-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathpgpHelper.ts
213 lines (177 loc) · 7.95 KB
/
pgpHelper.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
/*
* Copyright ©️ 2019 GaltProject Society Construction and Terraforming Company
* (Founded by [Nikolai Popeka](https://github.com/npopeka)
*
* Copyright ©️ 2019 Galt•Core Blockchain Company
* (Founded by [Nikolai Popeka](https://github.com/npopeka) by
* [Basic Agreement](ipfs/QmaCiXUmSrP16Gz8Jdzq6AJESY1EAANmmwha15uR3c1bsS)).
*/
import BN from 'bn.js';
import _ from 'lodash';
import openpgp from 'openpgp';
import forge from 'node-forge';
const {extend} = _;
// https://github.com/openpgpjs/openpgpjs/issues/1126
openpgp.config['allow_insecure_decryption_with_signing_keys'] = true;
const pgpHelper = {
async encrypt(privateKeys, publicKeys, text) {
const encryptOptions = {
message: openpgp.message.fromText(text), // input as Message object
publicKeys: publicKeys, // for encryption
privateKeys: privateKeys // for signing (optional)
};
const { data: encryptedData } = await openpgp.encrypt(encryptOptions);
return encryptedData;
},
async decrypt(privateKeys, publicKeys, encryptedText) {
const decryptOptions = {
message: await openpgp.message.readArmored(encryptedText), // parse armored message
publicKeys: publicKeys, // for verification (optional)
privateKeys: privateKeys // for decryption
};
const { data: decryptedData } = await openpgp.decrypt(decryptOptions);
return decryptedData;
},
async transformKey(masrshalIpfsKey, isPublic = false) {
const buffer = new (forge.util as any).ByteBuffer(masrshalIpfsKey);
const asn1 = forge.asn1.fromDer(buffer);
const packetList = new openpgp.packet.List();
const userIdPacket = new openpgp.packet.Userid();
userIdPacket.format();
packetList.push(userIdPacket);
const algorithm = openpgp.enums.publicKey.rsa_encrypt_sign;
const signaturePacket: any = new openpgp.packet.Signature(new Date());
signaturePacket.signatureType = openpgp.enums.signature.cert_generic;
signaturePacket.publicKeyAlgorithm = algorithm;
let pgpSecretKey;
const openpgpCrypto: any = openpgp.crypto;
const openpgpEnums: any = openpgp.enums;
const openpgpKey: any = openpgp.key;
if (isPublic) {
const publicKey = forge.pki.publicKeyFromAsn1(asn1);
['n', 'e'].forEach(field => {
publicKey[field] = new BN(publicKey[field].toString(10));
});
const algo = openpgpEnums.write(openpgpEnums.publicKey, openpgpEnums.publicKey.rsa_encrypt_sign);
const types = [].concat(openpgpCrypto.getPubKeyParamTypes(algo));//, openpgp.crypto.getPrivKeyParamTypes(algo)
const params = openpgpCrypto.constructParams(
types, [publicKey.n, publicKey.e, publicKey['d'], publicKey['p'], publicKey['q'], publicKey['u']]
);
const pgpPublicKey: any = new openpgp.packet.PublicKey();
pgpPublicKey.params = params;
pgpPublicKey.algorithm = algorithm;
packetList.push(pgpPublicKey);
signaturePacket.issuerKeyId = pgpPublicKey.getKeyId();
signaturePacket.hashAlgorithm = await openpgpKey.getPreferredHashAlgo(null, pgpPublicKey);
} else {
const privateKey: any = forge.pki.privateKeyFromAsn1(asn1);
['p', 'q', 'n', 'e', 'd'].forEach(field => {
privateKey[field] = new BN(privateKey[field].toString(10));
});
privateKey.u = privateKey.p.invm(privateKey.q);
const algo = openpgpEnums.write(openpgp.enums.publicKey, openpgp.enums.publicKey.rsa_encrypt_sign);
const types = [].concat(openpgpCrypto.getPubKeyParamTypes(algo), openpgpCrypto.getPrivKeyParamTypes(algo));
const params = openpgpCrypto.constructParams(
types, [privateKey.n, privateKey.e, privateKey.d, privateKey.p, privateKey.q, privateKey.u]
);
pgpSecretKey = new openpgp.packet.SecretKey();
pgpSecretKey.params = params;
pgpSecretKey.algorithm = algorithm;
packetList.push(pgpSecretKey);
