UNPKG

@isomorphic-pgp/sign-and-verify

Version:

Create and verify OpenPGP signatures

github.com/wmhilton/isomorphic-pgp

wmhilton/isomorphic-pgp

120 lines (106 loc) 3.78 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
const { BigInteger } = require("jsbn"); const { hashes } = require("./hashes.js"); const arrayBufferToHex = require("array-buffer-to-hex"); const { encode } = require("isomorphic-textencoder"); const Message = require("@isomorphic-pgp/parser/Message.js"); const UrlSafeBase64 = require("@isomorphic-pgp/parser/UrlSafeBase64.js"); const Uint16 = require("@isomorphic-pgp/parser/Uint16.js"); const EMSA = require("@isomorphic-pgp/parser/emsa.js"); const { HashAlgorithm } = require("@isomorphic-pgp/parser/constants.js"); const { payloadSignatureHashData } = require("@isomorphic-pgp/parser/payloadSignatureHashData.js"); const { trimZeros } = require("@isomorphic-pgp/util/trimZeros.js"); module.exports.sign = async function sign(openpgpPrivateKey, payload, timestamp) { let parsed = Message.parse(openpgpPrivateKey); let privateKeyPacket = parsed.packets[0].packet; let userIdPacket = parsed.packets[1].packet; // TODO: Assert that this is all correct and stuff. let selfSignaturePacket = parsed.packets[2].packet; let keyid = selfSignaturePacket.unhashed.subpackets.find(subpacket => subpacket.type === 16).subpacket.issuer; let e = UrlSafeBase64.serialize(privateKeyPacket.mpi.e); let n = UrlSafeBase64.serialize(privateKeyPacket.mpi.n); let d = UrlSafeBase64.serialize(privateKeyPacket.mpi.d); let p = UrlSafeBase64.serialize(privateKeyPacket.mpi.p); let q = UrlSafeBase64.serialize(privateKeyPacket.mpi.q); let u = UrlSafeBase64.serialize(privateKeyPacket.mpi.u); // SIGN let D = new BigInteger(arrayBufferToHex(d), 16); let P = new BigInteger(arrayBufferToHex(p), 16); let Q = new BigInteger(arrayBufferToHex(q), 16); let U = new BigInteger(arrayBufferToHex(u), 16); let partialSignaturePacket = { version: 4, type: 0, alg: 1, hash: 8, hashed: { subpackets: [ { type: 2, subpacket: { creation: timestamp } } ] } }; const hashType = HashAlgorithm[partialSignaturePacket.hash] payload = typeof payload === "string" ? encode(payload) : payload; let buffer = await payloadSignatureHashData(payload, partialSignaturePacket); let hash = await hashes[hashType](buffer, { outputFormat: "buffer" }); hash = new Uint8Array(hash); let left16 = Uint16.parse([hash[0], hash[1]]); // Wrap `hash` in the dumbass EMSA-PKCS1-v1_5 padded message format: hash = EMSA.encode(hashType, hash, n.byteLength); let M = new BigInteger(arrayBufferToHex(hash), 16); // // Straightforward solution: ~ 679ms // console.time("standard"); // let S = M.modPow(D, N); // console.timeEnd("standard"); // Fast solution using Chinese Remainder Theorem: ~184ms // from libgcryp docs: /* * m1 = c ^ (d mod (p-1)) mod p * m2 = c ^ (d mod (q-1)) mod q * h = u * (m2 - m1) mod q * m = m1 + h * p */ let ONE = new BigInteger("01", 16); let DP = D.mod(P.subtract(ONE)); let DQ = D.mod(Q.subtract(ONE)); let M1 = M.modPow(DP, P); let M2 = M.modPow(DQ, Q); let H = U.multiply(M2.subtract(M1)).mod(Q); let S = M1.add(H.multiply(P)); let signature = new Uint8Array(S.toByteArray()); signature = trimZeros(signature); signature = UrlSafeBase64.parse(signature); let completeSignaturePacket = Object.assign({}, partialSignaturePacket, { unhashed: { subpackets: [ { type: 16, subpacket: { issuer: keyid } } ] }, left16, mpi: { signature } }); let message = { type: "PGP SIGNATURE", packets: [ { type: 0, tag: 2, tag_s: "Signature Packet", packet: completeSignaturePacket } ] }; let text = Message.serialize(message); return text; }