Update docs to RFC9580 (#306)

ProtonMail · Nov 7, 2024 · f8b97d7 · f8b97d7
1 parent 87b5974
commit f8b97d7
Show file tree

Hide file tree

Showing 8 changed files with 27 additions and 32 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -49,7 +49,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [3.0.0-alpha.0] 2024-01-18
 ### Added
 - New simplified API that is not backward compatible.
-- Full support for the crypto refresh.
+- Full support for RFC 9580.
 - Improved interoperability with other OpenPGP libraries.
 - Streaming support for all operations.
 - Introduces profiles for OpenPGP customization.

diff --git a/README.md b/README.md
@@ -82,18 +82,17 @@ decrypted, err := decHandle.Decrypt(armored, crypto.Armor)
 myMessage := decrypted.Bytes()
 ```
 
-To encrypt with the [latest proposed standard (RFC9580-to-be)](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html):
+To encrypt with the [latest OpenPGP standard (RFC 9580)](https://www.rfc-editor.org/rfc/rfc9580.html):
 ```go
 import "github.com/ProtonMail/gopenpgp/v3/profile"
 
-// Use the profile that conforms with the crypto refresh (RFC9580-to-be).
+// Use the latest OpenPGP standard (RFC 9580).
 pgp := crypto.PGPWithProfile(profile.RFC9580())
-// The default crypto refresh profile uses Argon2 for deriving
-// session keys and uses an AEAD for encryption (AES-256, OCB mode).
-// Encrypt data with password
-...
-// Decrypt data with password
-...
+// The RFC9580 profile uses Argon2 for protecting encrypted keys and
+// messages encrypted using a passphrase, and uses AEAD for encryption
+// (AES-256, OCB mode).
+// Encrypt/Decrypt data with a password
+... // See code snippet above.
 ```
 
 Use a custom or preset profile:
@@ -102,7 +101,7 @@ import "github.com/ProtonMail/gopenpgp/v3/profile"
 
 // RFC4880 profile
 pgp4880 := crypto.PGPWithProfile(profile.RFC4880()) 
-// RFC9580 crypto refresh profile
+// RFC9580 profile
 pgpCryptoRefresh := crypto.PGPWithProfile(profile.RFC9580())
 ```
 
@@ -271,7 +270,7 @@ pgp4880 := crypto.PGPWithProfile(profile.RFC4880())
 pgpCryptoRefresh := crypto.PGPWithProfile(profile.RFC9580())
 
 // Note that RSA keys should not be generated anymore according to
-// RFC9580 (crypto refresh).
+// RFC9580.
 
 keyGenHandle := pgp4880.KeyGeneration().AddUserId(name, email).New()
 // Generates rsa keys with 3072 bits
@@ -284,9 +283,9 @@ keyGenHandle = pgpDefault.KeyGeneration().AddUserId(name, email).New()
 ecKey, err := keyGenHandle.GenerateKey()
 
 keyGenHandle = pgpCryptoRefresh.KeyGeneration().AddUserId(name, email).New()
-// Generates curve25519 v6 keys with RFC9580 (crypto refresh).
+// Generates curve25519 v6 keys with RFC9580.
 ecKey, err = keyGenHandle.GenerateKey()
-// Generates curve448 v6 keys with RFC9580 (crypto refresh).
+// Generates curve448 v6 keys with RFC9580.
 ecKeyHigh, err = keyGenHandle.GenerateKeyWithSecurity(constants.HighSecurity)
 ```
 

diff --git a/crypto/encryption_handle.go b/crypto/encryption_handle.go
@@ -156,7 +156,7 @@ func (eh *encryptionHandle) validate() error {
 func (eh *encryptionHandle) armorChecksumRequired() bool {
 	if !constants.ArmorChecksumEnabled {
 		// If the default behavior is no checksum, we can ignore
-		// the logic for the crypto refresh check.
+		// the logic for the RFC9580 check.
 		return false
 	}
 	encryptionConfig := eh.profile.EncryptionConfig()

diff --git a/crypto/encryption_handle_builder.go b/crypto/encryption_handle_builder.go
@@ -117,7 +117,7 @@ func (ehb *EncryptionHandleBuilder) Password(password []byte) *EncryptionHandleB
 // Compress indicates if the plaintext should be compressed before encryption.
 // Compression affects security and opens the door for side-channel attacks, which
 // might allow to extract the plaintext data without a decryption key.
-// The openpgp crypto refresh recommends to not use compression.
+// RFC9580 recommends to not use compression.
 func (ehb *EncryptionHandleBuilder) Compress() *EncryptionHandleBuilder {
 	ehb.handle.Compression = constants.DefaultCompression
 	return ehb
@@ -126,7 +126,7 @@ func (ehb *EncryptionHandleBuilder) Compress() *EncryptionHandleBuilder {
 // CompressWith indicates if the plaintext should be compressed before encryption.
 // Compression affects security and opens the door for side-channel attacks, which
 // might allow to extract the plaintext data without a decryption key.
-// The openpgp crypto refresh recommends to not use compression.
+// RFC9580 recommends to not use compression.
 // Allowed config options:
 // constants.NoCompression: none, constants.DefaultCompression: profile default
 // constants.ZIPCompression: zip, constants.ZLIBCompression: zlib.

diff --git a/crypto/key_generation.go b/crypto/key_generation.go
@@ -8,14 +8,12 @@ import (
 const (
 	// KeyGenerationRSA4096 allows to override the output key algorithm in key generation to rsa 4096.
 	KeyGenerationRSA4096 int = 1
-	// KeyGenerationC25519 allows to override the output key algorithm in key generation to curve25519.
-	KeyGenerationC25519 int = 2
-	// KeyGenerationC25519 allows to override the output key algorithm in key generation to curve25519 crypto refresh.
-	KeyGenerationC25519Refresh int = 3
-	// KeyGenerationC448 allows to override the output key algorithm in key generation to curve448.
-	KeyGenerationC448 int = 4
-	// KeyGenerationC448Refresh allows to override the output key algorithm in key generation to curve448 crypto refresh.
-	KeyGenerationC448Refresh int = 5
+	// KeyGenerationCurve25519Legacy allows to override the output key algorithm in key generation to curve25519 legacy (as defined in RFC4880bis).
+	KeyGenerationCurve25519Legacy int = 2
+	// KeyGenerationCurve25519 allows to override the output key algorithm in key generation to curve25519 (as defined in RFC9580).
+	KeyGenerationCurve25519 int = 3
+	// KeyGenerationCurve448 allows to override the output key algorithm in key generation to curve448 (as defined in RFC9580).
+	KeyGenerationCurve448 int = 4
 )
 
 type KeyGenerationProfile interface {

diff --git a/crypto/key_generation_handle.go b/crypto/key_generation_handle.go
@@ -98,15 +98,13 @@ func updateConfig(config *packet.Config, algorithm int) {
 	case KeyGenerationRSA4096:
 		config.Algorithm = packet.PubKeyAlgoRSA
 		config.RSABits = 4096
-	case KeyGenerationC25519:
+	case KeyGenerationCurve25519Legacy:
+		config.V6Keys = false
 		config.Algorithm = packet.PubKeyAlgoEdDSA
 		config.Curve = packet.Curve25519
-	case KeyGenerationC25519Refresh:
+	case KeyGenerationCurve25519:
 		config.Algorithm = packet.PubKeyAlgoEd25519
-	case KeyGenerationC448:
-		config.Algorithm = packet.PubKeyAlgoEdDSA
-		config.Curve = packet.Curve448
-	case KeyGenerationC448Refresh:
+	case KeyGenerationCurve448:
 		config.Algorithm = packet.PubKeyAlgoEd448
 	}
 }
diff --git a/crypto/sign_handle.go b/crypto/sign_handle.go
@@ -134,7 +134,7 @@ func (sh *signatureHandle) validate() error {
 func (sh *signatureHandle) armorChecksumRequired() bool {
 	if !constants.ArmorChecksumEnabled {
 		// If the default behavior is no checksum, we can ignore
-		// the logic for the crypto refresh check.
+		// the logic for the RFC9580 check.
 		return false
 	}
 	if sh.SignKeyRing == nil {

diff --git a/profile/preset.go b/profile/preset.go
@@ -52,7 +52,7 @@ func RFC4880() *Custom {
 }
 
 // RFC9580 returns a custom profile for this library
-// that conforms with the algorithms in RFC9580 (crypto refresh).
+// that conforms with the algorithms in RFC9580.
 func RFC9580() *Custom {
 	setKeyAlgorithm := func(cfg *packet.Config, securityLevel int8) {
 		switch securityLevel {