proton VPN services go a long way towards doing that, we also allocate a lot of resources into the research and development of better cryptographic tools and processes. The goal of the OpenPGPjs project is to make public-key cryptography not only available to users, but also to the global developer community. Simply put, the widespread availability of open-source and secure cryptography libraries is a prerequisite of the privacy revolution. As maintainers of the OpenPGPjs project, this is our priority. You can learn more about OpenPGPjs here and here(yeni pencere).

Version 3 of OpenPGPjs also brings a number of enhancements that make it possible for Proton Mail to be fully interoperable with PGP, a new feature that is coming this Spring. Thus, improving OpenPGPjs also directly allows us to improve Proton Mail. Below is the full list of improvements that have been made for version 3.0 of the OpenPGPjs library. Proton Mail is committed to open source, and all the code for OpenPGPjs can be found on Github.(yeni pencere)

The support of the developer community is essential for the continued development of OpenPGPjs, and we welcome pull requests and comments.

OpenPGPjs 3.0 Release Notes

Public-Key Cryptography

  • Public-key cryptography using elliptic curves P-256, P-384, P-521, SECP-256k1, Curve25519, and Ed25519 is now supported. The implementation uses Fedor Indutny’s Elliptic(yeni pencere) library and utilizes native Node.js and browser APIs when possible. We recommend using ed25519 for security and efficiency.
  • To generate ECC keys, pass a `curve` parameter to the generateKey function; e.g., `curve=”ed25519”`.
  • In other public-key cryptography news: jsbn.js is dead, long live bn.js(yeni pencere)! All public-key algorithms and MPI handling functions have been refactored to use bn.js. In particular, new probabilistic random prime generation algorithms have been added to assist with RSA key generation. If you need RSA keys, for instance for compatibility purposes, we recommend at least a 2048-bit key size.
  • Generating and receiving wild card key ID(yeni pencere)s in public-key encrypted session key packets is now supported. A wild card key ID indicates that the receiving implementation should try all available private keys, checking whether each can be used to decrypt any session key, with an associated performance cost. To generate key packets with wild card key IDs, the `wildcard` option can be set to true in the encrypt and encryptSessionKey functions.
  • A new optional date input to the encrypt, decrypt, sign, and verify functions allows for performing operations in the context of that date. This can be helpful for hiding the true encryption/signature time of scheduled messages or for verifying signatures of old messages with currently expired public keys that may not have been expired at the time of receipt.

Breaking API Changes

  • The high-level decrypt function now accepts arrays of private keys, passwords, or session keys as input and attempts to decrypt session keys with all values. All possible decrypted session keys are then used to attempt to decrypt the message data. This is necessary because there is no way to a priori validate decrypted session keys from wild card key IDs or passwords if the algorithm enum happens to be valid, and this happens an appreciable fraction of the time (~1/20). The input variables privateKey, password, and sessionKey have been renamed to privateKeys, passwords, and sessionKeys
  • The decryptSessionKey function has been renamed to decryptSessionKeys and similarly accepts arrays of private keys and passwords as input.

Compression

  • Bzip2 compression and decompression using the compressjs(yeni pencere) library is now supported.
  • Zlib compression now uses pako(yeni pencere)’s zlib module or the native zlib(yeni pencere) module on Node.js when possible. This represents a significant performance increase in compression.
  • Compression can now be enabled by either altering the compression value in the config file or passing in a compression option to the high-level encrypt function.

Randomness

  • Fixed an issue where the random number buffer would get depleted when running many concurrent processes with web workers
  • It is now possible to specify the number of worker threads when initializing the web worker

Development

  • JavaScript style checking now uses ESLint. Run `grunt eslint` before submitting pull-requests.
  • Also before submitting pull requests, run `grunt browsertest` and open localhost:3000/test/unittests.html(yeni pencere) to test web worker compatibility.
  • The library has been refactored to use ES6 variable declaration syntax (const, let) and ES7 asynchronous code syntax (async, await). Babel ensures compatibility with older browsers.

Future Roadmap

  • Improve the performance of public-key operations via improving the bn.js library. See the benchmarks(yeni pencere).
  • Add support for streaming cryptography.
  • Add support for Brainpool elliptic curves.
  • Add support for the RFC4880 draft version 5, which include changes in the S2K function and specifications for supporting AEAD in V5 keys. This includes AES-EAX, an authenticated mode of operation for AES, as well as two new authenticated public key options: AEDH and AEDSA. See issue #627.

Sign up and get a free encrypted email (yeni pencere)accounts from Proton Mail.

We also provide a free VPN service(yeni pencere) to protect your privacy.

Proton Mail and Proton VPN are funded by the community. If you would like to support our efforts, you can upgrade to a paid plan. Your support allows us to continue to develop Proton Mail as free and open source software.

Proton ile gizliliğinizi koruyun
Ücretsiz hesap oluşturun

İlgili makaleler

A phone screen with a speech bubble with a phone number in it
en
Your email address and passwords aren't the only information hackers can use to scam you. Here's what someone can do with your phone number — and how to protect it.
A web application screen with an unlock icon in the bottom right corner
en
Your best defense against a data breach could be improving your web application security: Find out how Proton Pass can help.
Investigative journalist Vegas Tenold explains the gear he uses to protect his privacy and stay safe.
en
  • Gizlilik haberleri
How Vegas Tenold stays safe
Follow investigative journalist Vegas Tenold as he explains his gear and how it keeps him safe from surveillance as he works in the field.
Coinbase, the largest Bitcoin exchange in the US, suffered a data breach
en
  • Gizlilik haberleri
  • Proton Wallet
Coinbase hack reveals true cost of data collection
Coinbase employees sold sensitive personal information to attackers, including government IDs and BTC transaction history. Proton Wallet is built to avoid these risks.
Whistleblower's whistle. Journalists must use secure channels to communicate with whistleblowers.
en
  • Gizlilik yol göstericileri
How to communicate securely with whistleblowers
Whistleblowers risk everything to expose the truth. This guide helps journalists keep their sources safe using secure tools like Proton Mail, Signal, and SecureDrop.
An image showing a phone screen with a child icon and three icons with '17+' '8-12' and '3-5' to indicate age ratings
en
  • Gizlilik yol göstericileri
How to recognize bad design in apps for kids
Parents can help their children develop healthy screen habits by learning about dark design patterns — Proton investigates how