This object contains global configuration values.
- Source:
- See:
-
- module:config/config
Members
(static) additionalAllowedPackets
Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).
Properties:
Name | Type | Description |
---|---|---|
additionalAllowedPackets |
Array | Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] |
- Source:
(static) aeadChunkSizeByte
Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode Only has an effect when aeadProtect is set to true. Must be an integer value from 0 to 56.
Properties:
Name | Type | Description |
---|---|---|
aeadChunkSizeByte |
Integer |
- Source:
(static) aeadProtect
Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. Note: not all OpenPGP implementations are compatible with this option. FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION
Properties:
Name | Type | Description |
---|---|---|
aeadProtect |
Boolean |
- Source:
- See:
(static) allowInsecureDecryptionWithSigningKeys
Allow decryption using RSA keys without encrypt
flag.
This setting is potentially insecure, but it is needed to get around an old openpgpjs bug
where key flags were ignored when selecting a key for encryption.
Properties:
Name | Type | Description |
---|---|---|
allowInsecureDecryptionWithSigningKeys |
Boolean |
- Source:
(static) allowInsecureVerificationWithReformattedKeys
Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. Instead, a verification key will also be consider valid as long as it is valid at the current time. This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, and have self-signature's creation date that does not match the primary key creation date.
Properties:
Name | Type | Description |
---|---|---|
allowInsecureDecryptionWithSigningKeys |
Boolean |
- Source:
(static) allowUnauthenticatedMessages
Allow decryption of messages without integrity protection. This is an insecure setting:
- message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.
- it enables downgrade attacks against integrity-protected messages.
Properties:
Name | Type | Description |
---|---|---|
allowUnauthenticatedMessages |
Boolean |
- Source:
(static) allowUnauthenticatedStream
Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible and deferring checking their integrity until the decrypted stream has been read in full.
This setting is insecure if the partially decrypted message is processed further or displayed to the user.
Properties:
Name | Type | Description |
---|---|---|
allowUnauthenticatedStream |
Boolean |
- Source:
(static) checksumRequired
Properties:
Name | Type | Description |
---|---|---|
checksumRequired |
Boolean | Do not throw error when armor is missing a checksum |
- Source:
(static) commentString
Properties:
Name | Type | Description |
---|---|---|
commentString |
String | A comment string to be included in armored messages |
- Source:
(static) constantTimePKCS1Decryption
Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:
- new/incoming messages are automatically decrypted (without user interaction);
- an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).
See also
constantTimePKCS1DecryptionSupportedSymmetricAlgorithms
.
Properties:
Name | Type | Description |
---|---|---|
constantTimePKCS1Decryption |
Boolean |
- Source:
(static) constantTimePKCS1DecryptionSupportedSymmetricAlgorithms
This setting is only meaningful if constantTimePKCS1Decryption
is enabled.
Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.
However, the more algorithms are added, the slower the decryption procedure becomes.
Properties:
Name | Type | Description |
---|---|---|
constantTimePKCS1DecryptionSupportedSymmetricAlgorithms |
Set.<Integer> |
- Source:
(static) deflateLevel
Properties:
Name | Type | Description |
---|---|---|
deflateLevel |
Integer | Default zip/zlib compression level, between 1 and 9 |
- Source:
(static) ignoreMalformedPackets
Properties:
Name | Type | Description |
---|---|---|
ignoreMalformedPackets |
Boolean | Ignore malformed packets on parsing instead of throwing an error |
- Source:
(static) ignoreUnsupportedPackets
Properties:
Name | Type | Description |
---|---|---|
ignoreUnsupportedPackets |
Boolean | Ignore unsupported/unrecognizable packets on parsing instead of throwing an error |
- Source:
(static) knownNotations
Contains notatations that are considered "known". Known notations do not trigger validation error when the notation is marked as critical.
