Module: config

This object contains global configuration values.

Source:
See:
  • module:config/config

Members

(static) additionalAllowedPackets

Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).

Properties:
Name Type Description
additionalAllowedPackets Array

Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]

Source:

(static) aeadChunkSizeByte

Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode Only has an effect when aeadProtect is set to true. Must be an integer value from 0 to 56.

Properties:
Name Type Description
aeadChunkSizeByte Integer
Source:

(static) aeadProtect

Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. Note: not all OpenPGP implementations are compatible with this option. FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION

Properties:
Name Type Description
aeadProtect Boolean
Source:
See:

(static) allowInsecureDecryptionWithSigningKeys

Allow decryption using RSA keys without encrypt flag. This setting is potentially insecure, but it is needed to get around an old openpgpjs bug where key flags were ignored when selecting a key for encryption.

Properties:
Name Type Description
allowInsecureDecryptionWithSigningKeys Boolean
Source:

(static) allowInsecureVerificationWithReformattedKeys

Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. Instead, a verification key will also be consider valid as long as it is valid at the current time. This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, and have self-signature's creation date that does not match the primary key creation date.

Properties:
Name Type Description
allowInsecureDecryptionWithSigningKeys Boolean
Source:

(static) allowUnauthenticatedMessages

Allow decryption of messages without integrity protection. This is an insecure setting:

  • message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.
  • it enables downgrade attacks against integrity-protected messages.
Properties:
Name Type Description
allowUnauthenticatedMessages Boolean
Source:

(static) allowUnauthenticatedStream

Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible and deferring checking their integrity until the decrypted stream has been read in full.

This setting is insecure if the partially decrypted message is processed further or displayed to the user.

Properties:
Name Type Description
allowUnauthenticatedStream Boolean
Source:

(static) checksumRequired

Properties:
Name Type Description
checksumRequired Boolean

Do not throw error when armor is missing a checksum

Source:

(static) commentString

Properties:
Name Type Description
commentString String

A comment string to be included in armored messages

Source:

(static) constantTimePKCS1Decryption

Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:

  • new/incoming messages are automatically decrypted (without user interaction);
  • an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). See also constantTimePKCS1DecryptionSupportedSymmetricAlgorithms.
Properties:
Name Type Description
constantTimePKCS1Decryption Boolean
Source:

(static) constantTimePKCS1DecryptionSupportedSymmetricAlgorithms

This setting is only meaningful if constantTimePKCS1Decryption is enabled. Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail. However, the more algorithms are added, the slower the decryption procedure becomes.

Properties:
Name Type Description
constantTimePKCS1DecryptionSupportedSymmetricAlgorithms Set.<Integer>

module:enums.symmetric

Source:

(static) deflateLevel

Properties:
Name Type Description
deflateLevel Integer

Default zip/zlib compression level, between 1 and 9

Source:

(static) ignoreMalformedPackets

Properties:
Name Type Description
ignoreMalformedPackets Boolean

Ignore malformed packets on parsing instead of throwing an error

Source:

(static) ignoreUnsupportedPackets

Properties:
Name Type Description
ignoreUnsupportedPackets Boolean

Ignore unsupported/unrecognizable packets on parsing instead of throwing an error

Source:

(static) knownNotations

Contains notatations that are considered "known". Known notations do not trigger validation error when the notation is marked as critical.

Properties:
Name Type Description
knownNotations Array
Source:

(static) maxUserIDLength

Max userID string length (used for parsing)

Properties:
Name Type Description
maxUserIDLength Integer
Source:

(static) minBytesForWebCrypto

Properties:
Name Type Description
minBytesForWebCrypto Integer

The minimum amount of bytes for which to use native WebCrypto APIs when available

Source:

(static) minRSABits

Minimum RSA key size allowed for key generation and message signing, verification and encryption. The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.

Properties:
Name Type Description
minRSABits Number
Source:

(static) passwordCollisionCheck

Work-around for rare GPG decryption bug when encrypting with multiple passwords. Slower and slightly less secure

Properties:
Name Type Description
passwordCollisionCheck Boolean
Source:

(static) preferredAEADAlgorithm

Default Authenticated Encryption with Additional Data (AEAD) encryption mode Only has an effect when aeadProtect is set to true.

Properties:
Name Type Description
preferredAEADAlgorithm Integer

Default AEAD mode module:enums.aead

Source:

(static) preferredCompressionAlgorithm

Properties:
Name Type Description
compression Integer

Default compression algorithm module:enums.compression

Source:

(static) preferredHashAlgorithm

Properties:
Name Type Description
preferredHashAlgorithm Integer

Default hash algorithm module:enums.hash

Source:

(static) preferredSymmetricAlgorithm

Properties:
Name Type Description
preferredSymmetricAlgorithm Integer

Default encryption cipher module:enums.symmetric

Source:

(static) rejectCurves

Reject non-standard curves for key generation, message encryption, signing or verification

Properties:
Name Type Description
rejectCurves Set.<String>

module:enums.curve

Source:

(static) rejectHashAlgorithms

Reject insecure hash algorithms

Properties:
Name Type Description
rejectHashAlgorithms Set.<Integer>

module:enums.hash

Source:

(static) rejectMessageHashAlgorithms

Reject insecure message hash algorithms

Properties:
Name Type Description
rejectMessageHashAlgorithms Set.<Integer>

module:enums.hash

Source:

(static) rejectPublicKeyAlgorithms

Reject insecure public key algorithms for key generation and message encryption, signing or verification

Properties:
Name Type Description
rejectPublicKeyAlgorithms Set.<Integer>

module:enums.publicKey

Source:

(static) revocationsExpire

Properties:
Name Type Description
revocationsExpire Boolean

If true, expired revocation signatures are ignored

Source:

(static) s2kIterationCountByte

RFC4880 3.7.1.3: Iteration Count Byte for S2K (String to Key)

Properties:
Name Type Description
s2kIterationCountByte Integer
Source:

(static) showComment

Properties:
Name Type Description
showComment Boolean

Whether to include module:config/config.commentString in armored messages

Source:

(static) showVersion

Properties:
Name Type Description
showVersion Boolean

Whether to include module:config/config.versionString in armored messages

Source:

(static) useIndutnyElliptic

Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API. When false, certain standard curves will not be supported (depending on the platform). Note: the indutny/elliptic curve library is not designed to be constant time.

Properties:
Name Type Description
useIndutnyElliptic Boolean
Source:

(static) v5Keys

Use V5 keys. Note: not all OpenPGP implementations are compatible with this option. FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION

Properties:
Name Type Description
v5Keys Boolean
Source:

(static) versionString

Properties:
Name Type Description
versionString String

A version string to be included in armored messages

Source: