Conversation
|
looking great, finally :-) are we able to drop any functionality related to dropping weak algorithms? There should be settings on v5 to do this natively. |
|
@rrrooommmaaa how is this looking at this moment? |
I need to find a way to neatly wire the new library to the browser page, most of incompatibilities were resolved 2 months ago and unit tests are looking good. |
45c2d40 to
52d98cf
Compare
|
While waiting for openpgpjs/openpgpjs#1583 to be merged and published, looking at other issues |
| const possibleExpirations: number[] = []; | ||
| const primaryKeyExpiration = OpenPGPKey.getExpirationAsDateOrUndefined(await key.getExpirationTime())?.getTime(); | ||
| if (!encryptionKey || !signingKey) { | ||
| possibleExpirations.push( |
There was a problem hiding this comment.
I reworked this method to make use of getSigningKey and getEncryptionKey calls from OpenPGP.js instead of trying to replicate OpenPGP.js behaviour when selecting keys, but it turned out to be not so simple. Supplying date: null (meaning: ignore date) parameter instead of date: undefined (meaning: take current date) it is possible to find a (sub)key for singing/encryption, but it may not be the subkey we're looking for ( 1) the subkey may have created property after primary key's expiration is in the key was never usable unit test, 2) the subkey may tell us an incorrect expiration date, as there may be another subkey with later expiration that didn't show up because OpenPGP.js sorts subkeys by created property)
So, for already expired keys the following algo is implemented:
- create a list of all the subkey's expiration dates (prior to primary key's expiration)
(todo: we can make it faster by manually collecting expirations from signatures?) - call
getEncryptionKey/getSigningKeywith dates from the list in descending order until we get a usable key.
If a not-expired encryption key is returned for the current date, then we'll call getEncryptionKey with the expiration date of the found key to find a next valid key to figure out the final expiration date over all the subkeys.
What do you think, @tomholub ? Is this approach good?
There was a problem hiding this comment.
I think it's a reasonable compromise to do it they way you did. It still relies on original functionality in OpenPGP.js, and the guess-try approach is understandable in this situation. You should comment it as such, eg by adding a code comment with a link to our conversation here.
In the long term, we should decide if we really want to support this use case or not, and maybe we'll drop it. These days I'm leaning towards dropping it, but not just yet - first we'll ensure that all possible avenues of getting updated keys are working properly (eg we didn't connect keys.openpgp.org yet).
tomholub
left a comment
There was a problem hiding this comment.
delta review - looks good
I tested the extension in Firefox and it seems to setup and send/receive messages with attachments ok |
|
@rrrooommmaaa I tried to build extension with Should I change something to make it work? |
This PR switches to OpenPGP v5
close #3324
close #4904
Tests (delete all except exactly one):
To be filled by reviewers
I have reviewed that this PR... (tick whichever items you personally focused on during this review):