Properties:
Name | Type | Description |
---|---|---|
knownNotations |
Array |
- Source:
(static) maxUserIDLength
Max userID string length (used for parsing)
Properties:
Name | Type | Description |
---|---|---|
maxUserIDLength |
Integer |
- Source:
(static) minBytesForWebCrypto
Properties:
Name | Type | Description |
---|---|---|
minBytesForWebCrypto |
Integer | The minimum amount of bytes for which to use native WebCrypto APIs when available |
- Source:
(static) minRSABits
Minimum RSA key size allowed for key generation and message signing, verification and encryption. The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.
Properties:
Name | Type | Description |
---|---|---|
minRSABits |
Number |
- Source:
(static) passwordCollisionCheck
Work-around for rare GPG decryption bug when encrypting with multiple passwords. Slower and slightly less secure
Properties:
Name | Type | Description |
---|---|---|
passwordCollisionCheck |
Boolean |
- Source:
(static) preferredAEADAlgorithm
Default Authenticated Encryption with Additional Data (AEAD) encryption mode Only has an effect when aeadProtect is set to true.
Properties:
Name | Type | Description |
---|---|---|
preferredAEADAlgorithm |
Integer | Default AEAD mode module:enums.aead |
- Source:
(static) preferredCompressionAlgorithm
Properties:
Name | Type | Description |
---|---|---|
compression |
Integer | Default compression algorithm module:enums.compression |
- Source:
(static) preferredHashAlgorithm
Properties:
Name | Type | Description |
---|---|---|
preferredHashAlgorithm |
Integer | Default hash algorithm module:enums.hash |
- Source:
(static) preferredSymmetricAlgorithm
Properties:
Name | Type | Description |
---|---|---|
preferredSymmetricAlgorithm |
Integer | Default encryption cipher module:enums.symmetric |
- Source:
(static) rejectCurves
Reject non-standard curves for key generation, message encryption, signing or verification
Properties:
Name | Type | Description |
---|---|---|
rejectCurves |
Set.<String> |
- Source:
(static) rejectHashAlgorithms
Reject insecure hash algorithms
Properties:
Name | Type | Description |
---|---|---|
rejectHashAlgorithms |
Set.<Integer> |
- Source:
(static) rejectMessageHashAlgorithms
Reject insecure message hash algorithms
Properties:
Name | Type | Description |
---|---|---|
rejectMessageHashAlgorithms |
Set.<Integer> |
- Source:
(static) rejectPublicKeyAlgorithms
Reject insecure public key algorithms for key generation and message encryption, signing or verification
Properties:
Name | Type | Description |
---|---|---|
rejectPublicKeyAlgorithms |
Set.<Integer> |
- Source:
(static) revocationsExpire
Properties:
Name | Type | Description |
---|---|---|
revocationsExpire |
Boolean | If true, expired revocation signatures are ignored |
- Source:
(static) s2kIterationCountByte
RFC4880 3.7.1.3: Iteration Count Byte for S2K (String to Key)
Properties:
Name | Type | Description |
---|---|---|
s2kIterationCountByte |
Integer |
- Source:
(static) showComment
Properties:
Name | Type | Description |
---|---|---|
showComment |
Boolean | Whether to include module:config/config.commentString in armored messages |
- Source:
(static) showVersion
Properties:
Name | Type | Description |
---|---|---|
showVersion |
Boolean | Whether to include module:config/config.versionString in armored messages |
- Source:
(static) useIndutnyElliptic
Whether to use the indutny/elliptic library for curves (other than Curve25519) that are not supported by the available native crypto API. When false, certain standard curves will not be supported (depending on the platform). Note: the indutny/elliptic curve library is not designed to be constant time.
Properties:
Name | Type | Description |
---|---|---|
useIndutnyElliptic |
Boolean |
- Source:
(static) v5Keys
Use V5 keys. Note: not all OpenPGP implementations are compatible with this option. FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION
Properties:
Name | Type | Description |
---|---|---|
v5Keys |
Boolean |
- Source:
(static) versionString
Properties:
Name | Type | Description |
---|---|---|
versionString |
String | A version string to be included in armored messages |
- Source: