Skip to content

Fix decryption support for non-standard, legacy AEAD-encrypted messages and keys that used experimentalGCM from OpenPGP.js v5#1811

Merged
larabr merged 3 commits intoopenpgpjs:mainfrom
larabr:v6-fix-legacy-aead-with-experimental-gcm
Nov 22, 2024
Merged

Fix decryption support for non-standard, legacy AEAD-encrypted messages and keys that used experimentalGCM from OpenPGP.js v5#1811
larabr merged 3 commits intoopenpgpjs:mainfrom
larabr:v6-fix-legacy-aead-with-experimental-gcm

Conversation

@larabr
Copy link
Collaborator

@larabr larabr commented Nov 21, 2024
edited
Loading

This change affects only keys or messages generated using features marked as "experimental" in OpenPGP.js v5.
Messages and keys encrypted with OpenPGP.js v6 are not affected since there was a bug that prevented using the experimentalGCM algo; the bug is also fixed in this MR, to e.g. allow decrypting existing entities.

See commits for details.

@larabr larabr force-pushed the v6-fix-legacy-aead-with-experimental-gcm branch from ec72798 to 8138f63 Compare November 21, 2024 10:43
twiss
twiss reviewed Nov 21, 2024
View reviewed changes
@larabr larabr force-pushed the v6-fix-legacy-aead-with-experimental-gcm branch from 8138f63 to 81958b2 Compare November 21, 2024 17:46
@larabr
TS: add gcm to enums.aead, mark non-standard experimentalGCM as…
bbdaad0 
… deprecated

`experimentalGCM` should not be used anymore,
as a different a different algorithm ID was standardized
for GCM, and using the experimental value could give
interoperability issues with e.g. SEIPDv2 and AEAD-encrypted keys.
@larabr
Fix decryption support for non-standard, legacy AEAD messages and key…
4d2d874 
…s that used `experimentalGCM`

This adds back support for decrypting password-protected messages which
were encrypted in OpenPGP.js v5 with custom config settings
`config.aeadProtect = true` together with
`config.preferredAEADAlgorithm = openpgp.enums.aead.experimentalGCM`.

Public-key-encrypted messages are affected if they were encrypted using the same config, while also providing `encryptionKeys` that declared `experimentalGCM` in their AEAD prefs.
Such keys could be generated in OpenPGP.js v5 by setting the aforementioned config values.
@larabr larabr force-pushed the v6-fix-legacy-aead-with-experimental-gcm branch from 81958b2 to 41e952e Compare November 22, 2024 09:15
@larabr larabr requested a review from twiss November 22, 2024 09:20
twiss
twiss approved these changes Nov 22, 2024
View reviewed changes
@larabr
Throw on encryption using non-standard experimentalGCM AEAD algo
6c3b028 
The `enums.aead.gcm` ID standardized by RFC9580 should be used instead.
@larabr larabr force-pushed the v6-fix-legacy-aead-with-experimental-gcm branch from 41e952e to 6c3b028 Compare November 22, 2024 13:29
@larabr larabr merged commit bf85dee into openpgpjs:main Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@twiss twiss twiss approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@larabr @twiss