This object contains global configuration values.
- Source:
- See:
-
- module:config/config
Members
(static) additionalAllowedPackets
Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).
Properties:
| Name | Type | Description |
|---|---|---|
additionalAllowedPackets |
Array | Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket] |
- Source:
(static) aeadChunkSizeByte
Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode Only has an effect when aeadProtect is set to true. Must be an integer value from 0 to 56.
Properties:
| Name | Type | Description |
|---|---|---|
aeadChunkSizeByte |
Integer |
- Source:
(static) aeadProtect
Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption. This option is applicable to:
- key generation (encryption key preferences),
- password-based message encryption, and
- private key encryption. In the case of message encryption using public keys, the encryption key preferences are respected instead. Note: not all OpenPGP implementations are compatible with this option.
Properties:
| Name | Type | Description |
|---|---|---|
aeadProtect |
Boolean |
- Source:
- See:
(static) allowInsecureDecryptionWithSigningKeys
Allow decryption using RSA keys without encrypt flag.
This setting is potentially insecure, but it is needed to get around an old openpgpjs bug
where key flags were ignored when selecting a key for encryption.
Properties:
| Name | Type | Description |
|---|---|---|
allowInsecureDecryptionWithSigningKeys |
Boolean |
- Source:
(static) allowInsecureVerificationWithReformattedKeys
Allow verification of message signatures with keys whose validity at the time of signing cannot be determined. Instead, a verification key will also be consider valid as long as it is valid at the current time. This setting is potentially insecure, but it is needed to verify messages signed with keys that were later reformatted, and have self-signature's creation date that does not match the primary key creation date.
Properties:
| Name | Type | Description |
|---|---|---|
allowInsecureDecryptionWithSigningKeys |
Boolean |
- Source:
(static) allowUnauthenticatedMessages
Allow decryption of messages without integrity protection. This is an insecure setting:
- message modifications cannot be detected, thus processing the decrypted data is potentially unsafe.
- it enables downgrade attacks against integrity-protected messages.
Properties:
| Name | Type | Description |
|---|---|---|
allowUnauthenticatedMessages |
Boolean |
- Source:
(static) allowUnauthenticatedStream
Allow streaming unauthenticated data before its integrity has been checked. This would allow the application to process large streams while limiting memory usage by releasing the decrypted chunks as soon as possible and deferring checking their integrity until the decrypted stream has been read in full.
This setting is insecure if the encrypted data has been corrupted by a malicious entity:
- if the partially decrypted message is processed further or displayed to the user, it opens up the possibility of attacks such as EFAIL (see https://efail.de/).
- an attacker with access to traces or timing info of internal processing errors could learn some info about the data.
NB: this setting does not apply to AEAD-encrypted data, where the AEAD data chunk is never released until integrity is confirmed.
Properties:
| Name | Type | Description |
|---|---|---|
allowUnauthenticatedStream |
Boolean |
- Source:
(static) commentString
Properties:
| Name | Type | Description |
|---|---|---|
commentString |
String | A comment string to be included in armored messages |
- Source:
(static) constantTimePKCS1Decryption
Enable constant-time decryption of RSA- and ElGamal-encrypted session keys, to hinder Bleichenbacher-like attacks (https://link.springer.com/chapter/10.1007/BFb0055716). This setting has measurable performance impact and it is only helpful in application scenarios where both of the following conditions apply:
- new/incoming messages are automatically decrypted (without user interaction);
- an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely).
See also
constantTimePKCS1DecryptionSupportedSymmetricAlgorithms.
Properties:
| Name | Type | Description |
|---|---|---|
constantTimePKCS1Decryption |
Boolean |
- Source:
(static) constantTimePKCS1DecryptionSupportedSymmetricAlgorithms
This setting is only meaningful if constantTimePKCS1Decryption is enabled.
Decryption of RSA- and ElGamal-encrypted session keys of symmetric algorithms different from the ones specified here will fail.
However, the more algorithms are added, the slower the decryption procedure becomes.
Properties:
| Name | Type | Description |
|---|---|---|
constantTimePKCS1DecryptionSupportedSymmetricAlgorithms |
Set.<Integer> |
- Source:
(static) ignoreMalformedPackets
Properties:
| Name | Type | Description |
|---|---|---|
ignoreMalformedPackets |
Boolean | Ignore malformed packets on parsing instead of throwing an error |
- Source:
(static) ignoreUnsupportedPackets
Properties:
| Name | Type | Description |
|---|---|---|
ignoreUnsupportedPackets |
Boolean | Ignore unsupported/unrecognizable packets on parsing instead of throwing an error |
- Source:
(static) knownNotations
Contains notatations that are considered "known". Known notations do not trigger validation error when the notation is marked as critical.
