UNPKG

openpgp/openpgp.d.ts

Version:
39.9 kBTypeScriptView Raw
1/**
2 * Type definitions for OpenPGP.js http://openpgpjs.org/
3 *
4 * Contributors:
5 *  - FlowCrypt a. s. <https://flowcrypt.com>
6 *  - Guillaume Lacasa <https://blog.lacasa.fr>
7 *  - Errietta Kostala <https://github.com/errietta>
8 */
9
10import type { WebStream as GenericWebStream, NodeStream as GenericNodeStream } from '@openpgp/web-stream-tools';
11
12/* ############## v5 KEY #################### */
13// The Key and PublicKey types can be used interchangably since TS cannot detect the difference, as they have the same class properties.
14// The declared readKey(s) return type is Key instead of a PublicKey since it seems more obvious that a Key can be cast to a PrivateKey.
15export function readKey(options: { armoredKey: string, config?: PartialConfig }): Promise<Key>;
16export function readKey(options: { binaryKey: Uint8Array, config?: PartialConfig }): Promise<Key>;
17export function readKeys(options: { armoredKeys: string, config?: PartialConfig }): Promise<Key[]>;
18export function readKeys(options: { binaryKeys: Uint8Array, config?: PartialConfig }): Promise<Key[]>;
19export function readPrivateKey(options: { armoredKey: string, config?: PartialConfig }): Promise<PrivateKey>;
20export function readPrivateKey(options: { binaryKey: Uint8Array, config?: PartialConfig }): Promise<PrivateKey>;
21export function readPrivateKeys(options: { armoredKeys: string, config?: PartialConfig }): Promise<PrivateKey[]>;
22export function readPrivateKeys(options: { binaryKeys: Uint8Array, config?: PartialConfig }): Promise<PrivateKey[]>;
23export function generateKey(options: GenerateKeyOptions & { format?: 'armored' }): Promise<SerializedKeyPair<string> & { revocationCertificate: string }>;
24export function generateKey(options: GenerateKeyOptions & { format: 'binary' }): Promise<SerializedKeyPair<Uint8Array> & { revocationCertificate: string }>;
25export function generateKey(options: GenerateKeyOptions & { format: 'object' }): Promise<KeyPair & { revocationCertificate: string }>;
26export function decryptKey(options: { privateKey: PrivateKey; passphrase?: MaybeArray<string>; config?: PartialConfig }): Promise<PrivateKey>;
27export function encryptKey(options: { privateKey: PrivateKey; passphrase?: MaybeArray<string>; config?: PartialConfig }): Promise<PrivateKey>;
28export function reformatKey(options: { privateKey: PrivateKey; userIDs?: MaybeArray<UserID>; passphrase?: string; keyExpirationTime?: number; date?: Date, format?: 'armored', config?: PartialConfig }): Promise<SerializedKeyPair<string> & { revocationCertificate: string }>;
29export function reformatKey(options: { privateKey: PrivateKey; userIDs?: MaybeArray<UserID>; passphrase?: string; keyExpirationTime?: number; date?: Date, format: 'binary', config?: PartialConfig }): Promise<SerializedKeyPair<Uint8Array> & { revocationCertificate: string }>;
30export function reformatKey(options: { privateKey: PrivateKey; userIDs?: MaybeArray<UserID>; passphrase?: string; keyExpirationTime?: number; date?: Date, format: 'object', config?: PartialConfig }): Promise<KeyPair & { revocationCertificate: string }>;
31export function revokeKey(options: { key: PrivateKey, reasonForRevocation?: ReasonForRevocation, date?: Date, format?: 'armored', config?: PartialConfig }): Promise<SerializedKeyPair<string>>;
32export function revokeKey(options: { key: PrivateKey, reasonForRevocation?: ReasonForRevocation, date?: Date, format: 'binary', config?: PartialConfig }): Promise<SerializedKeyPair<Uint8Array>>;
33export function revokeKey(options: { key: PrivateKey, reasonForRevocation?: ReasonForRevocation, date?: Date, format: 'object', config?: PartialConfig }): Promise<KeyPair>;
34export function revokeKey(options: { key: PrivateKey, revocationCertificate: string, date?: Date, format?: 'armored', config?: PartialConfig }): Promise<SerializedKeyPair<string>>;
35export function revokeKey(options: { key: PrivateKey, revocationCertificate: string, date?: Date, format: 'binary', config?: PartialConfig }): Promise<SerializedKeyPair<Uint8Array>>;
36export function revokeKey(options: { key: PrivateKey, revocationCertificate: string, date?: Date, format: 'object', config?: PartialConfig }): Promise<KeyPair>;
37export function revokeKey(options: { key: PublicKey, revocationCertificate: string, date?: Date, format?: 'armored', config?: PartialConfig }): Promise<{ publicKey: string, privateKey: null }>;
38export function revokeKey(options: { key: PublicKey, revocationCertificate: string, date?: Date, format: 'binary', config?: PartialConfig }): Promise<{ publicKey: Uint8Array, privateKey: null }>;
39export function revokeKey(options: { key: PublicKey, revocationCertificate: string, date?: Date, format: 'object', config?: PartialConfig }): Promise<{ publicKey: PublicKey, privateKey: null }>;
40
41export abstract class Key {
42  public readonly keyPacket: PublicKeyPacket | SecretKeyPacket;
43  public subkeys: Subkey[]; // do not add/replace users directly
44  public users: User[]; // do not add/replace subkeys directly
45  public revocationSignatures: SignaturePacket[];
46  public write(): Uint8Array;
47  public armor(config?: Config): string;
48  public getExpirationTime(userID?: UserID, config?: Config): Promise<Date | typeof Infinity | null>;
49  public getKeyIDs(): KeyID[];
50  public getPrimaryUser(date?: Date, userID?: UserID, config?: Config): Promise<PrimaryUser>; // throws on error
51  public getUserIDs(): string[];
52  public isPrivate(): this is PrivateKey;
53  public toPublic(): PublicKey;
54  // NB: the order of the `update` declarations matters, since PublicKey includes PrivateKey
55  public update(sourceKey: PrivateKey, date?: Date, config?: Config): Promise<PrivateKey>;
56  public update(sourceKey: PublicKey, date?: Date, config?: Config): Promise<PublicKey>;
57  public signPrimaryUser(privateKeys: PrivateKey[], date?: Date, userID?: UserID, config?: Config): Promise<this>
58  public signAllUsers(privateKeys: PrivateKey[], date?: Date, config?: Config): Promise<this>
59  public verifyPrimaryKey(date?: Date, userID?: UserID, config?: Config): Promise<void>; // throws on error
60  public verifyPrimaryUser(publicKeys: PublicKey[], date?: Date, userIDs?: UserID, config?: Config): Promise<{ keyID: KeyID, valid: boolean | null }[]>;
61  public verifyAllUsers(publicKeys?: PublicKey[], date?: Date, config?: Config): Promise<{ userID: string, keyID: KeyID, valid: boolean | null }[]>;
62  public isRevoked(signature?: SignaturePacket, key?: AnyKeyPacket, date?: Date, config?: Config): Promise<boolean>;
63  public getRevocationCertificate(date?: Date, config?: Config): Promise<MaybeStream<string> | undefined>;
64  public getEncryptionKey(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise<this | Subkey>;
65  public getSigningKey(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise<this | Subkey>;
66  public getKeys(keyID?: KeyID): (this | Subkey)[];
67  public getSubkeys(keyID?: KeyID): Subkey[];
68  public getFingerprint(): string;
69  public getCreationTime(): Date;
70  public getAlgorithmInfo(): AlgorithmInfo;
71  public getKeyID(): KeyID;
72  public toPacketList(): PacketList<AllowedKeyPackets>;
73}
74
75type AllowedKeyPackets = PublicKeyPacket | PublicSubkeyPacket | SecretKeyPacket | SecretSubkeyPacket | UserIDPacket | UserAttributePacket | SignaturePacket;
76export class PublicKey extends Key {
77  constructor(packetlist: PacketList<AnyPacket>);
78}
79
80export class PrivateKey extends PublicKey {
81  constructor(packetlist: PacketList<AnyPacket>);
82  public revoke(reason?: ReasonForRevocation, date?: Date, config?: Config): Promise<PrivateKey>;
83  public isDecrypted(): boolean;
84  public addSubkey(options: SubkeyOptions): Promise<PrivateKey>;
85  public getDecryptionKeys(keyID?: KeyID, date?: Date | null, userID?: UserID, config?: Config): Promise<PrivateKey | Subkey>
86  public update(sourceKey: PublicKey, date?: Date, config?: Config): Promise<PrivateKey>;
87}
88
89export class Subkey {
90  constructor(subkeyPacket: SecretSubkeyPacket | PublicSubkeyPacket, mainKey: PublicKey);
91  public readonly keyPacket: SecretSubkeyPacket | PublicSubkeyPacket;
92  public readonly mainKey: PublicKey;
93  public bindingSignatures: SignaturePacket[];
94  public revocationSignatures: SignaturePacket[];
95  public verify(date?: Date, config?: Config): Promise<SignaturePacket>;
96  public isDecrypted(): boolean;
97  public getFingerprint(): string;
98  public getCreationTime(): Date;
99  public getAlgorithmInfo(): AlgorithmInfo;
100  public getKeyID(): KeyID;
101  public getExpirationTime(date?: Date, config?: Config): Promise<Date | typeof Infinity | null>
102  public isRevoked(signature: SignaturePacket, key: AnyKeyPacket, date?: Date, config?: Config): Promise<boolean>;
103  public update(subKey: Subkey, date?: Date, config?: Config): Promise<void>
104  public revoke(primaryKey: SecretKeyPacket, reasonForRevocation?: ReasonForRevocation, date?: Date, config?: Config): Promise<Subkey>;
105}
106
107export interface User {
108  userID: UserIDPacket | null;
109  userAttribute: UserAttributePacket | null;
110  selfCertifications: SignaturePacket[];
111  otherCertifications: SignaturePacket[];
112  revocationSignatures: SignaturePacket[];
113}
114
115export interface PrimaryUser {
116  index: number;
117  user: User;
118  selfCertification: SignaturePacket;
119}
120
121type AlgorithmInfo = {
122  algorithm: enums.publicKeyNames;
123  bits?: number;
124  curve?: EllipticCurveName;
125};
126
127/* ############## v5 SIG #################### */
128
129export function readSignature(options: { armoredSignature: string, config?: PartialConfig }): Promise<Signature>;
130export function readSignature(options: { binarySignature: Uint8Array, config?: PartialConfig }): Promise<Signature>;
131
132export class Signature {
133  public readonly packets: PacketList<SignaturePacket>;
134  constructor(packetlist: PacketList<SignaturePacket>);
135  public write(): MaybeStream<Uint8Array>;
136  public armor(config?: Config): string;
137  public getSigningKeyIDs(): Array<KeyID>;
138}
139
140interface VerificationResult {
141  keyID: KeyID;
142  verified: Promise<true>; // throws on invalid signature
143  signature: Promise<Signature>;
144}
145
146/* ############## v5 CLEARTEXT #################### */
147
148export function readCleartextMessage(options: { cleartextMessage: string, config?: PartialConfig }): Promise<CleartextMessage>;
149
150export function createCleartextMessage(options: { text: string }): Promise<CleartextMessage>;
151
152/** Class that represents an OpenPGP cleartext signed message.
