0

We are using PGP encryption to encrypt files before transfer. We are using the npm package OpenPGP.js to encrypt the files using a public key from the recipient. I have exported the public key in armored format to use with openpgp.encrypt function.

Here is the code to encrypt the file:

const publicKey = await openpgp.readKey({ armoredKey: key.publicKey });

const encrypted = await openpgp.encrypt({
    message: await openpgp.createMessage({ text: readStream }), 
    encryptionKeys: publicKey
});

However the function call produces this error:

Error: Error encrypting message: Could not find valid encryption key packet in key ea8be7d9f2fd53a7: elgamal keys are considered too weak.

The output of gpg --list-keys gives the following information

pub   dsa1024 2010-07-23 [SCA]
      ABCDEFGHIJK
uid           [ unknown] my recipient <my.recipient@email.com>
sub   elg2048 2010-07-23 [E]

I'm able to encrypt a file using GnuPG, but OpenPGP does not seem to like the public key. Is this error message valid? Do I need to request another key from the client, or is there a way to bypass this error message?

*Edit: After some research I have found that DSA-1024/(ElGamal-anything) is not safe anymore, so I'll probably have to request new keys be made.

navig8tr
  • 1,724
  • 8
  • 31
  • 69

1 Answers1

1

OpenPGP implementations have different security considerations, and OpenPGP.js seems decided to reject DSA/ElGamal by default via this PR: https://github.com/openpgpjs/openpgpjs/pull/1264/files#

However it is possible to override this behaviour via config, examples are available in tests.

Nickolay Olshevsky
  • 13,706
  • 1
  • 34
  • 48
  • 1
    The config to override the behavior is something like this: ```const encrypted = await openpgp.encrypt({ config: { rejectPublicKeyAlgorithms: new Set(), minRSABits: 0, }, ...``` – stotrami Feb 17 '23 at 22:04