Properties:
| Name | Type | Description |
|---|---|---|
knownNotations |
Array |
- Source:
(static) maxUserIDLength
Max userID string length (used for parsing)
Properties:
| Name | Type | Description |
|---|---|---|
maxUserIDLength |
Integer |
- Source:
(static) minRSABits
Minimum RSA key size allowed for key generation and message signing, verification and encryption. The default is 2047 since due to a bug, previous versions of OpenPGP.js could generate 2047-bit keys instead of 2048-bit ones.
Properties:
| Name | Type | Description |
|---|---|---|
minRSABits |
Number |
- Source:
(static) passwordCollisionCheck
Work-around for rare GPG decryption bug when encrypting with multiple passwords. Slower and slightly less secure
Properties:
| Name | Type | Description |
|---|---|---|
passwordCollisionCheck |
Boolean |
- Source:
(static) preferredAEADAlgorithm
Default Authenticated Encryption with Additional Data (AEAD) encryption mode Only has an effect when aeadProtect is set to true.
Properties:
| Name | Type | Description |
|---|---|---|
preferredAEADAlgorithm |
Integer | Default AEAD mode module:enums.aead |
- Source:
(static) preferredCompressionAlgorithm
Properties:
| Name | Type | Description |
|---|---|---|
compression |
Integer | Default compression algorithm module:enums.compression |
- Source:
(static) preferredHashAlgorithm
Properties:
| Name | Type | Description |
|---|---|---|
preferredHashAlgorithm |
Integer | Default hash algorithm module:enums.hash |
- Source:
(static) preferredSymmetricAlgorithm
Properties:
| Name | Type | Description |
|---|---|---|
preferredSymmetricAlgorithm |
Integer | Default encryption cipher module:enums.symmetric |
- Source:
(static) rejectCurves
Reject non-standard curves for key generation, message encryption, signing or verification
Properties:
| Name | Type | Description |
|---|---|---|
rejectCurves |
Set.<String> |
- Source:
(static) rejectHashAlgorithms
Reject insecure hash algorithms
Properties:
| Name | Type | Description |
|---|---|---|
rejectHashAlgorithms |
Set.<Integer> |
- Source:
(static) rejectMessageHashAlgorithms
Reject insecure message hash algorithms
Properties:
| Name | Type | Description |
|---|---|---|
rejectMessageHashAlgorithms |
Set.<Integer> |
- Source:
(static) rejectPublicKeyAlgorithms
Reject insecure public key algorithms for key generation and message encryption, signing or verification
Properties:
| Name | Type | Description |
|---|---|---|
rejectPublicKeyAlgorithms |
Set.<Integer> |
- Source:
(static) s2kArgon2Params
draft-crypto-refresh 3.7.1.4:
Argon2 parameters for S2K (String to Key).
Only relevant if config.s2kType is set to enums.s2k.argon2.
Default settings correspond to the second recommendation from RFC9106 ("uniformly safe option"),
to ensure compatibility with memory-constrained environments.
For more details on the choice of parameters, see https://tools.ietf.org/html/rfc9106#section-4.
Properties:
| Name | Type | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
params |
Object |
Properties
|
- Source:
(static) s2kIterationCountByte
RFC4880 3.7.1.3:
Iteration Count Byte for Iterated and Salted S2K (String to Key).
Only relevant if config.s2kType is set to enums.s2k.iterated.
Note: this is the exponent value, not the final number of iterations (refer to specs for more details).
Properties:
| Name | Type | Description |
|---|---|---|
s2kIterationCountByte |
Integer |
- Source:
(static) s2kType
S2K (String to Key) type, used for key derivation in the context of secret key encryption and password-encrypted data. Weaker s2k options are not allowed. Note: Argon2 is the strongest option but not all OpenPGP implementations are compatible with it (pending standardisation).
Properties:
| Name | Type | Description |
|---|---|---|
s2kType |
enums.s2k.argon2 | enums.s2k.iterated |
- Source:
(static) showComment
Properties:
| Name | Type | Description |
|---|---|---|
showComment |
Boolean | Whether to include module:config/config.commentString in armored messages |
- Source:
(static) showVersion
Properties:
| Name | Type | Description |
|---|---|---|
showVersion |
Boolean | Whether to include module:config/config.versionString in armored messages |
- Source:
(static) useEllipticFallback
Whether to use the the noble-curves library for curves (other than Curve25519) that are not supported by the available native crypto API. When false, certain standard curves will not be supported (depending on the platform).
Properties:
| Name | Type | Description |
|---|---|---|
useEllipticFallback |
Boolean |
- Source:
(static) v6Keys
Use v6 keys. Note: not all OpenPGP implementations are compatible with this option. FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION
Properties:
| Name | Type | Description |
|---|---|---|
v6Keys |
Boolean |
- Source:
(static) versionString
Properties:
| Name | Type | Description |
|---|---|---|
versionString |
String | A version string to be included in armored messages |
- Source: