@types/openpgp
Version:
TypeScript definitions for openpgp
1,489 lines (1,349 loc) • 191 kB
TypeScript
import BN = require("bn.js");
import stream = require("stream");
export {};
type NodeStream = stream;
type Integer = number;
type Infinity = any;
type ReadableStream<T> = any;
export namespace cleartext {
/**
* Class that represents an OpenPGP cleartext signed message.
* See {@link https://tools.ietf.org/html/rfc4880#section-7}
*/
class CleartextMessage {
/**
* @param text The cleartext of the signed message
* @param signature The detached signature or an empty signature for unsigned messages
*/
constructor(text: string, signature: signature.Signature);
/**
* Returns the key IDs of the keys that signed the cleartext message
* @returns array of keyid objects
*/
getSigningKeyIds(): any[];
/**
* Sign the cleartext message
* @param privateKeys private keys with decrypted secret key data for signing
* @param signature (optional) any existing detached signature
* @param date (optional) The creation time of the signature that should be created
* @param userIds (optional) user IDs to sign with, e.g. [ { name:'Steve Sender', email:'steve@openpgp.org' }]
* @returns new cleartext message with signed content
*/
sign(privateKeys: any[], signature: signature.Signature, date: Date, userIds: any[]): Promise<CleartextMessage>;
/**
* Sign the cleartext message
* @param privateKeys private keys with decrypted secret key data for signing
* @param signature (optional) any existing detached signature
* @param date (optional) The creation time of the signature that should be created
* @param userIds (optional) user IDs to sign with, e.g. [ { name:'Steve Sender', email:'steve@openpgp.org' }]
* @returns new detached signature of message content
*/
signDetached(
privateKeys: any[],
signature: signature.Signature,
date: Date,
userIds: any[],
): Promise<signature.Signature>;
/**
* Verify signatures of cleartext signed message
* @param keys array of keys to verify signatures
* @param date (optional) Verify the signature against the given date, i.e. check signature creation time < date < expiration time
* @returns list of signer's keyid and validity of signature
*/
verify(keys: any[], date: Date): Promise<Array<{ keyid: type.keyid.Keyid; valid: boolean }>>;
/**
* Verify signatures of cleartext signed message
* @param keys array of keys to verify signatures
* @param date (optional) Verify the signature against the given date, i.e. check signature creation time < date < expiration time
* @returns list of signer's keyid and validity of signature
*/
verifyDetached(keys: any[], date: Date): Promise<Array<{ keyid: type.keyid.Keyid; valid: boolean }>>;
/**
* Get cleartext
* @returns cleartext of message
*/
getText(): string;
/**
* Returns ASCII armored text of cleartext signed message
* @returns ASCII armor
*/
armor(): string | ReadableStream<String>;
}
/**
* reads an OpenPGP cleartext signed message and returns a CleartextMessage object
* @param armoredText text to be parsed
* @returns new cleartext message object
*/
function readArmored(armoredText: string | ReadableStream<String>): Promise<CleartextMessage>;
/**
* Creates a new CleartextMessage object from text
* @param text
*/
function fromText(text: string): CleartextMessage;
}
/**
* @see module:config/config
*/
export namespace config {
var prefer_hash_algorithm: any;
var encryption_cipher: any;
var compression: any;
var deflate_level: any;
/**
* Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.
* **NOT INTEROPERABLE WITH OTHER OPENPGP IMPLEMENTATIONS**
* **FUTURE OPENPGP.JS VERSIONS MAY BREAK COMPATIBILITY WHEN USING THIS OPTION**
*/
var aead_protect: any;
/**
* Use Authenticated Encryption with Additional Data (AEAD) protection for symmetric encryption.
* 0 means we implement a variant of {@link https://tools.ietf.org/html/draft-ford-openpgp-format-00|this IETF draft}.
* 4 means we implement {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04|RFC4880bis-04}.
* Note that this determines how AEAD packets are parsed even when aead_protect is set to false
*/
var aead_protect_version: any;
/**
* Default Authenticated Encryption with Additional Data (AEAD) encryption mode
* Only has an effect when aead_protect is set to true.
*/
var aead_mode: any;
/**
* Chunk Size Byte for Authenticated Encryption with Additional Data (AEAD) mode
* Only has an effect when aead_protect is set to true.
* Must be an integer value from 0 to 56.
*/
var aead_chunk_size_byte: any;
/**
* {@link https://tools.ietf.org/html/rfc4880#section-3.7.1.3|RFC4880 3.7.1.3}:
* Iteration Count Byte for S2K (String to Key)
*/
var s2k_iteration_count_byte: any;
/**
* Use integrity protection for symmetric encryption
*/
var integrity_protect: any;
var ignore_mdc_error: any;
var allow_unauthenticated_stream: any;
var checksum_required: any;
var rsa_blinding: any;
/**
* Work-around for rare GPG decryption bug when encrypting with multiple passwords.