signaturePacket.hashAlgorithm = await openpgpKey.getPreferredHashAlgo(null, pgpSecretKey);
signaturePacket.keyFlags = [openpgp.enums.keyFlags.certify_keys | openpgp.enums.keyFlags.sign_data];
pgpSecretKey.isDecrypted = (function () {
return true;
}).bind(pgpSecretKey);
}
const config: any = {};
signaturePacket.preferredSymmetricAlgorithms = createdPreferredAlgos([
// prefer aes256, aes128, then aes192 (no WebCrypto support: https://www.chromium.org/blink/webcrypto#TOC-AES-support)
openpgp.enums.symmetric.aes256,
openpgp.enums.symmetric.aes128,
openpgp.enums.symmetric.aes192,
openpgp.enums.symmetric.cast5,
openpgp.enums.symmetric.tripledes
], config.encryption_cipher);
if (config.aead_protect) {
signaturePacket.preferredAeadAlgorithms = createdPreferredAlgos([
openpgp.enums.aead.eax,
openpgp.enums.aead.ocb
], config.aead_mode);
}
signaturePacket.preferredHashAlgorithms = createdPreferredAlgos([
// prefer fast asm.js implementations (SHA-256). SHA-1 will not be secure much longer...move to bottom of list
openpgp.enums.hash.sha256,
openpgp.enums.hash.sha512,
openpgp.enums.hash.sha1
], config.prefer_hash_algorithm);
signaturePacket.preferredCompressionAlgorithms = createdPreferredAlgos([
openpgp.enums.compression.zlib,
openpgp.enums.compression.zip
], config.compression);
signaturePacket.isPrimaryUserID = true;
if (config.integrity_protect) {
signaturePacket.features = [0];
signaturePacket.features[0] |= openpgp.enums.features.modification_detection;
}
if (config.aead_protect) {
signaturePacket.features || (signaturePacket.features = [0]);
signaturePacket.features[0] |= openpgp.enums.features.aead;
}
if (config.v5_keys) {
signaturePacket.features || (signaturePacket.features = [0]);
signaturePacket.features[0] |= openpgp.enums.features.v5_keys;
}
if (pgpSecretKey) {
const dataToSign: any = {};
dataToSign.userId = userIdPacket;
dataToSign.key = pgpSecretKey;
await signaturePacket.sign(pgpSecretKey, dataToSign);
}
packetList.push(signaturePacket);
const resultKey = new openpgp.key.Key(packetList);
resultKey.getSigningKey = (function () {
return this;
}).bind(resultKey);
resultKey.getEncryptionKey = (function () {
return this;
}).bind(resultKey);
resultKey.getPrimaryUser = (async function () {
const primaryKey = this.keyPacket;
const dataToVerify = {userId: userIdPacket, key: primaryKey};
const selfCertification = await getLatestValidSignature(this.users[0].selfCertifications, primaryKey, openpgp.enums.signature.cert_generic, dataToVerify);
return extend(this.users[0], {selfCertification});
}).bind(resultKey);
resultKey.getKeys = (function() {
return [this];
}).bind(resultKey);
return resultKey;
}
};
function createdPreferredAlgos(algos, configAlgo) {
if (configAlgo) { // Not `uncompressed` / `plaintext`
const configIndex = algos.indexOf(configAlgo);
if (configIndex >= 1) { // If it is included and not in first place,
algos.splice(configIndex, 1); // remove it.
}
if (configIndex !== 0) { // If it was included and not in first place, or wasn't included,
algos.unshift(configAlgo); // add it to the front.
}
}
return algos;
}
async function getLatestValidSignature(signatures, primaryKey, signatureType, dataToVerify, date = new Date()) {
return signatures[0];
// let signature;
// for (let i = signatures.length - 1; i >= 0; i--) {
// if ((!signature || signatures[i].created >= signature.created) &&
// // check binding signature is not expired (ie, check for V4 expiration time)
// !signatures[i].isExpired(date) && (
// // check binding signature is verified
// signatures[i].verified || (await signatures[i].verify(primaryKey, signatureType, dataToVerify)))) {
// signature = signatures[i];
// }
// }
// return signature;
}
export default pgpHelper;