v5.11.3: - Security Patch

Compare Source

• Address CVE-2025-47934 (Message signature verification could be spoofed)

v5.11.2

Compare Source

What's Changed

• openpgp.verify: fix bug preventing verification of detached signatures over streamed data (#​1762)

Full Changelog: openpgpjs/openpgpjs@v5.11.1...v5.11.2

v5.11.1

Compare Source

What's Changed

• Patch for Node v18.19.1+, 20.11.1+ and 21.6.2+: use JS fallback code for RSA decryption on Node when PKCS#1 is not supported (see #​1728).

Full Changelog: openpgpjs/openpgpjs@v5.11.0...v5.11.1

v5.11.0

Compare Source

What's Changed

• crypto-refresh: minor fixes and updates for X25519/Ed25519 (new format) (#​1687)
  • Introduce enums.publicKey.eddsaLegacy, set to replace enums.publicKey.eddsa in v6
  • Introduce enums.curve.ed25519Legacy and .curve25519Legacy, set to replace enums.curve.ed25519 and .curve25519 in v6
• Fix stream closure when using Node's stream.pipeline (#​1691)
• Fix binding signature generation using shorter hash than expected for some ECDSA subkeys
• Always use NodeCrypto over WebCrypto in Node 20 (#​1692)
• TS: Allow nullable date in VerifyOptions (#​1644)

Full Changelog: openpgpjs/openpgpjs@v5.10.2...v5.11.0

v5.10.2

Compare Source

What's Changed

• Fix CFB decryption performance in JS fallback for ciphers other than AES (#​1679)
• Minor: fix packet validity check for new curve25519 keys without key flags

Full Changelog: openpgpjs/openpgpjs@v5.10.1...v5.10.2

v5.10.1

Compare Source

Reject cleartext messages with extraneous data preceeding hash, addressing: GHSA-ch3c-v47x-4pgp.

v5.10.0

Compare Source

• crypto-refresh: add support for new Ed25519/X25519 keys, signatures and messages (#​1620)
• Support parsing encrypted key with unknown s2k types or cipher algos (#​1658)
• Fix forward compatibility of keys, SKESKs, and detached/cleartext signatures and ECDH (#​1656)

This release does not include any breaking changes.

Full Changelog: openpgpjs/openpgpjs@v5.9.0...v5.10.0

v5.9.0

Compare Source

• Add support for verifying User Attributes in verifyAllUsers (#​1637)
• Allow email addresses with trailing numbers in domain (#​1642)
  
• TS: add declaration for verify with CleartextMessage input (#​1640)
• Add revoke to Subkey in type definition (#​1639)

v5.8.0

Compare Source

• Add additionalAllowedPackets config option, to allow parsing packets that are not usually expected/allowed in a given context (#​1618)
• Fix shorthand check on user revoked status in getPrimaryUser method (#​1623)
• Run Sequoia's OpenPGP interoperability test suite in CI, to catch interoperability regressions (#​1603)

v5.7.0

Compare Source

• Add support for creating critical signature subpackets (#​1599)
  • Most subpackets are now assigned a criticality based on whether failing to interpret their meaning would negatively impact security.
  • If subpackets that are now marked as critical (such as signature creation date, issuer Key ID, key expiration time if set, etc.) are not supported by another OpenPGP implementation, it will now be considered invalid by the implementation rather than ignored. However, since these subpackets are fundamental to the functioning of OpenPGP, they should indeed never be ignored. If an implementation doesn't support them, please upgrade or report it to the relevant implementation as well as or instead of here.
  • For Notation Data subpackets, the caller can now set their criticality using the signatureNotations[*].critical property. When set to critical, if the OpenPGP implementation reading the signature doesn't understand their meaning, they will be rejected rather than ignored. This is useful if the notation is indeed critical (:slightly_smiling_face:) to the functioning of the signature or the key that contains it.
• Remove default known notations (#​1600)
  • Since OpenPGP.js doesn't interpret any notations, we shouldn't consider any of them "known" by default. Rather, we let the calling application indicate the known notations, and it is then responsible for handling them.
  • Specifically, signatures with a critical notation named "preferred-email-encoding@pgp.com" or "pka-address@gnupg.org" will now be rejected by default. We believe that these are not common "in the wild", but if you encounter them, you can add them to the config.knownNotations array, or (preferably) pass a knownNotations array in the config property when verifying a signature, and then handle the preference indicated by the notation data afterwards by inspecting the signaturePacket.notations or rawNotations property.
• TypeScript: added selfCertification property to the PrimaryUser interface definition (#​1594)
• Docs: mark global generateSessionKeys's encryptionKeys parameter as optional (#​1596)
• CI: Update browser targets (#​1549)
• Update ESLint and other minor dependencies; clean up linting rules (#​1602)

v5.6.0

Compare Source

• Allow use of Brainpool curves by default (#​1563)
  • These curves were added back to the crypto refresh of the OpenPGP standard, so we allow them by default again, but please note that their implementation is not constant-time (#​720), so their use is still discouraged in favor of Curve25519.
• Add revoke method to User (#​1584)
• Add support for creating Notation Data subpackets when signing or encrypting messages (#​1598)
• Add RawNotations Type to type definitions (#​1571)
• Adding missing functions in SubKey class type definition (#​1588)
• TypeScript: fix signature of armor function (#​1576, #​1585)
• TypeScript: fix SymEncryptedSessionKeyPacket type name (#​1583)
• Docs: add typescript setup notice (#​1586)
• Docs: clarify Key.clone() behaviour (#​1589)
• CI: move away from Node.js v12 (#​1568)
• Remove internal, unused RandomBuffer (#​1593)

v5.5.0

Compare Source

• Remove leading newline from clearsigned messages armoring (#​1560)
• Ignore improperly formatted armor headers (#​1557)
• Leave unhashed subpackets as-is when re-serializing signatures (#​1561)
• Hash all signature subpackets (#​1562)
• printDebug: add label to identify source of the log (#​1555)

v5.4.0

Compare Source

• Fix CleartextMessage signature generation over text with trailing whitespace and \r\n line endings (#​1548)
• Throw in encryptSessionKey if no keys or passwords are provided (#​1547)
• TypeScript: add missing allowInsecureVerificationWithReformattedKeys field to Config (#​1551)

v5.3.1

Compare Source

• Fix error handling when parsing malformed armor (#​1541)
• Add support for Node.js 18 (#​1542)

v5.3.0

Compare Source

• Throw on empty passphrase in encryptKey and SecretKeyPacket.encrypt (#​1508)
• Throw on decryption of messages that don't contain any encrypted data packet (#​1529)
• Add UnparseablePacket to properly deal with key blocks that include malformed/unsupported packets (#​1522)
• Throw UnsupportedError on unknown algorithm in keys, signatures and encrypted session keys (#​1523)
• Add memory benchmark tests for streamed decryption of large files (#​1462)
• Fix loading browser built in JSDom environment (#​1518)

v5.2.1

Compare Source

• Fix AES encryption error in browsers for messages larger than 3MB (#​1506)
• TS: Rely on new web-stream-tools types, fix SignOptions (#​1502)
• Lint: error if imported name is not found in module (#​1507)

v5.2.0

Compare Source

• Drop MS Edge Legacy support (#​1474)
• Check existence of navigator before using it (#​1475)
• Fix Key.isRevoked() and SignaturePacket.verify() TypeScript definitions, and remove SignaturePacket.verified from Typescript declarations (#​1486, #​1494)
• CI: Update mocha (#​1503)