Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Danny Hurlburt
    @dhurlburtusa
    @estelendur Also, did you find a good way to only import part of the library? I only need decryption functionality.
    Daniel Huigens
    @twiss
    @dhurlburtusa, @estelendur made a PR which we merged - did you try the latest release?
    Daniel Huigens
    @twiss
    @amiromayer Hi! You need to parse each key individually, first. Something like this:
    (async function() {
            const pubKey1 = (await openpgp.key.readArmored(alicePubKey)).keys[0];
            const pubKey2 = (await openpgp.key.readArmored(bobPubKey)).keys[0];
            const encrypted = await openpgp.encrypt({
                    message: openpgp.message.fromText('Hello, World!'),
                    publicKeys: [pubKey1, pubKey2]
            });
            console.log(encrypted);
    })();
    Amir Jumaniyazov
    @amiromayer
    @twiss Thanks, it helped
    nicolasmsg
    @nicolasmsg

    Hello,
    I'm trying to update openpgpjs from version 4.4.1 to 4.4.6.
    I am working on a react-native app, and I'm not able to bundle openpgpjs in my app anymore.
    Here is the error message I have :

    error: bundling failed: Error: Unable to resolve module `./aes.asm` from `/Users/<my-username>/<project-name>/node_modules/openpgp/dist/openpgp.js`: The module `./aes.asm` could not be found from `/Users/<my-username>/<project-name>/node_modules/openpgp/dist/openpgp.js`. Indeed, none of these files exist:
    
      * `/Users/<my-username>/<project-name>/node_modules/openpgp/dist/aes.asm(.native||.android.js|.native.js|.js|.android.json|.native.json|.json)`
      * `/Users/<my-username>/<project-name>/node_modules/openpgp/dist/aes.asm/index(.native||.android.js|.native.js|.js|.android.json|.native.json|.json)`
        at ModuleResolver.resolveDependency (/Users/<my-username>/<project-name>/node_modules/metro/src/node-haste/DependencyGraph/ModuleResolution.js:161:851)
        at ResolutionRequest.resolveDependency (/Users/<my-username>/<project-name>/node_modules/metro/src/node-haste/DependencyGraph/ResolutionRequest.js:91:16)
        at DependencyGraph.resolveDependency (/Users/<my-username>/<project-name>/node_modules/metro/src/node-haste/DependencyGraph.js:272:4579)
        at dependencies.map.relativePath (/Users/<my-username>/<project-name>/node_modules/metro/src/DeltaBundler/traverseDependencies.js:376:19)
        at Array.map (<anonymous>)
        at resolveDependencies (/Users/<my-username>/<project-name>/node_modules/metro/src/DeltaBundler/traverseDependencies.js:374:16)
        at /Users/<my-username>/<project-name>/node_modules/metro/src/DeltaBundler/traverseDependencies.js:212:33
        at Generator.next (<anonymous>)
        at step (/Users/<my-username>/<project-name>/node_modules/metro/src/DeltaBundler/traverseDependencies.js:297:313)
        at /Users/<my-username>/<project-name>/node_modules/metro/src/DeltaBundler/traverseDependencies.js:297:473

    do you have any idea ? thanks !

    Danny Hurlburt
    @dhurlburtusa
    @twiss Oop! How silly of me. I checked and I have a very old version (4.2.1). I'll update. Thanks.
    Danny Hurlburt
    @dhurlburtusa
    @twiss I am thinking of taking a stab at making openpgpjs modular in the sense that certain functionality, such as encryption and decryption, can be imported in such a way that only the code necessary is imported. Maybe an operation like decryption depends on 90% of the code base. I don't know. I was going to trace through the code to perform decryption and note all the code dependencies. Then from there I can see how much of the code base is needed for this operation and then determine how the code can be organized to only import the necessary code. Do you think this is feasible? The project I recently worked on had a 600% increase in size when I started using openpgpjs.
    Daniel Huigens
    @twiss

    Hey! Sorry for the late replies.

    @nicolasmsg Bundling openpgp.js into a larger file is not really supported at the moment. Even though we'd like to get it working in the future, at the moment it probably works best to include openpgp.js separately in a script tag in your html. That said, I'm not sure what changed or why it would stop working between 4.4.1 and 4.4.6. Are you sure that nothing else in your build system changed?

    @dhurlburtusa It basically depends on whether you want to be able to decrypt any PGP message, or just ones that you created yourself in a specific way. If the former, then yes you need 90% of the code, because the message could be compressed, or encrypted with any of the supported encryption modes, signed with any combination of hash and signature algos, etc etc. If the latter, you could maybe remove pako (the [de]compression library), seek-bzip, hash.js, elliptic, and some of the hash algos and encryption modes.
    If you scroll all the way up this thread, I replied to @estelendur with some pointers for how to do that.

    arsenal120496
    @arsenal120496
    sorry i'm newbie, i try to use PGP to encrypt and decrypt data and use this data to share with other one. I have a situation like this: "I have a pair of key which is generated by CAs ( i use Hyperledger Fabric CA). I want to use this key (Public key) to make a encrypted data ( maybe just public key generated by CA or both key by CA and RSA to encrypt)"
    Daniel Huigens
    @twiss
    Hi! There's no easy way to do that. The key pairs generated by CAs are different from and incompatible with PGP keys. If possible I'd suggest you use OpenPGP.js or GnuPG to generate a separate pair of PGP keys
    arsenal120496
    @arsenal120496
    PGP use RSA or ECC key to sign message and encrypt right ?
    Daniel Huigens
    @twiss
    Yes, they do
    arsenal120496
    @arsenal120496
    yeah thank you, i will try to find the way to apply CA to this. If you have any suggest, pls tell me <3 tks a lot
    Daniel Huigens
    @twiss
    PGP uses the same building blocks as TLS, but it uses them in a different way. Why do you want to use CA generated keys?
    arsenal120496
    @arsenal120496
    i have a project work with blockchain, i want to use Fabric CA to generate key which be signed and CA provide certificate for user (user identity). When they upload data to blockchain, they will use this key to upload and we will know who post and and may use this key to share infomation about data. Summary, user must be identity (who you are) and use the key which generated to share data ( data will be encrypt to private)
    Sorry my english is too bad, maybe u can't understand clearly what i said :(
    Daniel Huigens
    @twiss
    Yeah. I think you will need some other software to sign some data with the CA key. However, once you have that, you could sign a separate PGP key with the CA key, and use the PGP key to encrypt data
    arsenal120496
    @arsenal120496
    yeah i will try to find solution, if i have any question i will announce to you. Thanks for your support
    Matej Plavevski
    @MatejMecka
    Hi there! Was wondering, when generating a Key Pair is setting a password required?
    Also, are user id's required, because the application is with anonymity and users don't provide Emails or First Name / Last Names
    Thank you very much :)
    Daniel Huigens
    @twiss
    Hi @MatejMecka! No, setting a password is not required, if you don't, you'll receive a decrypted key instead of an encrypted key. Make sure you don't store it on disk or somewhere else where someone can steal it though! User ID is required, but you can use "Anonymous":
    await openpgp.generateKey({ userIds: [{name: 'Anonymous' }]);
    Alexander Nicholi‮
    @nicholatian
    Hello there. I’m about to make a quick PR to allow secure key server lookups to work with custom CAs, using the agent option in fetch(), as I need to use SKS’ custom CA for HKPS. The README said to give this place a heads-up, so I am, if there’s anything I need to be aware of I’ll be periodically monitoring this chat until I’m finished. Thank you
    Alexander Nicholi‮
    @nicholatian
    update: I’ve opened the PR, #899. openpgpjs/openpgpjs#899
    Daniel Huigens
    @twiss
    Hey :wave: Thanks for the heads up, unfortunately it was 6am in my timezone so I wasn't in time to give feedback before you made the PR :)
    Thomas Oberndörfer
    @toberndo
    Hey, I'm wondering what the best way would be to do signature verification with openpgp.decrypt if you don't have the sender address available. I have not measured performance impact of the key serialization when you sent a large amount of keys with the parameter publicKeys, but it feels wrong to send your complete public keyring with every call of openpgp.decrypt. The parameter publicKeys could be a callback where you get the keyids of the signatures and then you can provide the corresponding key objects. Or does streaming somehow help here?
    Daniel Huigens
    @twiss

    Hi @toberndo! Sorry for the late response. I think sending all the keys to the worker should not have a significant performance impact. There is one other issue with passing all keys, which is that https://github.com/openpgpjs/openpgpjs/blob/b035f2ea4638c4cb52b736ec5ec38181add38167/src/message.js#L640 currently checks that the key is valid before checking that the keyid matches, that should probably be the other way around, PR welcome if you want to go that route.