* **Slower and slightly less secure**
*/
var password_collision_check: any;
var revocations_expire: any;
var use_native: any;
var min_bytes_for_web_crypto: any;
var zero_copy: any;
var debug: any;
var tolerant: any;
var show_version: any;
var show_comment: any;
var versionstring: any;
var commentstring: any;
var keyserver: any;
var node_store: any;
/**
* Max userid string length (used for parsing)
*/
var max_userid_length: any;
namespace localStorage {
class LocalStorage {
/**
* This object is used for storing and retrieving configuration from HTML5 local storage.
*/
constructor();
/**
* Reads the config out of the HTML5 local storage
* and initializes the object config.
* if config is null the default config will be used
*/
read(): void;
/**
* Writes the config to HTML5 local storage
*/
write(): void;
}
}
}
export class LocalStorage {
/**
* This object is used for storing and retrieving configuration from HTML5 local storage.
*/
constructor();
/**
* Reads the config out of the HTML5 local storage
* and initializes the object config.
* if config is null the default config will be used
*/
read(): void;
/**
* Writes the config to HTML5 local storage
*/
write(): void;
}
/**
* @see module:crypto/crypto
* @see module:crypto/signature
* @see module:crypto/public_key
* @see module:crypto/cipher
* @see module:crypto/random
* @see module:crypto/hash
*/
export namespace crypto {
/**
* @see module:crypto/public_key/elliptic/ecdh
*/
namespace aes_kw {
/**
* AES key wrap
* @param key
* @param data
* @returns
*/
function wrap(key: string, data: string): Uint8Array;
/**
* AES key unwrap
* @param key
* @param data
* @returns
* @throws
*/
function unwrap(key: string, data: string): Uint8Array;
}
namespace cfb {
function encrypt(algo: any, key: any, plaintext: any, iv: any): any;
function decrypt(algo: any, key: any, ciphertext: any, iv: any): Promise<any>;
}
namespace cipher {
/**
* AES-128 encryption and decryption (ID 7)
* @param key 128-bit key
* @see
* @see
* @returns
*/
function aes128(key: string): object;
/**
* AES-128 Block Cipher (ID 8)
* @param key 192-bit key
* @see
* @see
* @returns
*/
function aes192(key: string): object;
/**
* AES-128 Block Cipher (ID 9)
* @param key 256-bit key
* @see
* @see
* @returns
*/
function aes256(key: string): object;
/**
* Triple DES Block Cipher (ID 2)
* @param key 192-bit key
* @see
* @returns
*/
function tripledes(key: string): object;
/**
* CAST-128 Block Cipher (ID 3)
* @param key 128-bit key
* @see
* @returns
*/
function cast5(key: string): object;
/**
* Twofish Block Cipher (ID 10)
* @param key 256-bit key
* @see
* @returns
*/
function twofish(key: string): object;
/**
* Blowfish Block Cipher (ID 4)
* @param key 128-bit key
* @see
* @returns
*/
function blowfish(key: string): object;
/**
* Not implemented
* @throws
*/
function idea(): void;
}
namespace cmac {
/**
* This implementation of CMAC is based on the description of OMAC in
* http://web.cs.ucdavis.edu/~rogaway/papers/eax.pdf. As per that
* document:
* We have made a small modification to the OMAC algorithm as it was
* originally presented, changing one of its two constants.
* Specifically, the constant 4 at line 85 was the constant 1/2 (the
* multiplicative inverse of 2) in the original definition of OMAC [14].
* The OMAC authors indicate that they will promulgate this modification
* [15], which slightly simplifies implementations.
*/
const blockLength: any;
/**
* xor `padding` into the end of `data`. This function implements "the
* operation xor→ [which] xors the shorter string into the end of longer
* one". Since data is always as least as long as padding, we can
* simplify the implementation.
* @param data
* @param padding
*/
function rightXorMut(data: Uint8Array, padding: Uint8Array): void;
}
namespace crypto {
/**
* Encrypts data using specified algorithm and public key parameters.
* See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.
* @param algo Public key algorithm
* @param pub_params Algorithm-specific public key parameters
* @param data Data to be encrypted as MPI
* @param fingerprint Recipient fingerprint
* @returns encrypted session key parameters
*/
function publicKeyEncrypt(
algo: enums.publicKey,
pub_params: Array<type.mpi.MPI | type.oid.OID | type.kdf_params.KDFParams>,
data: type.mpi.MPI,
fingerprint: string,
): any[];
/**
* Decrypts data using specified algorithm and private key parameters.
* See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1} for public key algorithms.