153 */
154export class CleartextMessage {
155  /** Returns ASCII armored text of cleartext signed message
156   */
157  armor(config?: Config): string;
158
159  /** Returns the key IDs of the keys that signed the cleartext message
160   */
161  getSigningKeyIDs(): KeyID[];
162
163  /** Get cleartext
164   */
165  getText(): string;
166
167  /** Sign the cleartext message
168   *
169   *  @param privateKeys private keys with decrypted secret key data for signing
170   */
171  sign(privateKeys: PrivateKey[], signature?: Signature, signingKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], notations?: RawNotation[], config?: Config): void;
172
173  /** Verify signatures of cleartext signed message
174   *  @param keys array of keys to verify signatures
175   */
176  verify(keys: PublicKey[], date?: Date, config?: Config): Promise<VerificationResult[]>;
177}
178
179/* ############## v5 MSG #################### */
180export function generateSessionKey(options: { encryptionKeys: MaybeArray<PublicKey>, date?: Date, encryptionUserIDs?: MaybeArray<UserID>, config?: PartialConfig }): Promise<SessionKey>;
181export function encryptSessionKey(options: EncryptSessionKeyOptions & { format?: 'armored' }): Promise<string>;
182export function encryptSessionKey(options: EncryptSessionKeyOptions & { format: 'binary' }): Promise<Uint8Array>;
183export function encryptSessionKey(options: EncryptSessionKeyOptions & { format: 'object' }): Promise<Message<Data>>;
184export function decryptSessionKeys<T extends MaybeStream<Data>>(options: { message: Message<T>, decryptionKeys?: MaybeArray<PrivateKey>, passwords?: MaybeArray<string>, date?: Date, config?: PartialConfig }): Promise<SessionKey[]>;
185
186export function readMessage<T extends MaybeStream<string>>(options: { armoredMessage: T, config?: PartialConfig }): Promise<Message<T>>;
187export function readMessage<T extends MaybeStream<Uint8Array>>(options: { binaryMessage: T, config?: PartialConfig }): Promise<Message<T>>;
188
189export function createMessage<T extends MaybeStream<string>>(options: { text: T, filename?: string, date?: Date, format?: enums.literalFormatNames }): Promise<Message<T>>;
190export function createMessage<T extends MaybeStream<Uint8Array>>(options: { binary: T, filename?: string, date?: Date, format?: enums.literalFormatNames }): Promise<Message<T>>;
191
192export function encrypt<T extends MaybeStream<Data>>(options: EncryptOptions & { message: Message<T>, format?: 'armored' }): Promise<
193  T extends WebStream<infer X> ? WebStream<string> :
194  T extends NodeStream<infer X> ? NodeStream<string> :
195  string
196>;
197export function encrypt<T extends MaybeStream<Data>>(options: EncryptOptions & { message: Message<T>, format: 'binary' }): Promise<
198  T extends WebStream<infer X> ? WebStream<Uint8Array> :
199  T extends NodeStream<infer X> ? NodeStream<Uint8Array> :
200  Uint8Array
201>;
202export function encrypt<T extends MaybeStream<Data>>(options: EncryptOptions & { message: Message<T>, format: 'object' }): Promise<Message<T>>;
203
204export function sign<T extends MaybeStream<Data>>(options: SignOptions & { message: Message<T>, format?: 'armored' }): Promise<
205  T extends WebStream<infer X> ? WebStream<string> :
206  T extends NodeStream<infer X> ? NodeStream<string> :
207  string
208>;
209export function sign<T extends MaybeStream<Data>>(options: SignOptions & { message: Message<T>, format: 'binary' }): Promise<
210  T extends WebStream<infer X> ? WebStream<Uint8Array> :
211  T extends NodeStream<infer X> ? NodeStream<Uint8Array> :
212  Uint8Array
213>;
214export function sign<T extends MaybeStream<Data>>(options: SignOptions & { message: Message<T>, format: 'object' }): Promise<Message<T>>;
215export function sign(options: SignOptions & { message: CleartextMessage, format?: 'armored' }): Promise<string>;
216export function sign(options: SignOptions & { message: CleartextMessage, format: 'object' }): Promise<CleartextMessage>;
217
218export function decrypt<T extends MaybeStream<Data>>(options: DecryptOptions & { message: Message<T>, format: 'binary' }): Promise<DecryptMessageResult & {
219  data:
220  T extends WebStream<infer X> ? WebStream<Uint8Array> :
221  T extends NodeStream<infer X> ? NodeStream<Uint8Array> :
222  Uint8Array
223}>;
224export function decrypt<T extends MaybeStream<Data>>(options: DecryptOptions & { message: Message<T> }): Promise<DecryptMessageResult & {
225  data:
226  T extends WebStream<infer X> ? WebStream<string> :
227  T extends NodeStream<infer X> ? NodeStream<string> :
228  string
229}>;
230
231export function verify(options: VerifyOptions & { message: CleartextMessage, format?: 'utf8' }): Promise<VerifyMessageResult<string>>;
232export function verify<T extends MaybeStream<Data>>(options: VerifyOptions & { message: Message<T>, format: 'binary' }): Promise<VerifyMessageResult<
233  T extends WebStream<infer X> ? WebStream<Uint8Array> :
234  T extends NodeStream<infer X> ? NodeStream<Uint8Array> :
235  Uint8Array
236>>;
237export function verify<T extends MaybeStream<Data>>(options: VerifyOptions & { message: Message<T> }): Promise<VerifyMessageResult<
238  T extends WebStream<infer X> ? WebStream<string> :
239  T extends NodeStream<infer X> ? NodeStream<string> :
240  string
241>>;
242
243/** Class that represents an OpenPGP message.  Can be an encrypted message, signed message, compressed message or literal message