    Alternatively, you could call openpgp.decrypt with no public keys at all, and then call openpgp.verify with each of result.signatures[*].signature, the public key matching result.signatures[*].keyid, and openpgp.message.fromText/Binary(result.data)

    Ganesh Prasad Kumble
    @0zAND1z

    Hey! I want to use my existing ethereum public wallet address to encrypt a JSON file using the openpgpjs npm.

    Is there some word done already in this direction? If not, can someone offer me direction?

    Thanks in advance.

    Daniel Huigens
    @twiss
    Hi @0zAND1z! This might theoretically be possible but not with openpgp.js. It's also probably not advisable unless you really know what you're doing. Good luck!
    Ganesh Prasad Kumble
    @0zAND1z

    @twiss , thanks for the revert.

    BACKGROUND: Sharing a file directly on Ethereum has its own limitations and unintended consequences.

    Here's an experimentation I am working on:

    1. I want to allow existing ethereum users to sign and/or encrypt a file with another ethereum user by encrypting the file with the recipient's public key.
    2. Recipient can decrypt the data by applying the private key to obtain the shared file.
    Sam
    @schantaraud
    Hi, I'm having issues with openpgpjs not detecting that it's running in node.js when I run tests with Jest (and probably some other dependencies that inject some polyfills in global.window). Would you accept a PR that replaces detectNode's code (currently: return typeof window === 'undefined') with return typeof process === 'object' && typeof process.versions === 'object'; ? It doesn't seem to break any test, at least when I run them locally.
    Daniel Huigens
    @twiss
    Hi @schantaraud! Yeah, that sounds fine to me. From reading https://github.com/iliakan/detect-node, the only thing to look out for is that browserify might include a polyfill of process if you reference it. Have you run the browser tests to verify that it doesn't?
    Sam
    @schantaraud
    @twiss Yes, it looks good in both node and browser if I use global.process instead of process. I'll submit 2 PRs, 1 for OpenPGPjs and 1 (similar) for web-stream-tools
    Daniel Huigens
    @twiss
    Thanks! :+1: Do you need an npm release?
    Sam
    @schantaraud
    That would be great, as the dists are not in the repo :)
    Daniel Huigens
    @twiss
    Alrighty, done!
    Sam
    @schantaraud
    Thank you!
    Daniel Huigens
    @twiss
    @schantaraud Aaand another one ^.^
    Son Tran
    @tbson
    Hello, I'm trying to use openpgpjs in my Electron app. I just include .min.js file in index.html and then got error: Uncaught Error: Cannot find module 'stream' from this line const NodeReadableStream = isNode && require('stream').Readable;. Can anyone suggest how can I fix it?
    Ilya Chesnokov
    @chesnokovilya
    Hello, do you have updated node (v10 or v 12) installed in your system?
    Aaron Suarez
    @aaron-suarez

    Hi! I'm currently working on something that will upgrade my node dependency from openpgp 2.5.4 to openpgp 4.2.1

    I'm having trouble understanding how to use the new distribution file (openpgp.min.js) instead of the npm module. I would just keep using the npm module but browserify complains about it (see https://github.com/browserify/browserify/issues/1901). That issue goes away when I add the following to my package.json

      "browser": {
        "openpgp": "/node_modules/openpgp/dist/openpgp.min.js"
      }
    But then I get the error Error: module not found: "openpgp" from file /Users/../encrypt.js
    I'm using var openpgp = require('openpgp'); in that file
    I'm really confused by the documentation how to get this package from the npm module into my browserified project. Any tips would be appreciated :smile:
    Aaron Suarez
    @aaron-suarez
    After doing more research, it looks like I can use var openpgp = window.openpgp; instead and then perhaps pull in openpgp.min.js in my index.html
    Ilya Chesnokov
    @chesnokovilya
    Hi! In browserify you could mark openpgp as external, and then load it at runtime using relative path require('./relative/path/to/openpgp.min.js');
    Aaron Suarez
    @aaron-suarez
    Thank you! I think I may prefer to do this instead of pulling it into my html.
    Brian
    @brianhyder
    Hey all, first time working with pgp and the package. I'm encrypting a file using a vendor's public key. When I use the gpg cli to list the packets Im getting "packet (18) too short". My searches are coming up pretty empty. Would anyone have any guidance on where to start?
    "gpg
    Daniel Huigens
    @twiss
    That sounds like the message was truncated, or there was a bug somewhere. Could you post
    1) The script you're using to encrypt, and preferably also
    2) An example encrypted message that's giving this error?