Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    sarvaratchagan
    @sarvaratchagan
    Hi All, Im using openpgpjs v5.x.x-x to encrypt and decrypt messages in react with webpack. it does not load the bundles and throws exception "Uncaught ReferenceError: require is not defined
    at eval (openpgp.min.mjs:369)". could you please help me to resolve this issue ??
    14 replies
    image.png
    sarvaratchagan
    @sarvaratchagan
    image.png
    Gilles Coremans
    @theOperand
    Hi, I'm trying to use this library but I get this error when calling readKey on an armored key:
    ReferenceError: TextDecoder is not defined
        at Object.decodeUTF8 (/app/node_modules/openpgp/src/util.js:220:21)
        at Ko.read (/app/node_modules/openpgp/src/packet/userid.js:78:25)
        at Ys (/app/node_modules/openpgp/src/packet/packetlist.js:82:28)
        at Ys (/app/node_modules/openpgp/src/packet/packet.js:282:13)
    Program sh start.sh exited with code 1
    I'm using Node 14.16.1
    Gilles Coremans
    @theOperand
    I was not using the Node version I thought I was, my bad.
    sallynmatty
    @sallynmatty
    hello
    Anyone who work for IOM? I have a systems admin sending email error/issue. I need help, don't know if its my attachments or length of message😊
    owocean
    @owocean:seapunk.xyz
    [m]
    hey yall, i was wondering if its possible to verify a signature without providing a public key to challenge it against
    like, just get the fingerprint of a signature
    Daniel Huigens
    @twiss
    Yes and no. If you don't care about security, and just want to do a "quick check", so to speak, it's theoretically possible, as the signature contains the first two bytes of a hash (of the message data concatenated with some metadata of the signature itself).
    However, two bytes of a hash is of course not enough to say that the data is correct, as it would be easily brute-forceable. Even if it was, you would have to trust the signature, as of course otherwise one could put anything in those two bytes. And if you have a trustworthy source for the signature, it would be better to just send a hash of the data.
    owocean
    @owocean:seapunk.xyz
    [m]
    I think there may have been a confusion here
    let verificationResult = await openpgp.verify({
            message: signedMessage,
            verificationKeys: publicKey
        });
    I'd like to call this function without verificationKeys
    is that possible?
    once the data is pulled from the signature, i can collect the fingerprint
    (i.e. my pgp fingerprint is 2F43AA515B1267B2D345D343132C9D90A96B64F6)
    then the user can manually check that fingerprint against the person who sent it
    twiss
    @twiss:matrix.org
    [m]
    You can extract the fingerprint and data from the signature, however, it is not possible to verify that the key corresponding to that fingerprint signed the data, without having the key
    owocean
    @owocean:seapunk.xyz
    [m]
    how can i extract the fingerprint then
    larabr
    @larabr
    @owocean Could you explain your use case better? Like Daniel says, anybody can create a signature such that the key fingerprint will match whatever is needed. You do need to pass the public key to verify that the signature was indeed signed by that key. This is what openpgp.verify is for.
    Right now, there is no easy way to extract the key fingerprint from a signature, since, for instance, it is not always included in the signature. You can extract the keyID, which corresponds to the lower 8 bytes of the fingerprint, by just doing signedMessage.getSigningKeyIDs(). But again, note that this has nothing to do with signature verification.
    owocean
    @owocean:seapunk.xyz
    [m]
    that answered my question pretty well
    thank you
    Christian Eichert
    @ecxod

    I tried today to make a small site to create a key pair by loading the <script src="https://unpkg.com/openpgp/dist/openpgp.min.js"> </script> in the head of the site and then the promise

    <html>
    <head>
    <script src="https://unpkg.com/openpgp/dist/openpgp.min.js"> </script> 
    </head>
    <body>
    <script>
    (async () => {
        const { privateKey, publicKey } = await openpgp.generateKey({
            type: 'rsa', // Type of the key
            rsaBits: 4096, // RSA key size (defaults to 4096 bits)
            userIDs: [{ name: 'Jon Smith', email: 'jon@example.com' }], // you can pass multiple user IDs
            passphrase: 'super long and hard to guess secret' // protects the private key
        });
        console.log(privateKey);  
        console.log(publicKey);  
        console.log(revocationCertificate);
    })();
    </script>
    </body>

    But I had no success ...
    Can someone help me to understand how this promise works?

    Christian Eichert
    @ecxod

    I forgot to tell the Error i get : ))

    Uncaught (in promise) ReferenceError: openpgp is not defined

    1 reply
    saulchristie
    @saulchristie
    Does anyone know when 5.0.0 will become available via cdnjs? Still on 4.10.10.
    Níko Escobar
    @NikoEscobar

    Hi everyone, does you guys how to extract a public and private key from a single file send by user?

    Do anyone know if it is possible? I'm trying to use the openpgp.readKey({ armoredKey: fileTextString }) but it keep saying misformed armored

    1 reply
    dbebber
    @dbebber

    Having some troubles trying to simply read a publickey, ver 5.0.0.
    this code in browser is generating. Tried several publickeys same result.

    const armoredKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----

    xjMEYWX0DBYJKwYBBAHaRw8BAQdABOIvRx0EByzFUazpov16Wq45MgcEXMYL
    +yjHh7/lT+HNJkRhcmNleSBEYWxlIEJlYmJlciA8REJFQkJFUkBHTUFJTC5D
    T00+wowEEBYKAB0FAmFl9AwECwkHCAMVCAoEFgACAQIZAQIbAwIeAQAhCRDr
    PiNpK7ZPeBYhBJPDPUKcInz0H5VB+us+I2krtk94iwMBAO+PQ4HdDtriEQ0a
    8wsLvwM655AnvGQN1NLdmuvnz318AQDbcWn1Ss8SIrfR0W48nu5ous6CZb/b
    rSxZLRPGSmInDs44BGFl9AwSCisGAQQBl1UBBQEBB0BWPnSBsiWSovJAk6HQ
    FMBTG+y+IU52pKHm3Ok8bZSwMwMBCAfCeAQYFggACQUCYWX0DAIbDAAhCRDr
    PiNpK7ZPeBYhBJPDPUKcInz0H5VB+us+I2krtk94ezsBAOCf7Fv3D5z7lxUW
    WkNCAeafpJP7P6PVq4CZYYtRGyZYAP9JaYESnagkNcLLByUwt3m9B93gQBrU
    5Lq0CjLGOgNeDw==
    =M3lr
    -----END PGP PUBLIC KEY BLOCK-----`;

    const publicKey = await readKey({ armoredKey});

    //ERROR
    openpgp.min.mjs:2 Uncaught (in promise) Error: Misformed armored text
    at openpgp.min.mjs:2

    dbebber
    @dbebber

    Using CDN for ver 5 in normal html file the below code works fine. Yet when npm'ed in a reactjs/webpack app it does not. I get "Misformed text at openpgp.min.mjs:2"

    const armoredKey = `-----BEGIN PGP PUBLIC KEY BLOCK-----

    xjMEYWX0DBYJKwYBBAHaRw8BAQdABOIvRx0EByzFUazpov16Wq45MgcEXMYL
    +yjHh7/lT+HNJkRhcmNleSBEYWxlIEJlYmJlciA8REJFQkJFUkBHTUFJTC5D
    T00+wowEEBYKAB0FAmFl9AwECwkHCAMVCAoEFgACAQIZAQIbAwIeAQAhCRDr
    PiNpK7ZPeBYhBJPDPUKcInz0H5VB+us+I2krtk94iwMBAO+PQ4HdDtriEQ0a
    8wsLvwM655AnvGQN1NLdmuvnz318AQDbcWn1Ss8SIrfR0W48nu5ous6CZb/b
    rSxZLRPGSmInDs44BGFl9AwSCisGAQQBl1UBBQEBB0BWPnSBsiWSovJAk6HQ
    FMBTG+y+IU52pKHm3Ok8bZSwMwMBCAfCeAQYFggACQUCYWX0DAIbDAAhCRDr
    PiNpK7ZPeBYhBJPDPUKcInz0H5VB+us+I2krtk94ezsBAOCf7Fv3D5z7lxUW
    WkNCAeafpJP7P6PVq4CZYYtRGyZYAP9JaYESnagkNcLLByUwt3m9B93gQBrU
    5Lq0CjLGOgNeDw==
    =M3lr
    -----END PGP PUBLIC KEY BLOCK-----`;

    const publicKey = await openpgp.readKey({ armoredKey});
    console.log(publicKey);

    Daniel Huigens
    @twiss
    Are you sure the indentation is the same in both files, i.e. there's no leading whitespace inside the key?
    dbebber
    @dbebber
    That was exactly it. I was storing the keys as string props and there was extra spaces. Thanks for getting back to me. Ver 5 in React works perfectly.
    Tabish Khan
    @Tabish13

    Hi everyone,
    I am facing issue in reading a private key which is having passphrase

     const privateKey = await openpgp.readPrivateKey({ armoredKey: keys.privateKey});
    
        console.log(privateKey);
        const privateKeyPass = await openpgp.decryptKey({
            privateKey: privateKey,
            passphrase
        });

    The error is : Key packet is already decrypted.

    1 reply
    also the readprivateKey packet is having isEncrypted: true
    dbebber
    @dbebber
    Are you sure keys.privateKey is an armored key?
    Tabish Khan
    @Tabish13
    yes the key is armored it works with java
    Cade Michael Lueker
    @CadeMichael

    i'm new to pgp so I'm trying to test out basic functionality (the end goal is to integrate into bare bones svelte messenger) and I can't seem to get anything working. I got keys to generate and log to console but I tried to add a basic encrypt / decrypt within the async lambda and I am getting a bunch of errors. I know I'm doing something very wrong but not too sure what it could be.

    (async () => {
        const { privateKey, publicKey } = await openpgp.generateKey({
            type: 'ecc', // Type of the key, defaults to ECC
            curve: 'curve25519', 
            userIDs: [{ name: 'Jon Smith', email: 'jon@example.com' }], 
            passphrase: 'super long and hard to guess secret', 
            format: 'armored' 
        });
    
        const encrypted = await openpgp.encrypt({
            message: await openpgp.createMessage({ text: 'Hello, World!' }), 
            encryptionKeys: publicKey
        });
        console.log(encrypted); 
    
        const message = await openpgp.readMessage({
            armoredMessage: encrypted 
        });
        const { data: decrypted } = await openpgp.decrypt({
            message,
            decryptionKeys: privateKey
        });
        console.log(decrypted); // 'Hello, World!'
    })();

    with the errors

    TypeError: Error encrypting message: e.getPrimaryUser is not a function
        at /Users/cadelueker/Desktop/Git/spider/node_modules/openpgp/dist/node/openpgp.min.js:2:311016
        at Array.map (<anonymous>)
        at No (/Users/cadelueker/Desktop/Git/spider/node_modules/openpgp/dist/node/openpgp.min.js:2:310974)
        at Object.exports.encrypt (/Users/cadelueker/Desktop/Git/spider/node_modules/openpgp/dist/node/openpgp.min.js:16:135074)
        at file:///Users/cadelueker/Desktop/Git/spider/src/routes/crypto.js:17:37
    
    Node.js v17.0.1
    5 replies
    breaker1
    @breaker1:matrix.org
    [m]

    Hello everyone. I'm working to use opengpgjs to do streaming file encryption and uploading for a web application I'm working on, but I can't seem to get things to work correctly.

    I have a page with a <file> element with id "singleFileInput". And my JS looks like this:

            document.getElementById('singleFileInput').addEventListener(
                'change',
                function(e) {
    
                    (async () => {
                        const file = e.target.files[0];
    
                        const message = await openpgp.createMessage({ binary: file.stream() });
                        const encrypted = await openpgp.encrypt({
                            message, // input as Message object
                            passwords: ['secret stuff'], // multiple passwords possible
                            format: 'binary' // don't ASCII armor (for Uint8Array output)
                        });
    
                        for await (const chunk of encrypted) {
                            console.log('new chunk:', chunk); // Uint8Array
                        }
                    })();
                }
            )

    When I select a file (any file) I get TypeError: encrypted is not iterable

    What have I done wrong here? I'm not sure what to try.

    2 replies
    breaker1
    @breaker1:matrix.org
    [m]
    twiss (Daniel Huigens) Thank you! That seems to have gotten me over that bump! On to solving the next problem!
    Daniel Huigens
    @twiss
    For streaming upload, you may also be interested in https://bugs.chromium.org/p/chromium/issues/detail?id=688906.. essentially, it's also not implemented, unfortunately. You may have to work around it using a WebSocket, or multiple requests, for example (which over HTTP2 might not be too expensive, but it's still unfortunate that you can't stream the request body of a single request)
    breaker1
    @breaker1:matrix.org
    [m]
    My plan (fingers crossed) is to just make multiple requests to an endpoint. This application will be using http2 so hopefilly you're right that it shouldn't be too expensive.
    The current application we have takes a whole unencrypted file at once and encrypts it on the server. So even if the multiple requests are expensive, they shouldn' be that expensive.
    breaker1
    @breaker1:matrix.org
    [m]
    I'm struggling due to my admittedly weak JS development skills. But, I'm trying to use web-stream-tools to increase the chunk size I'm getting to help reduce the overehead of requests for small chunks, but I keep getting Uncaught (in promise) ReferenceError: TransformStream is not defined when I call stream.transformPair. I know I'm doing something incorrectly here but I'm not entirely sure what.
    Additionally, the documentation links (e.g. https://openpgpjs.org/openpgpjs/) are returning 404s.
    Daniel Huigens
    @twiss

    To fix that error, you probably need to call

    await stream.loadStreamsPonyfill();

    However, to read a stream in chunks of a given size I think you don't really need that (nor transformPair), you can just do something like

          const reader = stream.getReader(encrypted);
          while (true) {
            const chunk = await reader.readBytes(10000);
            if (chunk === undefined) break;
            console.log('new chunk:', chunk);
          }

    And, ah, right. The documentation got moved to https://docs.openpgpjs.org/ (and https://openpgpjs.github.io/web-stream-tools/, for now, but it's also a bit out of date indeed), apologies. We'll update the links.

    breaker1
    @breaker1:matrix.org
    [m]

    I think I figured out my problem. Again, going back to my weak JS skills. I was blindly following the README for web-stream-tools without my brain engaged. I needed to

    npm install --save @openpgp/web-stream-tools

    and then

    import * as stream from '@openpgp/web-stream-tools';
    Also, that's great to know, not needing to transformPair(). That should drastically reduce the time I spend fumbling around in the dark trying to make this work.
    If it's OK, I'll make a PR to update the readme.
    Daniel Huigens
    @twiss
    That'd be great, thanks!
    breaker1
    @breaker1:matrix.org
    [m]
    twiss (Daniel Huigens) - Thank you for all your work, both on openpgpjs and helping me. I now have working proof-of-concept code for my app. I didn't think I'd be able to pull this off (again, insuffient JS skills), but now with your help I can continue building my project
    Daniel Huigens
    @twiss
    No worries! Great 😊