diff --git a/lang/js/BrowserTestExtension/tests/KeyImportExport.js b/lang/js/BrowserTestExtension/tests/KeyImportExport.js
index 33e6bd29..4a53c7a6 100644
--- a/lang/js/BrowserTestExtension/tests/KeyImportExport.js
+++ b/lang/js/BrowserTestExtension/tests/KeyImportExport.js
@@ -1,87 +1,112 @@
/* gpgme.js - Javascript integration for gpgme
* Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik
*
* This file is part of GPGME.
*
* GPGME is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* GPGME is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see .
* SPDX-License-Identifier: LGPL-2.1+
*
* Author(s):
* Maximilian Krambach
* Raimund Renkert
*/
-/* global describe, it, expect, Gpgmejs, ImportablePublicKey */
+/* global describe, it, expect, Gpgmejs, ImportablePublicKey, inputvalues */
describe('Key importing', function () {
it('Prepare test Key (deleting it from gnupg, if present)', function(done){
let prm = Gpgmejs.init();
prm.then(function (context) {
expect(context.Keyring.getKeys).to.be.a('function');
context.Keyring.getKeys(ImportablePublicKey.fingerprint).then(
function(result){
if (result.length === 1) {
result[0].delete().then(function(result){
expect(result).to.be.true;
done();
});
} else {
done();
}
});
});
});
it('importing, updating, then deleting public Key', function (done) {
//This test runs in one large step, to ensure the proper state of the
// key in all stages.
let prm = Gpgmejs.init();
prm.then(function (context) {
context.Keyring.getKeys(ImportablePublicKey.fingerprint).then(
function(result){
expect(result).to.be.an('array');
expect(result.length).to.equal(0);
context.Keyring.importKey(ImportablePublicKey.key, true)
.then(function(result){
expect(result.Keys[0]).to.not.be.undefined;
expect(result.Keys[0].key).to.be.an('object');
expect(result.Keys[0].key.fingerprint).to.equal(
ImportablePublicKey.fingerprint);
expect(result.Keys[0].status).to.equal('newkey');
context.Keyring.importKey(
ImportablePublicKey.keyChangedUserId,true)
.then(function(res){
expect(res.Keys[0]).to.not.be.undefined;
expect(res.Keys[0].key).to.be.an('object');
expect(res.Keys[0].key.fingerprint).to.equal(
ImportablePublicKey.fingerprint);
expect(res.Keys[0].status).to.equal(
'change');
expect(
res.Keys[0].changes.userId).to.be.true;
expect(
res.Keys[0].changes.subkey).to.be.false;
expect(
res.Keys[0].changes.signature).to.be.true;
res.Keys[0].key.delete().then(function(result){
expect(result).to.be.true;
done();
});
});
});
});
});
});
-
+ it('exporting armored Key with getKeysArmored', function (done) {
+ let prm = Gpgmejs.init();
+ const fpr = inputvalues.encrypt.good.fingerprint;
+ prm.then(function (context) {
+ context.Keyring.getKeysArmored(fpr).then(function(result){
+ expect(result).to.be.an('object');
+ expect(result.armored).to.be.a('string');
+ expect(result.secret_fprs).to.be.undefined;
+ done();
+ });
+ });
+ });
+ it('exporting armored Key (including secret fingerprints) with '
+ + 'getKeysArmored', function (done) {
+ let prm = Gpgmejs.init();
+ const fpr = inputvalues.encrypt.good.fingerprint;
+ prm.then(function (context) {
+ context.Keyring.getKeysArmored(fpr, true).then(function(result){
+ expect(result).to.be.an('object');
+ expect(result.armored).to.be.a('string');
+ expect(result.secret_fprs).to.be.an('array');
+ expect(result.secret_fprs[0]).to.equal(fpr);
+ done();
+ });
+ });
+ });
});
\ No newline at end of file
diff --git a/lang/js/src/Keyring.js b/lang/js/src/Keyring.js
index a0bdfcb2..7a33be98 100644
--- a/lang/js/src/Keyring.js
+++ b/lang/js/src/Keyring.js
@@ -1,382 +1,402 @@
/* gpgme.js - Javascript integration for gpgme
* Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik
*
* This file is part of GPGME.