244 */
245export class Message<T extends MaybeStream<Data>> {
246
247  public readonly packets: PacketList<AnyPacket>;
248  constructor(packetlist: PacketList<AnyPacket>);
249
250  /** Returns binary representation of message
251   */
252  public write(): MaybeStream<Uint8Array>;
253
254  /** Returns ASCII armored text of message
255   */
256  public armor(config?: Config): string;
257
258  /** Decrypt the message
259      @param decryptionKeys array of private keys with decrypted secret data
260  */
261  public decrypt(decryptionKeys?: PrivateKey[], passwords?: string[], sessionKeys?: SessionKey[], date?: Date, config?: Config): Promise<Message<MaybeStream<Data>>>;
262
263  /** Encrypt the message
264      @param encryptionKeys array of public keys, used to encrypt the message
265  */
266  public encrypt(encryptionKeys?: PublicKey[],  passwords?: string[], sessionKeys?: SessionKey[], wildcard?: boolean, encryptionKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], config?: Config): Promise<Message<MaybeStream<Data>>>;
267
268  /** Returns the key IDs of the keys to which the session key is encrypted
269   */
270  public getEncryptionKeyIDs(): KeyID[];
271
272  /** Get literal data that is the body of the message
273   */
274  public getLiteralData(): (T extends Stream<Data> ? WebStream<Uint8Array> : Uint8Array) | null;
275
276  /** Returns the key IDs of the keys that signed the message
277   */
278  public getSigningKeyIDs(): KeyID[];
279
280  /** Get literal data as text
281   */
282  public getText(): (T extends Stream<Data> ? WebStream<string> : string) | null;
283
284  public getFilename(): string | null;
285
286  /** Sign the message (the literal data packet of the message)
287      @param signingKeys private keys with decrypted secret key data for signing
288  */
289  public sign(signingKeys: PrivateKey[], signature?: Signature, signingKeyIDs?: KeyID[], date?: Date, userIDs?: UserID[], notations?: RawNotation[], config?: Config): Promise<Message<T>>;
290
291  /** Unwrap compressed message
292   */
293  public unwrapCompressed(): Message<T>;
294
295  /** Verify message signatures
296      @param verificationKeys array of public keys to verify signatures
297  */
298  public verify(verificationKeys: PublicKey[], date?: Date, config?: Config): Promise<VerificationResult[]>;
299
300  /**
301   * Append signature to unencrypted message object
302   * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature
303   */
304  public appendSignature(detachedSignature: string | Uint8Array, config?: Config): Promise<void>;
305}
306
307
308/* ############## v5 CONFIG #################### */
309
310interface Config {
311  preferredHashAlgorithm: enums.hash;
312  preferredSymmetricAlgorithm: enums.symmetric;
313  preferredCompressionAlgorithm: enums.compression;
314  showVersion: boolean;
315  showComment: boolean;
316  deflateLevel: number;
317  aeadProtect: boolean;
318  allowUnauthenticatedMessages: boolean;
319  allowUnauthenticatedStream: boolean;
320  checksumRequired: boolean;
321  minRSABits: number;
322  passwordCollisionCheck: boolean;
323  revocationsExpire: boolean;
324  ignoreUnsupportedPackets: boolean;
325  ignoreMalformedPackets: boolean;
326  versionString: string;
327  commentString: string;
328  allowInsecureDecryptionWithSigningKeys: boolean;
329  allowInsecureVerificationWithReformattedKeys: boolean;
330  constantTimePKCS1Decryption: boolean;
331  constantTimePKCS1DecryptionSupportedSymmetricAlgorithms: Set<enums.symmetric>;
332  v5Keys: boolean;
333  preferredAEADAlgorithm: enums.aead;
334  aeadChunkSizeByte: number;
335  s2kIterationCountByte: number;
336  minBytesForWebCrypto: number;
337  maxUserIDLength: number;
338  knownNotations: string[];
339  useIndutnyElliptic: boolean;
340  rejectHashAlgorithms: Set<enums.hash>;
341  rejectMessageHashAlgorithms: Set<enums.hash>;
342  rejectPublicKeyAlgorithms: Set<enums.publicKey>;
343  rejectCurves: Set<enums.curve>;
344}
345export var config: Config;
346
347// PartialConfig has the same properties as Config, but declared as optional.
348// This interface is relevant for top-level functions, which accept a subset of configuration options
349interface PartialConfig extends Partial<Config> {}
350
351/* ############## v5 PACKET #################### */
352
353declare abstract class BasePacket {
354  static readonly tag: enums.packet;
355  public read(bytes: Uint8Array): void;
356  public write(): Uint8Array;
357}
358
359/**
360 * The relationship between the KeyPacket classes is modeled by considering the following:
361 * - A Secret (Sub)Key Packet can always be used when a Public one is expected.
362 * - A Subkey Packet cannot always be used when a Primary Key Packet is expected (and vice versa).
363 */
364declare abstract class BasePublicKeyPacket extends BasePacket {
365  public algorithm: enums.publicKey;
366  public created: Date;
367  public version: number;
368  public getAlgorithmInfo(): AlgorithmInfo;
369  public getFingerprint(): string;
370  public getFingerprintBytes(): Uint8Array | null;
371  public hasSameFingerprintAs(other: BasePublicKeyPacket): boolean;
372  public getCreationTime(): Date;
373  public getKeyID(): KeyID;
374  public isDecrypted(): boolean;
375  public publicParams: object;
376  // `isSubkey` is a dummy method to ensure that Subkey packets are not accepted as Key one, and vice versa.
377  // The key class hierarchy is already modelled to cover this, but the concrete key packet classes
378  // have compatible structure and TS can't detect the difference.
379  protected isSubkey(): boolean;
380}
381
382export class PublicKeyPacket extends BasePublicKeyPacket {
383  static readonly tag: enums.packet.publicKey;
384  protected isSubkey(): false;
385}
386
387export class PublicSubkeyPacket extends BasePublicKeyPacket {
388  static readonly tag: enums.packet.publicSubkey;
389  protected isSubkey(): true;
390}
391
392declare abstract class BaseSecretKeyPacket extends BasePublicKeyPacket {
393  public privateParams: object | null;
394  public encrypt(passphrase: string, config?: Config): Promise<void>; // throws on error
395  public decrypt(passphrase: string): Promise<void>; // throws on error
396  public validate(): Promise<void>; // throws on error
397  public isDummy(): boolean;
398  public isMissingSecretKeyMaterial(): boolean;
399  public makeDummy(config?: Config): void;
400}
401
402export class SecretKeyPacket extends BaseSecretKeyPacket {
403  static readonly tag: enums.packet.secretKey;
404  protected isSubkey(): false;
405}
406
407export class SecretSubkeyPacket extends BaseSecretKeyPacket {
408  static readonly tag: enums.packet.secretSubkey;
409  protected isSubkey(): true;
410}
411
412export class CompressedDataPacket extends BasePacket {
413  static readonly tag: enums.packet.compressedData;
414  private compress(): void;
415  private decompress(config?: Config): void;
416}
417
418export class SymEncryptedIntegrityProtectedDataPacket extends BasePacket {
419  static readonly tag: enums.packet.symEncryptedIntegrityProtectedData;
420}
421
422export class AEADEncryptedDataPacket extends BasePacket {
423  static readonly tag: enums.packet.aeadEncryptedData;
424  private decrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array, config?: Config): void;
425  private encrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array, config?: Config): void;
426  private crypt(fn: Function, sessionKey: Uint8Array, data: MaybeStream<Uint8Array>): MaybeStream<Uint8Array>
427}
428
429export class PublicKeyEncryptedSessionKeyPacket extends BasePacket {
430  static readonly tag: enums.packet.publicKeyEncryptedSessionKey;
431  private decrypt(keyPacket: SecretKeyPacket): void; // throws on error
432  private encrypt(keyPacket: PublicKeyPacket): void; // throws on error
433}
434
435export class SymEncryptedSessionKeyPacket extends BasePacket {
436  static readonly tag: enums.packet.symEncryptedSessionKey;
437  private decrypt(passphrase: string): Promise<void>;
438  private encrypt(passphrase: string, config?: Config): Promise<void>;
439}
440
441export class LiteralDataPacket extends BasePacket {
442  static readonly tag: enums.packet.literalData;
443  private getText(clone?: boolean): MaybeStream<string>;
444  private getBytes(clone?: boolean): MaybeStream<Uint8Array>;
445  private setText(text: MaybeStream<string>, format?: enums.literal);
446  private setBytes(bytes: MaybeStream<Uint8Array>, format: enums.literal);
447  private setFilename(filename: string);
448  private getFilename(): string;
449  private writeHeader(): Uint8Array;
450}
451
452export class SymmetricallyEncryptedDataPacket extends BasePacket {
453  static readonly tag: enums.packet.symmetricallyEncryptedData;
454  private decrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array, config?: Config): void;
455  private encrypt(sessionKeyAlgorithm: enums.symmetric, sessionKey: Uint8Array, config?: Config): void;
456}
457
458export class MarkerPacket extends BasePacket {
459  static readonly tag: enums.packet.marker;
460}
461
462export class UserAttributePacket extends BasePacket {
463  static readonly tag: enums.packet.userAttribute;
464  private equals(packet: UserAttributePacket): boolean;
465}
466
467export class OnePassSignaturePacket extends BasePacket {
468  static readonly tag: enums.packet.onePassSignature;
469  public correspondingSig?: Promise<SignaturePacket>;
470  private verify: SignaturePacket['verify'];
471}
472
473export class UserIDPacket extends BasePacket {
474  static readonly tag: enums.packet.userID;
475  public readonly name: string;
476  public readonly comment: string;
477  public readonly email: string;
478  public readonly userID: string;
479  static fromObject(userID: UserID): UserIDPacket;
480}
481
482export class SignaturePacket extends BasePacket {
483  static readonly tag: enums.packet.signature;
484  public version: number;
485  public signatureType: enums.signature | null;
486  public hashAlgorithm: enums.hash | null;
487  public publicKeyAlgorithm: enums.publicKey | null;
488  public signatureData: null | Uint8Array;
489  public unhashedSubpackets: null | Uint8Array;
490  public signedHashValue: null | Uint8Array;
491  public created: Date | null;
492  public signatureExpirationTime: null | number;
493  public signatureNeverExpires: boolean;
494  public exportable: null | boolean;
495  public trustLevel: null | number;
496  public trustAmount: null | number;
497  public regularExpression: null | number;
498  public revocable: null | boolean;
499  public keyExpirationTime: null | number;
500  public keyNeverExpires: null | boolean;
501  public preferredSymmetricAlgorithms: enums.symmetric[] | null;
502  public revocationKeyClass: null | number;
503  public revocationKeyAlgorithm: null | enums.publicKey;
504  public revocationKeyFingerprint: null | Uint8Array;
505  public issuerKeyID: KeyID;
506  public notation: null | { [name: string]: string };
507  public preferredHashAlgorithms: enums.hash[] | null;
508  public preferredCompressionAlgorithms: enums.compression[] | null;
509  public keyServerPreferences: null | number[];
510  public preferredKeyServer: null | string;
511  public isPrimaryUserID: null | boolean;
512  public policyURI: null | string;
513  public keyFlags: Uint8Array | null;
514  public signersUserID: null | string;
515  public reasonForRevocationFlag: null | enums.reasonForRevocation;
516  public reasonForRevocationString: null | string;
517  public features: Uint8Array | null;
518  public signatureTargetPublicKeyAlgorithm: enums.publicKey | null;
519  public signatureTargetHashAlgorithm: enums.hash | null;
520  public signatureTargetHash: null | string;
521  public embeddedSignature: null | SignaturePacket;
522  public issuerKeyVersion: null | number;
523  public issuerFingerprint: null | Uint8Array;
524  public preferredAEADAlgorithms: enums.aead[] | null;
525  public revoked: null | boolean;
526  public rawNotations: RawNotation[];
527  public sign(key: AnySecretKeyPacket, data: Uint8Array, date?: Date, detached?: boolean): Promise<void>;
528  public verify(key: AnyKeyPacket, signatureType: enums.signature, data: Uint8Array | object, date?: Date, detached?: boolean, config?: Config): Promise<void>; // throws on error
529  public isExpired(date?: Date): boolean;
530  public getExpirationTime(): Date | typeof Infinity;
531}
532
533export interface RawNotation {
534  name: string;
535  value: Uint8Array;
536  humanReadable: boolean;
537  critical: boolean;
538}
539
540export class TrustPacket extends BasePacket {
541  static readonly tag: enums.packet.trust;
542}
543
544export class UnparseablePacket {
545  tag: enums.packet;
546  write: () => Uint8Array;
547}
548
549export type AnyPacket = BasePacket | UnparseablePacket;
550export type AnySecretKeyPacket = SecretKeyPacket | SecretSubkeyPacket;
551export type AnyKeyPacket = BasePublicKeyPacket;
552
553type AllowedPackets = Map<enums.packet, object>; // mapping to Packet classes (i.e. typeof LiteralDataPacket etc.)
554export class PacketList<T extends AnyPacket> extends Array<T> {
555  static fromBinary(bytes: MaybeStream<Uint8Array>, allowedPackets: AllowedPackets, config?: Config): PacketList<AnyPacket>; // the packet types depend on`allowedPackets`
556  public read(bytes: MaybeStream<Uint8Array>, allowedPackets: AllowedPackets, config?: Config): void;
557  public write(): Uint8Array;
558  public filterByTag(...args: enums.packet[]): PacketList<T>;
559  public indexOfTag(...tags: enums.packet[]): number[];
560  public findPacket(tag: enums.packet): T | undefined;
561}
562
563/* ############## v5 STREAM #################### */
564
565type Data = Uint8Array | string;
566export interface WebStream<T extends Data> extends GenericWebStream<T> {}
567export interface NodeStream<T extends Data> extends GenericNodeStream<T> {}
568export type Stream<T extends Data> = WebStream<T> | NodeStream<T>;
569export type MaybeStream<T extends Data> = T | Stream<T>;
570
571/* ############## v5 GENERAL #################### */
572type MaybeArray<T> = T | Array<T>;
573
574export interface UserID { name?: string; email?: string; comment?: string; }
575export interface SessionKey {
576  data: Uint8Array;
577  algorithm: enums.symmetricNames;
578  aeadAlgorithm?: enums.aeadNames;
579}
580
581export interface ReasonForRevocation { flag?: enums.reasonForRevocation, string?: string }
582
583interface EncryptOptions {
584  /** message to be encrypted as created by createMessage */
585  message: Message<MaybeStream<Data>>;
586  /** (optional) array of keys or single key, used to encrypt the message */
587  encryptionKeys?: MaybeArray<PublicKey>;
588  /** (optional) private keys for signing. If omitted message will not be signed */
589  signingKeys?: MaybeArray<PrivateKey>;
590  /** (optional) array of passwords or a single password to encrypt the message */
591  passwords?: MaybeArray<string>;
592  /** (optional) session key */
593  sessionKey?: SessionKey;
594  /** if the return values should be ascii armored or the message/signature objects */
595  format?: 'armored' | 'binary' | 'object';
596  /** (optional) if the signature should be detached (if true, signature will be added to returned object) */
597  signature?: Signature;
598  /** (optional) encrypt as of a certain date */
599  date?: Date;
600  /** (optional) use a key ID of 0 instead of the public key IDs */
601  wildcard?: boolean;
602  /** (optional) Array of key IDs to use for signing. Each `signingKeyIDs[i]` corresponds to `signingKeys[i]` */
603  signingKeyIDs?: MaybeArray<KeyID>;
604  /** (optional) Array of key IDs to use for encryption. Each `encryptionKeyIDs[i]` corresponds to `encryptionKeys[i]`*/
605  encryptionKeyIDs?: MaybeArray<KeyID>;
606  /** (optional) Array of user IDs to sign with, e.g. { name:'Steve Sender', email:'steve@openpgp.org' } */
607  signingUserIDs?: MaybeArray<UserID>;
608  /** (optional) array of user IDs to encrypt for, e.g. { name:'Robert Receiver', email:'robert@openpgp.org' } */
609  encryptionUserIDs?: MaybeArray<UserID>;
610  /** (optional) array of notations to add to the signatures, e.g. { name: 'test@example.org', value: new TextEncoder().encode('test'), humanReadable: true, critical: false } */
611  signatureNotations?: MaybeArray<RawNotation>;
612  config?: PartialConfig;
613}
614
615interface DecryptOptions {
616  /** the message object with the encrypted data */
617  message: Message<MaybeStream<Data>>;
618  /** (optional) private keys with decrypted secret key data or session key */
619  decryptionKeys?: MaybeArray<PrivateKey>;
620  /** (optional) passwords to decrypt the message */
621  passwords?: MaybeArray<string>;
622  /** (optional) session keys in the form: { data:Uint8Array, algorithm:String } */
623  sessionKeys?: MaybeArray<SessionKey>;
624  /** (optional) array of public keys or single key, to verify signatures */
625  verificationKeys?: MaybeArray<PublicKey>;
626  /** (optional) whether data decryption should fail if the message is not signed with the provided publicKeys */
627  expectSigned?: boolean;
628  /** (optional) whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. */
629  format?: 'utf8' | 'binary';
630  /** (optional) detached signature for verification */
631  signature?: Signature;
632  /** (optional) use the given date for verification instead of the current time */
633  date?: Date;
634  config?: PartialConfig;
635}
636
637interface SignOptions {
638  message: CleartextMessage | Message<MaybeStream<Data>>;
639  signingKeys: MaybeArray<PrivateKey>;
640  format?: 'armored' | 'binary' | 'object';
641  detached?: boolean;
642  signingKeyIDs?: MaybeArray<KeyID>;
643  date?: Date;
644  signingUserIDs?: MaybeArray<UserID>;
645  signatureNotations?: MaybeArray<RawNotation>;
646  config?: PartialConfig;
647}
648
649interface VerifyOptions {
650  /** (cleartext) message object with signatures */
651  message: CleartextMessage | Message<MaybeStream<Data>>;
652  /** array of publicKeys or single key, to verify signatures */
653  verificationKeys: MaybeArray<PublicKey>;
654  /** (optional) whether verification should throw if the message is not signed with the provided publicKeys */
655  expectSigned?: boolean;
656  /** (optional) whether to return data as a string(Stream) or Uint8Array(Stream). If 'utf8' (the default), also normalize newlines. */
657  format?: 'utf8' | 'binary';
658  /** (optional) detached signature for verification */
659  signature?: Signature;
660  /** (optional) use the given date for verification instead of the current time */
661  date?: Date | null;
662  config?: PartialConfig;
663}
664
665interface EncryptSessionKeyOptions extends SessionKey {
666  encryptionKeys?: MaybeArray<PublicKey>,
667  passwords?: MaybeArray<string>,
668  format?: 'armored' | 'binary' | 'object',
669  date?: Date,
670  wildcard?: boolean,
671  encryptionKeyIDs?: MaybeArray<KeyID>,
672  encryptionUserIDs?: MaybeArray<UserID>,
673  config?: PartialConfig
674}
675
676interface SerializedKeyPair<T extends string|Uint8Array> {
677  privateKey: T;
678  publicKey: T;
679}
680interface KeyPair {
681  privateKey: PrivateKey;
682  publicKey: PublicKey;
683}
684
685export type EllipticCurveName = 'ed25519' | 'curve25519' | 'p256' | 'p384' | 'p521' | 'secp256k1' | 'brainpoolP256r1' | 'brainpoolP384r1' | 'brainpoolP512r1';
686
687interface GenerateKeyOptions {
688  userIDs: MaybeArray<UserID>;
689  passphrase?: string;
690  type?: 'ecc' | 'rsa';
691  curve?: EllipticCurveName;
692  rsaBits?: number;
693  keyExpirationTime?: number;
694  date?: Date;
695  subkeys?: SubkeyOptions[];
696  format?: 'armored' | 'object' | 'binary';
697  config?: PartialConfig;
698}
699export type KeyOptions = GenerateKeyOptions;
700
701interface SubkeyOptions {
702  type?: 'ecc' | 'rsa';
703  curve?: EllipticCurveName;
704  rsaBits?: number;
705  keyExpirationTime?: number;
706  date?: Date;
707  sign?: boolean;
708  config?: PartialConfig;
709}
710
711declare class KeyID {
712  bytes: string;
713  equals(keyID: KeyID, matchWildcard?: boolean): boolean;
714  toHex(): string;
715  static fromID(hex: string): KeyID;
716}
717
718interface DecryptMessageResult {
719  data: MaybeStream<Data>;
720  signatures: VerificationResult[];
721  filename: string;
722}
723
724interface VerifyMessageResult<T extends MaybeStream<Data> = MaybeStream<Data>> {
725  data: T;
726  signatures: VerificationResult[];
727}
728
729
730/**
731 * Armor an OpenPGP binary packet block
732 */
733export function armor(messagetype: enums.armor, body: object, partindex?: number, parttotal?: number, customComment?: string, config?: Config): string;
734
735/**
736 * DeArmor an OpenPGP armored message; verify the checksum and return the encoded bytes
737 */
738export function unarmor(input: string, config?: Config): Promise<{ text: string, data: Stream<Uint8Array>, type: enums.armor }>;
739
740/* ############## v5 ENUMS #################### */
741
742export namespace enums {
743  function read(type: typeof armor, e: armor): armorNames;
744  function read(type: typeof compression, e: compression): compressionNames;