* @param algo Public key algorithm
* @param key_params Algorithm-specific public, private key parameters
* @param data_params encrypted session key parameters
* @param fingerprint Recipient fingerprint
* @returns An MPI containing the decrypted data
*/
function publicKeyDecrypt(
algo: enums.publicKey,
key_params: Array<type.mpi.MPI | type.oid.OID | type.kdf_params.KDFParams>,
data_params: Array<type.mpi.MPI | type.oid.OID | type.kdf_params.KDFParams>,
fingerprint: string,
): type.mpi.MPI;
/**
* Returns the types comprising the private key of an algorithm
* @param algo The public key algorithm
* @returns The array of types
*/
function getPrivKeyParamTypes(algo: string): any[];
/**
* Returns the types comprising the public key of an algorithm
* @param algo The public key algorithm
* @returns The array of types
*/
function getPubKeyParamTypes(algo: string): any[];
/**
* Returns the types comprising the encrypted session key of an algorithm
* @param algo The public key algorithm
* @returns The array of types
*/
function getEncSessionKeyParamTypes(algo: string): any[];
/**
* Generate algorithm-specific key parameters
* @param algo The public key algorithm
* @param bits Bit length for RSA keys
* @param oid Object identifier for ECC keys
* @returns The array of parameters
*/
function generateParams(algo: string, bits: Integer, oid: type.oid.OID): any[];
/**
* Generates a random byte prefix for the specified algorithm
* See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.
* @param algo Symmetric encryption algorithm
* @returns Random bytes with length equal to the block size of the cipher, plus the last two bytes repeated.
*/
function getPrefixRandom(algo: enums.symmetric): Uint8Array;
/**
* Generating a session key for the specified symmetric algorithm
* See {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC 4880 9.2} for algorithms.
* @param algo Symmetric encryption algorithm
* @returns Random bytes as a string to be used as a key
*/
function generateSessionKey(algo: enums.symmetric): Uint8Array;
}
namespace eax {
/**
* Class to en/decrypt using EAX mode.
* @param cipher The symmetric cipher algorithm to use e.g. 'aes128'
* @param key The encryption key
*/
function EAX(cipher: string, key: Uint8Array): void;
/**
* Encrypt plaintext input.
* @param plaintext The cleartext input to be encrypted
* @param nonce The nonce (16 bytes)
* @param adata Associated data to sign
* @returns The ciphertext output
*/
function encrypt(plaintext: Uint8Array, nonce: Uint8Array, adata: Uint8Array): Promise<Uint8Array>;
/**
* Decrypt ciphertext input.
* @param ciphertext The ciphertext input to be decrypted
* @param nonce The nonce (16 bytes)
* @param adata Associated data to verify
* @returns The plaintext output
*/
function decrypt(ciphertext: Uint8Array, nonce: Uint8Array, adata: Uint8Array): Promise<Uint8Array>;
}
namespace gcm {
/**
* Class to en/decrypt using GCM mode.
* @param cipher The symmetric cipher algorithm to use e.g. 'aes128'
* @param key The encryption key
*/
function GCM(cipher: string, key: Uint8Array): void;
}
/**
* @see
* @see
*/
namespace hash {
/**
* @see module:md5
*/
var md5: any;
/**
* @see asmCrypto
*/
var sha1: any;
/**
* @see hash.js
*/
var sha224: any;
/**
* @see asmCrypto
*/
var sha256: any;
/**
* @see hash.js
*/
var sha384: any;
/**
* @see asmCrypto
*/
var sha512: any;
/**
* @see hash.js
*/
var ripemd: any;
/**
* Create a hash on the specified data using the specified algorithm
* @param algo Hash algorithm type (see {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})
* @param data Data to be hashed
* @returns hash value
*/
function digest(algo: enums.hash, data: Uint8Array): Promise<Uint8Array>;
/**
* Returns the hash size in bytes of the specified hash algorithm type
* @param algo Hash algorithm type (See {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4})
* @returns Size in bytes of the resulting hash
*/
function getHashByteLength(algo: enums.hash): Integer;
}
/**
* @see module:packet.PublicKeyEncryptedSessionKey
*/
namespace pkcs5 {
/**
* Add pkcs5 padding to a text.
* @param msg Text to add padding
* @returns Text with padding added
*/
function encode(msg: string): string;
/**
* Remove pkcs5 padding from a string.
* @param msg Text to remove padding from
* @returns Text with padding removed
*/
function decode(msg: string): string;
}
namespace ocb {
/**
* Class to en/decrypt using OCB mode.
* @param cipher The symmetric cipher algorithm to use e.g. 'aes128'
* @param key The encryption key
*/
function OCB(cipher: string, key: Uint8Array): void;
/**
* Encrypt plaintext input.
* @param plaintext The cleartext input to be encrypted
* @param nonce The nonce (15 bytes)
* @param adata Associated data to sign
* @returns The ciphertext output
*/
function encrypt(plaintext: Uint8Array, nonce: Uint8Array, adata: Uint8Array): Promise<Uint8Array>;
/**
* Decrypt ciphertext input.
