Skip to content

[v6] Determine signature hash prefs based on recipient keys instead of signing key#1802

Merged
larabr merged 2 commits intoopenpgpjs:v6from
larabr:v6-signature-hash-prefs-from-recipient-keys
Oct 30, 2024
Merged

[v6] Determine signature hash prefs based on recipient keys instead of signing key#1802
larabr merged 2 commits intoopenpgpjs:v6from
larabr:v6-signature-hash-prefs-from-recipient-keys

Conversation

@larabr
Copy link
Collaborator

@larabr larabr commented Oct 30, 2024

Changes:

  • The signature will be generated using the preferred hash algo from the recipient keys:

    • in openpgp.encrypt, when passing signingKeys, the encryptionKeys are treated as recipient keys
    • in openpgp.sign, a recipientKeys option has been added

    If no recipient keys are available, the signing key preferences are used (this was also the existing behavior).

  • The hash algo selection logic has been reworked as follows:
    if config.preferredHashAlgo appears in the prefs of all recipients, we pick it;
    otherwise, we use the strongest supported algo (note: SHA256 is always implicitly supported by all keys), as long as it is compatible with the signing key (e.g. ECC keys require minimum digest sizes).
    With this change, config.preferredHashAlgo is picked even if it's weaker than the preferences of the recipient keys.

Previously, only the preferences of the signing key were used to determine the hash algo to use, but this is in contrast to the RFC: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.16-2 .
Also, an algo stronger than config.preferredHashAlgo would be used, if the signing key declared it as first preference.

@larabr larabr requested a review from twiss October 30, 2024 11:36
twiss
twiss reviewed Oct 30, 2024
View reviewed changes
larabr added 2 commits October 30, 2024 19:06
@larabr
openpgp.encrypt: use encryptionKeys to determine preferred hash a…
d3e75de 
…lgo when signing

In `openpgp.sign`, the signing key preferences are considered instead,
since no "recipient keys" are available.

The hash algo selection logic has been reworked as follows:
if `config.preferredHashAlgo` appears in the prefs of all recipients, we pick it;
otherwise, we use the strongest supported algo (note: SHA256 is always implicitly supported by all keys),
as long as it is compatible with the signing key (e.g. ECC keys require minimum digest sizes).

Previously, only the preferences of the signing key were used to determine the hash algo to use,
but this is in contrast to the RFC: https://www.rfc-editor.org/rfc/rfc9580.html#section-5.2.3.16-2 .
Also, an algo stronger than `config.preferredHashAlgo` would be used, if the signing key
declared it as first preference.

With this change, `config.preferredHashAlgo` is picked even if it's weaker than the
preferences of the recipient keys.
@larabr
openpgp.sign: add recipientKeys option to get the signing prefs from
f9a3e54 
If given, the signature will be generated using the preferred hash algo from the recipient keys.
Otherwise, the signing key preferences are used (this was also the existing behavior).

Note: when signing through `openpgp.encrypt`, the `encryptionKeys` are automatically used as recipient keys.
@larabr larabr force-pushed the v6-signature-hash-prefs-from-recipient-keys branch from 59e6d1b to f9a3e54 Compare October 30, 2024 18:07
@larabr larabr requested a review from twiss October 30, 2024 18:27
@larabr larabr merged commit fb72ea4 into openpgpjs:v6 Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@twiss twiss twiss approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@larabr @twiss