745  function read(type: typeof hash, e: hash): hashNames;
746  function read(type: typeof packet, e: packet): packetNames;
747  function read(type: typeof publicKey, e: publicKey): publicKeyNames;
748  function read(type: typeof symmetric, e: symmetric): symmetricNames;
749  function read(type: typeof keyStatus, e: keyStatus): keyStatusNames;
750  function read(type: typeof keyFlags, e: keyFlags): keyFlagsNames;
751
752  export type armorNames = 'multipartSection' | 'multipartLast' | 'signed' | 'message' | 'publicKey' | 'privateKey';
753  enum armor {
754    multipartSection = 0,
755    multipartLast = 1,
756    signed = 2,
757    message = 3,
758    publicKey = 4,
759    privateKey = 5,
760    signature = 6,
761  }
762
763  enum reasonForRevocation {
764    noReason = 0, // No reason specified (key revocations or cert revocations)
765    keySuperseded = 1, // Key is superseded (key revocations)
766    keyCompromised = 2, // Key material has been compromised (key revocations)
767    keyRetired = 3, // Key is retired and no longer used (key revocations)
768    userIDInvalid = 32, // User ID information is no longer valid (cert revocations)
769  }
770
771  export type compressionNames = 'uncompressed' | 'zip' | 'zlib' | 'bzip2';
772  enum compression {
773    uncompressed = 0,
774    zip = 1,
775    zlib = 2,
776    bzip2 = 3,
777  }
778
779  export type hashNames = 'md5' | 'sha1' | 'ripemd' | 'sha256' | 'sha384' | 'sha512' | 'sha224';
780  enum hash {
781    md5 = 1,
782    sha1 = 2,
783    ripemd = 3,
784    sha256 = 8,
785    sha384 = 9,
786    sha512 = 10,
787    sha224 = 11,
788  }
789
790  export type packetNames = 'publicKeyEncryptedSessionKey' | 'signature' | 'symEncryptedSessionKey' | 'onePassSignature' | 'secretKey' | 'publicKey'
791    | 'secretSubkey' | 'compressed' | 'symmetricallyEncrypted' | 'marker' | 'literal' | 'trust' | 'userID' | 'publicSubkey' | 'userAttribute'
792    | 'symEncryptedIntegrityProtected' | 'modificationDetectionCode' | 'AEADEncryptedDataPacket';
793  enum packet {
794    publicKeyEncryptedSessionKey = 1,
795    signature = 2,
796    symEncryptedSessionKey = 3,
797    onePassSignature = 4,
798    secretKey = 5,
799    publicKey = 6,
800    secretSubkey = 7,
801    compressedData = 8,
802    symmetricallyEncryptedData = 9,
803    marker = 10,
804    literalData = 11,
805    trust = 12,
806    userID = 13,
807    publicSubkey = 14,
808    userAttribute = 17,
809    symEncryptedIntegrityProtectedData = 18,
810    modificationDetectionCode = 19,
811    aeadEncryptedData = 20,
812  }
813
814  export type publicKeyNames = 'rsaEncryptSign' | 'rsaEncrypt' | 'rsaSign' | 'elgamal' | 'dsa' | 'ecdh' | 'ecdsa' | 'eddsa' | 'aedh' | 'aedsa';
815  enum publicKey {
816    rsaEncryptSign = 1,
817    rsaEncrypt = 2,
818    rsaSign = 3,
819    elgamal = 16,
820    dsa = 17,
821    ecdh = 18,
822    ecdsa = 19,
823    /** @deprecated use `eddsaLegacy` instead */
824    eddsa = 22,
825    eddsaLegacy = 22,
826    aedh = 23,
827    aedsa = 24,
828  }
829
830  enum curve {
831    p256 = 'p256',
832    p384 = 'p384',
833    p521 = 'p521',
834    /** @deprecated use `ed25519Legacy` instead */
835    ed25519 = 'ed25519',
836    ed25519Legacy = 'ed25519',
837    /** @deprecated use `curve25519Legacy` instead */
838    curve25519 = 'curve25519',
839    curve25519Legacy = 'curve25519',
840    secp256k1 = 'secp256k1',
841    brainpoolP256r1 = 'brainpoolP256r1',
842    brainpoolP384r1 = 'brainpoolP384r1',
843    brainpoolP512r1 = 'brainpoolP512r1'
844  }
845
846  export type symmetricNames = 'plaintext' | 'idea' | 'tripledes' | 'cast5' | 'blowfish' | 'aes128' | 'aes192' | 'aes256' | 'twofish';
847  enum symmetric {
848    plaintext = 0,
849    idea = 1,
850    tripledes = 2,
851    cast5 = 3,
852    blowfish = 4,
853    aes128 = 7,
854    aes192 = 8,
855    aes256 = 9,
856    twofish = 10,
857  }
858
859  export type keyStatusNames = 'invalid' | 'expired' | 'revoked' | 'valid' | 'noSelfCert';
860  enum keyStatus {
861    invalid = 0,
862    expired = 1,
863    revoked = 2,
864    valid = 3,
865    noSelfCert = 4,
866  }
867
868  export type keyFlagsNames = 'certifyKeys' | 'signData' | 'encryptCommunication' | 'encryptStorage' | 'splitPrivateKey' | 'authentication'
869    | 'sharedPrivateKey';
870  enum keyFlags {
871    certifyKeys = 1,
872    signData = 2,
873    encryptCommunication = 4,
874    encryptStorage = 8,
875    splitPrivateKey = 16,
876    authentication = 32,
877    sharedPrivateKey = 128,
878  }
879
880  enum signature {
881    binary = 0,
882    text = 1,
883    standalone = 2,
884    certGeneric = 16,
885    certPersona = 17,
886    certCasual = 18,
887    certPositive = 19,
888    certRevocation = 48,
889    subkeyBinding = 24,
890    keyBinding = 25,
891    key = 31,
892    keyRevocation = 32,
893    subkeyRevocation = 40,
894    timestamp = 64,
895    thirdParty = 80
896  }
897
898  export type aeadNames = 'eax' | 'ocb' | 'gcm';
899  enum aead {
900    eax = 1,
901    ocb = 2,
902    experimentalGCM = 100 // Private algorithm
903  }
904
905  export type literalFormatNames = 'utf8' | 'binary' | 'text' | 'mime'
906  enum literal {
907    binary = 98,
908    text = 116,
909    utf8 = 117,
910    mime = 109
911  }
912}