* @param ciphertext The ciphertext input to be decrypted
* @param nonce The nonce (15 bytes)
* @param adata Associated data to sign
* @returns The ciphertext output
*/
function decrypt(ciphertext: Uint8Array, nonce: Uint8Array, adata: Uint8Array): Promise<Uint8Array>;
}
/**
* @see module:crypto/public_key/rsa
* @see module:crypto/public_key/elliptic/ecdh
* @see module:packet.PublicKeyEncryptedSessionKey
*/
namespace pkcs1 {
namespace eme {
/**
* Create a EME-PKCS1-v1_5 padded message
* @see
* @param M message to be encoded
* @param k the length in octets of the key modulus
* @returns EME-PKCS1 padded message
*/
function encode(M: string, k: Integer): Promise<String>;
/**
* Decode a EME-PKCS1-v1_5 padded message
* @see
* @param EM encoded message, an octet string
* @returns message, an octet string
*/
function decode(EM: string): string;
}
namespace emsa {
/**
* Create a EMSA-PKCS1-v1_5 padded message
* @see
* @param algo Hash algorithm type used
* @param hashed message to be encoded
* @param emLen intended length in octets of the encoded message
* @returns encoded message
*/
function encode(algo: Integer, hashed: Uint8Array, emLen: Integer): string;
}
/**
* ASN1 object identifiers for hashes
* @see
*/
const hash_headers: any;
}
namespace public_key {
namespace dsa {
/**
* DSA Sign function
* @param hash_algo
* @param hashed
* @param g
* @param p
* @param q
* @param x
* @returns
*/
function sign(hash_algo: Integer, hashed: Uint8Array, g: BN, p: BN, q: BN, x: BN): object;
/**
* DSA Verify function
* @param hash_algo
* @param r
* @param s
* @param hashed
* @param g
* @param p
* @param q
* @param y
* @returns BN
*/
function verify(hash_algo: Integer, r: BN, s: BN, hashed: Uint8Array, g: BN, p: BN, q: BN, y: BN): any;
}
namespace elgamal {
/**
* ElGamal Encryption function
* @param m
* @param p
* @param g
* @param y
* @returns
*/
function encrypt(m: BN, p: BN, g: BN, y: BN): object;
/**
* ElGamal Encryption function
* @param c1
* @param c2
* @param p
* @param x
* @returns BN
*/
function decrypt(c1: BN, c2: BN, p: BN, x: BN): any;
}
/**
* @see module:crypto/public_key/elliptic/curve
* @see module:crypto/public_key/elliptic/ecdh
* @see module:crypto/public_key/elliptic/ecdsa
* @see module:crypto/public_key/elliptic/eddsa
*/
namespace elliptic {
namespace curve {
class Curve {}
}
namespace ecdh {
/**
* Generate ECDHE ephemeral key and secret from public key
* @param curve Elliptic curve object
* @param Q Recipient public key
* @returns Returns public part of ephemeral key and generated ephemeral secret
*/
function genPublicEphemeralKey(curve: curve.Curve, Q: Uint8Array): Promise<{ V: Uint8Array; S: BN }>;
/**
* Encrypt and wrap a session key
* @param oid Elliptic curve object identifier
* @param cipher_algo Symmetric cipher to use
* @param hash_algo Hash algorithm to use
* @param m Value derived from session key (RFC 6637)
* @param Q Recipient public key
* @param fingerprint Recipient fingerprint
* @returns Returns public part of ephemeral key and encoded session key
*/
function encrypt(
oid: type.oid.OID,
cipher_algo: enums.symmetric,
hash_algo: enums.hash,
m: type.mpi.MPI,
Q: Uint8Array,
fingerprint: string,
): Promise<{ V: BN; C: BN }>;
/**
* Generate ECDHE secret from private key and public part of ephemeral key
* @param curve Elliptic curve object
* @param V Public part of ephemeral key
* @param d Recipient private key
* @returns Generated ephemeral secret
*/
function genPrivateEphemeralKey(curve: curve.Curve, V: Uint8Array, d: Uint8Array): Promise<BN>;
/**
* Decrypt and unwrap the value derived from session key
* @param oid Elliptic curve object identifier
* @param cipher_algo Symmetric cipher to use
* @param hash_algo Hash algorithm to use
* @param V Public part of ephemeral key
* @param C Encrypted and wrapped value derived from session key
* @param d Recipient private key
* @param fingerprint Recipient fingerprint
* @returns Value derived from session
*/
function decrypt(
oid: type.oid.OID,
cipher_algo: enums.symmetric,
hash_algo: enums.hash,
V: Uint8Array,
C: Uint8Array,
d: Uint8Array,
fingerprint: string,
): Promise<BN>;
}
namespace ecdsa {
/**
* Sign a message using the provided key
* @param oid Elliptic curve object identifier
* @param hash_algo Hash algorithm used to sign
* @param m Message to sign
* @param d Private key used to sign the message
* @param hashed The hashed message
* @returns Signature of the message
*/
function sign(
oid: type.oid.OID,
hash_algo: enums.hash,
m: Uint8Array,
d: Uint8Array,
hashed: Uint8Array,
): object;
/**
* Verifies if a signature is valid for a message
* @param oid Elliptic curve object identifier
* @param hash_algo Hash algorithm used in the signature
* @param signature Signature to verify
* @param m Message to verify
* @param Q Public key used to verify the message
* @param hashed The hashed message
* @returns
*/
function verify(
oid: type.oid.OID,
hash_algo: enums.hash,
signature: object,
m: Uint8Array,
Q: Uint8Array,
hashed: Uint8Array,
): boolean;
}
namespace eddsa {
/**
* Sign a message using the provided keygit
* @param oid Elliptic curve object identifier
* @param hash_algo Hash algorithm used to sign
* @param m Message to sign
* @param d Private key used to sign
* @param hashed The hashed message
* @returns Signature of the message
*/
function sign(
oid: type.oid.OID,
hash_algo: enums.hash,
m: Uint8Array,
d: Uint8Array,
hashed: Uint8Array,
): object;
/**
* Verifies if a signature is valid for a message
* @param oid Elliptic curve object identifier
* @param hash_algo Hash algorithm used in the signature
* @param signature Signature to verify the message
* @param m Message to verify
* @param Q Public key used to verify the message
* @param hashed The hashed message
* @returns
*/
function verify(
oid: type.oid.OID,
hash_algo: enums.hash,
signature: object,
m: Uint8Array,
Q: Uint8Array,
hashed: Uint8Array,
): boolean;
}
namespace key {
class KeyPair {}
}
}
namespace prime {
/**
* Probabilistic random number generator
* @param bits Bit length of the prime
* @param e Optional RSA exponent to check against the prime
* @param k Optional number of iterations of Miller-Rabin test
* @returns BN
*/
function randomProbablePrime(bits: Integer, e: BN, k: Integer): any;
/**
* Probabilistic primality testing
* @param n Number to test
* @param e Optional RSA exponent to check against the prime
* @param k Optional number of iterations of Miller-Rabin test
* @returns
*/
function isProbablePrime(n: BN, e: BN, k: Integer): boolean;
/**
* Tests whether n is probably prime or not using Fermat's test with b = 2.
* Fails if b^(n-1) mod n === 1.
* @param n Number to test
* @param b Optional Fermat test base
* @returns
*/
function fermat(n: BN, b: Integer): boolean;
/**
* Tests whether n is probably prime or not using the Miller-Rabin test.
* See HAC Remark 4.28.
* @param n Number to test
* @param k Optional number of iterations of Miller-Rabin test
* @param rand Optional function to generate potential witnesses
* @returns
*/
function millerRabin(n: BN, k: Integer, rand: Function): boolean;
}
namespace rsa {
/**
* Create signature
* @param m message
* @param n RSA public modulus
* @param e RSA public exponent
* @param d RSA private exponent
* @returns RSA Signature
*/
function sign(m: BN, n: BN, e: BN, d: BN): BN;
/**
* Verify signature
* @param s signature
* @param n RSA public modulus
* @param e RSA public exponent
* @returns
*/
function verify(s: BN, n: BN, e: BN): BN;
/**
* Encrypt message
* @param m message
* @param n RSA public modulus
* @param e RSA public exponent
* @returns RSA Ciphertext
*/
function encrypt(m: BN, n: BN, e: BN): BN;
/**
* Decrypt RSA message
* @param m message
* @param n RSA public modulus
* @param e RSA public exponent
* @param d RSA private exponent
* @param p RSA private prime p
* @param q RSA private prime q
* @param u RSA private inverse of prime q
* @returns RSA Plaintext
*/
function decrypt(m: BN, n: BN, e: BN, d: BN, p: BN, q: BN, u: BN): BN;
/**
* Generate a new random private key B bits long with public exponent E.
* When possible, webCrypto is used. Otherwise, primes are generated using
* 40 rounds of the Miller-Rabin probabilistic random prime generation algorithm.
* @see module:crypto/public_key/prime
* @param B RSA bit length
* @param E RSA public exponent in hex string
* @returns RSA public modulus, RSA public exponent, RSA private exponent,
* RSA private prime p, RSA private prime q, u = q ** -1 mod p
*/
function generate(B: Integer, E: string): object;
}
}
namespace random {
/**
* Retrieve secure random byte array of the specified length
* @param length Length in bytes to generate
* @returns Random byte array
*/
function getRandomBytes(length: Integer): Uint8Array;
/**
* Create a secure random MPI that is greater than or equal to min and less than max.
* @param min Lower bound, included
* @param max Upper bound, excluded
* @returns Random MPI
*/
function getRandomBN(min: type.mpi.MPI, max: type.mpi.MPI): BN;
/**
* Buffer for secure random numbers
*/
function RandomBuffer(): void;
}
namespace signature {
/**
* Verifies the signature provided for data using specified algorithms and public key parameters.
* See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}
* and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}
* for public key and hash algorithms.