*
* GPGME is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* GPGME is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see .
* SPDX-License-Identifier: LGPL-2.1+
*
* Author(s):
* Maximilian Krambach
*/
import {createMessage} from './Message';
import {createKey} from './Key';
import { isFingerprint } from './Helpers';
import { gpgme_error } from './Errors';
/**
* This class offers access to the gnupg keyring
*/
export class GPGME_Keyring {
constructor(){
}
/**
* Queries Keys (all Keys or a subset) from gnupg.
*
* @param {String | Array} pattern (optional) A pattern to search
* for in userIds or KeyIds.
* @param {Boolean} prepare_sync (optional) if set to true, the 'hasSecret'
* and 'armored' properties will be fetched for the Keys as well. These
* require additional calls to gnupg, resulting in a performance hungry
* operation. Calling them here enables direct, synchronous use of these
* properties for all keys, without having to resort to a refresh() first.
* @param {Boolean} search (optional) retrieve Keys from external servers
* with the method(s) defined in gnupg (e.g. WKD/HKP lookup)
* @returns {Promise.|GPGME_Error>}
* @static
* @async
*/
getKeys(pattern, prepare_sync=false, search=false){
return new Promise(function(resolve, reject) {
let msg = createMessage('keylist');
if (pattern !== undefined){
msg.setParameter('keys', pattern);
}
msg.setParameter('sigs', true);
if (search === true){
msg.setParameter('locate', true);
}
msg.post().then(function(result){
let resultset = [];
if (result.keys.length === 0){
resolve([]);
} else {
let secondrequest;
if (prepare_sync === true) {
secondrequest = function() {
msg.setParameter('secret', true);
return msg.post();
};
} else {
secondrequest = function() {
return Promise.resolve(true);
};
}
secondrequest().then(function(answer) {
for (let i=0; i < result.keys.length; i++){
if (prepare_sync === true){
result.keys[i].hasSecret = false;
if (answer && answer.keys) {
for (let j=0; j < answer.keys.length; j++ ){
if (result.keys[i].fingerprint ===
answer.keys[j].fingerprint
) {
if (answer.keys[j].secret === true){
result.keys[i].hasSecret = true;
}
break;
}
}
// TODO getArmor() to be used in sync
}
}
let k = createKey(result.keys[i].fingerprint);
k.setKeyData(result.keys[i]);
resultset.push(k);
}
resolve(resultset);
}, function(error){
reject(error);
});
}
});
});
}
+ /**
+ * @typedef {Object} exportResult The result of a getKeysArmored operation.
+ * @property {String} armored The public Key(s) as armored block. Note that
+ * the result is one armored block, and not a block per key.
+ * @property {Array} secret_fprs (optional) list of fingerprints
+ * for those Keys that also have a secret Key available in gnupg. The
+ * secret key will not be exported, but the fingerprint can be used in
+ * operations needing a secret key.
+ */
+
/**
* Fetches the armored public Key blocks for all Keys matching the pattern
- * (if no pattern is given, fetches all keys known to gnupg). Note that the
- * result may be one big armored block, instead of several smaller armored
- * blocks
+ * (if no pattern is given, fetches all keys known to gnupg).
* @param {String|Array} pattern (optional) The Pattern to search
* for
- * @returns {Promise} Armored Key blocks
+ * @param {Boolean} with_secret_fpr (optional) also return a list of
+ * fingerprints for the keys that have a secret key available
+ * @returns {Promise} Object containing the
+ * armored Key(s) and additional information.
* @static
* @async
*/
- getKeysArmored(pattern) {
+ getKeysArmored(pattern, with_secret_fpr) {
return new Promise(function(resolve, reject) {
let msg = createMessage('export');
msg.setParameter('armor', true);
+ if (with_secret_fpr === true) {
+ msg.setParameter('with-sec-fprs', true);
+ }
if (pattern !== undefined){
msg.setParameter('keys', pattern);
}
- msg.post().then(function(result){
- resolve(result.data);
+ msg.post().then(function(answer){
+ const result = {armored: answer.data};
+ if (with_secret_fpr === true
+ && answer.hasOwnProperty('sec-fprs')
+ ) {
+ result.secret_fprs = answer['sec-fprs'];
+ }
+ resolve(result);
}, function(error){
reject(error);
});
});
}
/**
* Returns the Key used by default in gnupg.
* (a.k.a. 'primary Key or 'main key').
* It looks up the gpg configuration if set, or the first key that contains
* a secret key.
*
* @returns {Promise}
* @async
* @static
*/
getDefaultKey() {
let me = this;
return new Promise(function(resolve, reject){
let msg = createMessage('config_opt');
msg.setParameter('component', 'gpg');
msg.setParameter('option', 'default-key');
msg.post().then(function(response){
if (response.value !== undefined
&& response.value.hasOwnProperty('string')
&& typeof(response.value.string) === 'string'
){
me.getKeys(response.value.string,true).then(function(keys){
if(keys.length === 1){
resolve(keys[0]);
} else {
reject(gpgme_error('KEY_NO_DEFAULT'));
}
}, function(error){
reject(error);
});
} else {
// TODO: this is overly 'expensive' in communication
// and probably performance, too
me.getKeys(null,true).then(function(keys){
for (let i=0; i < keys.length; i++){
if (keys[i].get('hasSecret') === true){
resolve(keys[i]);
break;
}
if (i === keys.length -1){
reject(gpgme_error('KEY_NO_DEFAULT'));
}
}
}, function(error){
reject(error);
});
}
}, function(error){
reject(error);
});
});
}
/**
* @typedef {Object} importResult The result of a Key update
* @property {Object} summary Numerical summary of the result. See the
* feedbackValues variable for available Keys values and the gnupg
* documentation.
* https://www.gnupg.org/documentation/manuals/gpgme/Importing-Keys.html
* for details on their meaning.
* @property {Array} Keys Array of Object containing
* GPGME_Keys with additional import information
*
*/
/**
* @typedef {Object} importedKeyResult
* @property {GPGME_Key} key The resulting key
* @property {String} status:
* 'nochange' if the Key was not changed,
* 'newkey' if the Key was imported in gpg, and did not exist previously,
* 'change' if the key existed, but details were updated. For details,
* Key.changes is available.
* @property {Boolean} changes.userId Changes in userIds
* @property {Boolean} changes.signature Changes in signatures
* @property {Boolean} changes.subkey Changes in subkeys
*/
/**
* Import an armored Key block into gnupg. Note that this currently will
* not succeed on private Key blocks.
* @param {String} armored Armored Key block of the Key(s) to be imported
* into gnupg
* @param {Boolean} prepare_sync prepare the keys for synched use
* (see {@link getKeys}).
* @returns {Promise} A summary and Keys considered.
* @async
* @static
*/
importKey(armored, prepare_sync) {
let feedbackValues = ['considered', 'no_user_id', 'imported',
'imported_rsa', 'unchanged', 'new_user_ids', 'new_sub_keys',
'new_signatures', 'new_revocations', 'secret_read',
'secret_imported', 'secret_unchanged', 'skipped_new_keys',
'not_imported', 'skipped_v3_keys'];
if (!armored || typeof(armored) !== 'string'){
return Promise.reject(gpgme_error('PARAM_WRONG'));
}
let me = this;
return new Promise(function(resolve, reject){
let msg = createMessage('import');
msg.setParameter('data', armored);
msg.post().then(function(response){
let infos = {};
let fprs = [];
for (let res=0; res}
* @async
* @static
*/
deleteKey(fingerprint){
if (isFingerprint(fingerprint) === true) {
let key = createKey(fingerprint);
return key.delete();
} else {
return Promise.reject(gpgme_error('KEY_INVALID'));
}
}
/**
* Generates a new Key pair directly in gpg, and returns a GPGME_Key
* representing that Key. Please note that due to security concerns, secret
* Keys can not be deleted or exported from inside gpgme.js.
*
* @param {String} userId The user Id, e.g. 'Foo Bar '
* @param {String} algo (optional) algorithm (and optionally key size) to
* be used. See {@link supportedKeyAlgos} below for supported values.
* @param {Date} expires (optional) Expiration date. If not set, expiration
* will be set to 'never'
*
* @return {Promise}
* @async
*/
generateKey(userId, algo = 'default', expires){
if (
typeof(userId) !== 'string' ||
supportedKeyAlgos.indexOf(algo) < 0 ||
(expires && !(expires instanceof Date))
){
return Promise.reject(gpgme_error('PARAM_WRONG'));
}
let me = this;
return new Promise(function(resolve, reject){
let msg = createMessage('createkey');
msg.setParameter('userid', userId);
msg.setParameter('algo', algo );
if (expires){
msg.setParameter('expires',
Math.floor(expires.valueOf()/1000));
}
msg.post().then(function(response){
me.getKeys(response.fingerprint, true).then(
// TODO make prepare_sync (second parameter) optional here.
function(result){
resolve(result);
}, function(error){
reject(error);
});
}, function(error) {
reject(error);
});
});
}
}
/**
* List of algorithms supported for key generation. Please refer to the gnupg
* documentation for details
*/
const supportedKeyAlgos = [
'default',
'rsa', 'rsa2048', 'rsa3072', 'rsa4096',
'dsa', 'dsa2048', 'dsa3072', 'dsa4096',
'elg', 'elg2048', 'elg3072', 'elg4096',
'ed25519',
'cv25519',
'brainpoolP256r1', 'brainpoolP384r1', 'brainpoolP512r1',
'NIST P-256', 'NIST P-384', 'NIST P-521'
];
\ No newline at end of file
diff --git a/lang/js/src/permittedOperations.js b/lang/js/src/permittedOperations.js
index 0b9c891f..b5e91579 100644
--- a/lang/js/src/permittedOperations.js
+++ b/lang/js/src/permittedOperations.js
@@ -1,399 +1,399 @@
/* gpgme.js - Javascript integration for gpgme
* Copyright (C) 2018 Bundesamt für Sicherheit in der Informationstechnik
*
* This file is part of GPGME.
*
* GPGME is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* GPGME is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see .
* SPDX-License-Identifier: LGPL-2.1+
*
* Author(s):
* Maximilian Krambach
*/
/**
* @typedef {Object} messageProperty
* A message Property is defined by it's key.
* @property {Array} allowed Array of allowed types.
* Currently accepted values are 'number', 'string', 'boolean'.
* @property {Boolean} array_allowed If the value can be an array of types
* defined in allowed
* @property {} allowed_data (optional) restricts to the given values
*/
/**
* Definition of the possible interactions with gpgme-json.
* @param {Object} operation Each operation is named by a key and contains
* the following properties:
* @property {messageProperty} required An object with all required parameters
* @property {messageProperty} optional An object with all optional parameters
* @property {Boolean} pinentry (optional) If true, a password dialog is
* expected, thus a connection tuimeout is not advisable
* @property {Object} answer The definition on what to expect as answer, if the
* answer is not an error
* @property {Array} answer.type the type(s) as reported by gpgme-json.
* @property {Object} answer.data key-value combinations of expected properties
* of an answer and their type ('boolean', 'string', object)
@const
*/
export const permittedOperations = {
encrypt: {
pinentry: true, //TODO only with signing_keys
required: {
'keys': {
allowed: ['string'],
array_allowed: true
},
'data': {
allowed: ['string']
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'signing_keys': {
allowed: ['string'],
array_allowed: true
},
'base64': {
allowed: ['boolean']
},
'mime': {
allowed: ['boolean']
},
'armor': {
allowed: ['boolean']
},
'always-trust': {
allowed: ['boolean']
},
'no-encrypt-to': {
allowed: ['string'],
array_allowed: true
},
'no-compress': {
allowed: ['boolean']
},
'throw-keyids': {
allowed: ['boolean']
},
'want-address': {
allowed: ['boolean']
},
'wrap': {
allowed: ['boolean']
}
},
answer: {
type: ['ciphertext'],
data: {
'data': 'string',
'base64':'boolean'
}
}
},
decrypt: {
pinentry: true,
required: {
'data': {
allowed: ['string']
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'base64': {
allowed: ['boolean']
}
},
answer: {
type: ['plaintext'],
data: {
'data': 'string',
'base64': 'boolean',
'mime': 'boolean',
'signatures': 'object'
}
}
},
sign: {
pinentry: true,
required: {
'data': {
allowed: ['string']},
'keys': {
allowed: ['string'],
array_allowed: true
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'sender': {
allowed: ['string'],
},
'mode': {
allowed: ['string'],
allowed_data: ['detached', 'clearsign']
// TODO 'opaque' is not used, but available on native app
},
'base64': {
allowed: ['boolean']
},
'armor': {
allowed: ['boolean']
},
},
answer: {
type: ['signature', 'ciphertext'],
data: {
'data': 'string',
'base64':'boolean'
}
}
},
// note: For the meaning of the optional keylist flags, refer to
// https://www.gnupg.org/documentation/manuals/gpgme/Key-Listing-Mode.html
keylist:{
required: {},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'secret': {
allowed: ['boolean']
},
'extern': {
allowed: ['boolean']
},
'local':{
allowed: ['boolean']
},
'locate': {
allowed: ['boolean']
},
'sigs':{
allowed: ['boolean']
},
'notations':{
allowed: ['boolean']
},
'tofu': {
allowed: ['boolean']
},
'ephemeral': {
allowed: ['boolean']
},
'validate': {
allowed: ['boolean']
},
'keys': {
allowed: ['string'],
array_allowed: true
}
},
answer: {
type: ['keys'],
data: {
'base64': 'boolean',
'keys': 'object'
}
}
},
export: {
required: {},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'keys': {
allowed: ['string'],
array_allowed: true
},
'armor': {
allowed: ['boolean']
},
'extern': {
allowed: ['boolean']
},
'minimal': {
allowed: ['boolean']
},
'raw': {
allowed: ['boolean']
},
- 'pkcs12':{
+ 'pkcs12': {
+ allowed: ['boolean']
+ },
+ 'with-sec-fprs': {
allowed: ['boolean']
}
// secret: not yet implemented
},
answer: {
type: ['keys'],
data: {
'data': 'string',
- 'base64': 'boolean'
+ 'base64': 'boolean',
+ 'sec-fprs': 'object'
}
}
},
import: {
required: {
'data': {
allowed: ['string']
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'base64': {
allowed: ['boolean']
},
},
answer: {
type: [],
data: {
'result': 'object'
}
}
},
delete: {
pinentry: true,
required:{
'key': {
allowed: ['string']
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
- // 'secret': { not implemented
- // allowed: ['boolean']
- // }
-
},
answer: {
data: {
'success': 'boolean'
}
}
},
version: {
required: {},
optional: {},
answer: {
type: [''],
data: {
'gpgme': 'string',
'info': 'object'
}
}
},
createkey: {
pinentry: true,
required: {
userid: {
allowed: ['string']
}
},
optional: {
algo: {
allowed: ['string']
},
expires: {
allowed: ['number'],
}
},
answer: {
type: [''],
data: {'fingerprint': 'string'}
}
},
verify: {
required: {
data: {
allowed: ['string']
}
},
optional: {
'protocol': {
allowed: ['string'],
allowed_data: ['cms', 'openpgp']
},
'signature': {
allowed: ['string']
},
'base64':{
allowed: ['boolean']
}
},
answer: {
type: ['plaintext'],
data:{
data: 'string',
base64:'boolean',
info: 'object'
// file_name: Optional string of the plaintext file name.
// is_mime: Boolean if the messages claims it is MIME.
// signatures: Array of signatures
}
}
},
config_opt: {
required: {
'component':{
allowed: ['string'],
// allowed_data: ['gpg'] // TODO check all available
},
'option': {
allowed: ['string'],
// allowed_data: ['default-key'] // TODO check all available
}
},
optional: {},
answer: {
type: [],
data: {
option: 'object'
}
}
}
/**
* TBD handling of secrets
* TBD key modification?
*/
};