* @param algo Public key algorithm
* @param hash_algo Hash algorithm
* @param msg_MPIs Algorithm-specific signature parameters
* @param pub_MPIs Algorithm-specific public key parameters
* @param data Data for which the signature was created
* @param hashed The hashed data
* @returns True if signature is valid
*/
function verify(
algo: enums.publicKey,
hash_algo: enums.hash,
msg_MPIs: type.mpi.MPI[],
pub_MPIs: type.mpi.MPI[],
data: Uint8Array,
hashed: Uint8Array,
): boolean;
/**
* Creates a signature on data using specified algorithms and private key parameters.
* See {@link https://tools.ietf.org/html/rfc4880#section-9.1|RFC 4880 9.1}
* and {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC 4880 9.4}
* for public key and hash algorithms.
* @param algo Public key algorithm
* @param hash_algo Hash algorithm
* @param key_params Algorithm-specific public and private key parameters
* @param data Data to be signed
* @param hashed The hashed data
* @returns Signature
*/
function sign(
algo: enums.publicKey,
hash_algo: enums.hash,
key_params: type.mpi.MPI[],
data: Uint8Array,
hashed: Uint8Array,
): Uint8Array;
}
}
export namespace eme {
/**
* Create a EME-PKCS1-v1_5 padded message
* @see
* @param M message to be encoded
* @param k the length in octets of the key modulus
* @returns EME-PKCS1 padded message
*/
function encode(M: string, k: Integer): Promise<String>;
/**
* Decode a EME-PKCS1-v1_5 padded message
* @see
* @param EM encoded message, an octet string
* @returns message, an octet string
*/
function decode(EM: string): string;
}
export namespace emsa {
/**
* Create a EMSA-PKCS1-v1_5 padded message
* @see
* @param algo Hash algorithm type used
* @param hashed message to be encoded
* @param emLen intended length in octets of the encoded message
* @returns encoded message
*/
function encode(algo: Integer, hashed: Uint8Array, emLen: Integer): string;
}
export namespace encoding {
namespace armor {
/**
* Add additional information to the armor version of an OpenPGP binary
* packet block.
* @version 2011-12-16
* @param customComment (optional) additional comment to add to the armored string
* @returns The header information
*/
function addheader(customComment: string): string;
/**
* Calculates a checksum over the given data and returns it base64 encoded
* @param data Data to create a CRC-24 checksum for
* @returns Base64 encoded checksum
*/
function getCheckSum(data: string | ReadableStream<String>): string | ReadableStream<String>;
/**
* Internal function to calculate a CRC-24 checksum over a given string (data)
* @param data Data to create a CRC-24 checksum for
* @returns The CRC-24 checksum
*/
function createcrc24(data: string | ReadableStream<String>): Uint8Array | ReadableStream<Uint8Array>;
/**
* Splits a message into two parts, the body and the checksum. This is an internal function
* @param text OpenPGP armored message part
* @returns An object with attribute "body" containing the body
* and an attribute "checksum" containing the checksum.
*/
function splitChecksum(text: string): object;
/**
* DeArmor an OpenPGP armored message; verify the checksum and return
* the encoded bytes
* @param text OpenPGP armored message
* @returns An object with attribute "text" containing the message text,
* an attribute "data" containing a stream of bytes and "type" for the ASCII armor type
*/
function dearmor(text: string): Promise<Object>;
/**
* Armor an OpenPGP binary packet block
* @param messagetype type of the message
* @param body
* @param partindex
* @param parttotal
* @param customComment (optional) additional comment to add to the armored string
* @returns Armored text
*/
function armor(
messagetype: Integer,
body: any,
partindex: Integer,
parttotal: Integer,
customComment?: string,
): string | ReadableStream<String>;
}
namespace base64 {
/**
* Convert binary array to radix-64
* @param t Uint8Array to convert
* @param u if true, output is URL-safe
* @returns radix-64 version of input string
*/
function s2r(t: Uint8Array | ReadableStream<Uint8Array>, u?: boolean): string | ReadableStream<String>;
/**
* Convert radix-64 to binary array
* @param t radix-64 string to convert
* @param u if true, input is interpreted as URL-safe
* @returns binary array version of input string
*/
function r2s(t: string | ReadableStream<String>, u: boolean): Uint8Array | ReadableStream<Uint8Array>;
}
}
export namespace enums {
/**
* Maps curve names under various standards to one
* @see
*/
enum curve {
/**
* NIST P-256 Curve
*/
p256 = "p256",
"P-256" = "p256",
secp256r1 = "p256",
prime256v1 = "p256",
"1.2.840.10045.3.1.7" = "p256",
"2a8648ce3d030107" = "p256",
"2A8648CE3D030107" = "p256",
/**
* NIST P-384 Curve
*/
p384 = "p384",
"P-384" = "p384",
secp384r1 = "p384",
"1.3.132.0.34" = "p384",
"2b81040022" = "p384",
"2B81040022" = "p384",
/**
* NIST P-521 Curve
*/
p521 = "p521",
"P-521" = "p521",
secp521r1 = "p521",
"1.3.132.0.35" = "p521",
"2b81040023" = "p521",
"2B81040023" = "p521",
/**
* SECG SECP256k1 Curve
*/
secp256k1 = "secp256k1",
"1.3.132.0.10" = "secp256k1",
"2b8104000a" = "secp256k1",
"2B8104000A" = "secp256k1",
/**
* Ed25519
*/
ED25519 = "ed25519",
ed25519 = "ed25519",
Ed25519 = "ed25519",
"1.3.6.1.4.1.11591.15.1" = "ed25519",
"2b06010401da470f01" = "ed25519",
"2B06010401DA470F01" = "ed25519",
/**
* Curve25519
*/
X25519 = "curve25519",
cv25519 = "curve25519",
curve25519 = "curve25519",
Curve25519 = "curve25519",
"1.3.6.1.4.1.3029.1.5.1" = "curve25519",
"2b060104019755010501" = "curve25519",
"2B060104019755010501" = "curve25519",
/**
* BrainpoolP256r1 Curve
*/
brainpoolP256r1 = "brainpoolP256r1",
"1.3.36.3.3.2.8.1.1.7" = "brainpoolP256r1",
"2b2403030208010107" = "brainpoolP256r1",
"2B2403030208010107" = "brainpoolP256r1",
/**
* BrainpoolP384r1 Curve
*/
brainpoolP384r1 = "brainpoolP384r1",
"1.3.36.3.3.2.8.1.1.11" = "brainpoolP384r1",
"2b240303020801010b" = "brainpoolP384r1",
"2B240303020801010B" = "brainpoolP384r1",
/**
* BrainpoolP512r1 Curve
*/
brainpoolP512r1 = "brainpoolP512r1",
"1.3.36.3.3.2.8.1.1.13" = "brainpoolP512r1",
"2b240303020801010d" = "brainpoolP512r1",
"2B240303020801010D" = "brainpoolP512r1",
}
/**
* A string to key specifier type
*/
enum s2k {
simple = 0,
salted = 1,
iterated = 3,
gnu = 101,
}
/**
* {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.1|RFC4880bis-04, section 9.1}
*/
enum publicKey {
/**
* RSA (Encrypt or Sign) [HAC]
*/
rsa_encrypt_sign = 1,
/**
* RSA (Encrypt only) [HAC]
*/
rsa_encrypt = 2,
/**
* RSA (Sign only) [HAC]
*/
rsa_sign = 3,
/**
* Elgamal (Encrypt only) [ELGAMAL] [HAC]
*/
elgamal = 16,
/**
* DSA (Sign only) [FIPS186] [HAC]
*/
dsa = 17,
/**
* ECDH (Encrypt only) [RFC6637]
*/
ecdh = 18,
/**
* ECDSA (Sign only) [RFC6637]
*/
ecdsa = 19,
/**
* EdDSA (Sign only)
* [ {@link https://tools.ietf.org/html/draft-koch-eddsa-for-openpgp-04|Draft RFC}]
*/
eddsa = 22,
/**
* Reserved for AEDH
*/
aedh = 23,
/**
* Reserved for AEDSA
*/
aedsa = 24,
}
/**
* {@link https://tools.ietf.org/html/rfc4880#section-9.2|RFC4880, section 9.2}
*/
enum symmetric {
plaintext = 0,
/**
* Not implemented!
*/
idea = 1,
"3des" = 2,
tripledes = 2,
cast5 = 3,
blowfish = 4,
aes128 = 7,
aes192 = 8,
aes256 = 9,
twofish = 10,
}
/**
* {@link https://tools.ietf.org/html/rfc4880#section-9.3|RFC4880, section 9.3}
*/
enum compression {
uncompressed = 0,
/**
* RFC1951
*/
zip = 1,
/**
* RFC1950
*/
zlib = 2,
bzip2 = 3,
}
/**
* {@link https://tools.ietf.org/html/rfc4880#section-9.4|RFC4880, section 9.4}
*/
enum hash {
md5 = 1,
sha1 = 2,
ripemd = 3,
sha256 = 8,
sha384 = 9,
sha512 = 10,
sha224 = 11,
}
/**
* A list of hash names as accepted by webCrypto functions.
* {@link https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest|Parameters, algo}
*/
enum webHash {
"SHA-1" = 2,
"SHA-256" = 8,
"SHA-384" = 9,
"SHA-512" = 10,
}
/**
* {@link https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-04#section-9.6|RFC4880bis-04, section 9.6}
*/
enum aead {
eax = 1,
ocb = 2,
experimental_gcm = 100,
}
/**
* A list of packet types and numeric tags associated with them.
*/
enum packet {
publicKeyEncryptedSessionKey = 1,
signature = 2,
symEncryptedSessionKey = 3,
onePassSignature = 4,
secretKey = 5,
publicKey = 6,
secretSubkey = 7,
compressed = 8,
symmetricallyEncrypted = 9,
marker = 10,
literal = 11,
trust = 12,
userid = 13,
publicSubkey = 14,
userAttribute = 17,
symEncryptedIntegrityProtected = 18,
modificationDetectionCode = 19,
symEncryptedAEADProtected = 20,
}
/**
* Data types in the literal packet
*/
enum literal {
/**
* Binary data 'b'
*/
binary = "",
/**
* Text data 't'
*/
text = "",
/**
* Utf8 data 'u'
*/
utf8 = "",
/**
* MIME message body part 'm'
*/
mime = "",
}
/**
* One pass signature packet type
*/
enum signature {
/**
* 0x00: Signature of a binary document.
*/
binary = 0,
/**
* 0x01: Signature of a canonical text document.
* Canonicalyzing the document by converting line endings.
*/
text = 1,
/**
* 0x02: Standalone signature.
* This signature is a signature of only its own subpacket contents.
* It is calculated identically to a signature over a zero-lengh
* binary document. Note that it doesn't make sense to have a V3
* standalone signature.
*/
standalone = 2,
/**
* 0x10: Generic certification of a User ID and Public-Key packet.
* The issuer of this certification does not make any particular
* assertion as to how well the certifier has checked that the owner
* of the key is in fact the person described by the User ID.
*/
cert_generic = 16,
/**
* 0x11: Persona certification of a User ID and Public-Key packet.
* The issuer of this certification has not done any verification of
* the claim that the owner of this key is the User ID specified.
*/
cert_persona = 17,
/**
* 0x12: Casual certification of a User ID and Public-Key packet.
* The issuer of this certification has done some casual
* verification of the claim of identity.
*/
cert_casual = 18,
/**
* 0x13: Positive certification of a User ID and Public-Key packet.
* The issuer of this certification has done substantial
* verification of the claim of identity.
* Most OpenPGP implementations make their "key signatures" as 0x10
* certifications. Some implementations can issue 0x11-0x13
* certifications, but few differentiate between the types.
*/
cert_positive = 19,
/**
* 0x30: Certification revocation signature
* This signature revokes an earlier User ID certification signature
* (signature class 0x10 through 0x13) or direct-key signature
* (0x1F). It should be issued by the same key that issued the
* revoked signature or an authorized revocation key. The signature
* is computed over the same data as the certificate that it
* revokes, and should have a later creation date than that
* certificate.
*/
cert_revocation = 48,
/**
* 0x18: Subkey Binding Signature
* This signature is a statement by the top-level signing key that
* indicates that it owns the subkey. This signature is calculated
* directly on the primary key and subkey, and not on any User ID or
* other packets. A signature that binds a signing subkey MUST have
* an Embedded Signature subpacket in this binding signature that
* contains a 0x19 signature made by the signing subkey on the
* primary key and subkey.
*/
subkey_binding = 24,
/**
* 0x19: Primary Key Binding Signature
* This signature is a statement by a signing subkey, indicating
* that it is owned by the primary key and subkey. This signature
* is calculated the same way as a 0x18 signature: directly on the
* primary key and subkey, and not on any User ID or other packets.
* When a signature is made over a key, the hash data starts with the
* octet 0x99, followed by a two-octet length of the key, and then body
* of the key packet. (Note that this is an old-style packet header for
* a key packet with two-octet length.) A subkey binding signature
* (type 0x18) or primary key binding signature (type 0x19) then hashes
* the subkey using the same format as the main key (also using 0x99 as
* the first octet).
*/
key_binding = 25,
/**
* 0x1F: Signature directly on a key
* This signature is calculated directly on a key. It binds the
* information in the Signature subpackets to the key, and is
* appropriate to be used for subpackets that provide information
* about the key, such as the Revocation Key subpacket. It is also
* appropriate for statements that non-self certifiers want to make
* about the key itself, rather than the binding between a key and a
* name.
*/
key = 31,
/**
* 0x20: Key revocation signature
* The signature is calculated directly on the key being revoked. A
* revoked key is not to be used. Only revocation signatures by the
* key being revoked, or by an authorized revocation key, should be
* considered valid revocation signatures.a
*/
key_revocation = 32,
/**
* 0x28: Subkey revocation signature
* The signature is calculated directly on the subkey being revoked.
* A revoked subkey is not to be used. Only revocation signatures
* by the top-level signature key that is bound to this subkey, or
* by an authorized revocation key, should be considered valid
* revocation signatures.
* Key revocation signatures (types 0x20 and 0x28)
* hash only the key being revoked.
*/
subkey_revocation = 40,
/**
* 0x40: Timestamp signature.
* This signature is only meaningful for the timestamp contained in
* it.
*/
timestamp = 64,
/**
* 0x50: Third-Party Confirmation signature.
* This signature is a signature over some other OpenPGP Signature
* packet(s). It is analogous to a notary seal on the signed data.
* A third-party signature SHOULD include Signature Target
* subpacket(s) to give easy identification. Note that we really do
* mean SHOULD. There are plausible uses for this (such as a blind
* party that only sees the signature, not the key or source
* document) that cannot include a target subpacket.
*/
third_party = 80,
}
/**
* Signature subpacket type
*/
enum signatureSubpacket {
signature_creation_time = 2,