Arthur de Jong

Open Source / Free Software developer

summaryrefslogtreecommitdiffstats
path: root/NEWS
blob: bc5cca8fed4cd0012d9cd0e0536f3f1b72a0a721 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

changes from 1.1 to 1.2
-----------------------

* sort namespace declarations alphabetically in generated XML
* accept keys as bytearray values
* spelling fixes in documentation
* command-line utilities now support using - as stdin
* test and build environment improvements
* drop support for Python 3.4
* add support for Python 3.8 - 3.10 (was already working out-of-the-box)


changes from 1.0 to 1.1
-----------------------

* portability fixes for test suite
* add a remove_encryption() function
* always write a 1.0 PSKC version, even when another version was read
* correctly write a PSKC file with a global IV
* correctly write a PSKC file without a MAC key
* add a pskc2pskc script for converting a legacy PSKC file to a RFC 6030
  compliant version and for adding or removing encryption
* add a csv2pskc script for generating a PSKC file from a CSV file
* make all the scripts (pskc2csv, pskc2pskc and csv2pskc) entry points so
  they are available on package installation


changes from 0.5 to 1.0
-----------------------

* fix a bug in writing passphrase encrypted PSKC files on Python3
* fix a typo in the pin_max_failed_attempts attribute (the old name is
  available as a deprecated property)
* switch from pycrypto to cryptography as provider for encryption functions
  because the latter is better supported
* switch to using the PBKDF2 implementation from hashlib which requires
  Python 2.7.8 or newer
* use defusedxml when available (python-pskc now supports both standard
  xml.etree and lxml with and without defusedxml)
* support checking and generating embedded XML signatures (this requires the
  signxml library which is not required for any other operations)
* add limited support for very old draft PSKC versions (it is speculated that
  this resembles the "Verisign PSKC format" that some applications produce)
* support Camellia-CBC and KW-Camellia encryption algorithms
* support any hashing algorithm available in Python
* add a --secret-encoding option to pskc2csv to allow base64 encoded binary
  output
* support naming the CSV column headers in pskc2csv
* add a manual page for pskc2csv
* a number of documentation, code style and test suite improvements


changes from 0.4 to 0.5
-----------------------

* numerous compatibility improvements for reading PSKC files that do not
  follow the RFC 6030 schema exactly: specifically accept a number of old
  Internet Draft specifications that preceded RFC 6030 and support an
  ActivIdentity file format
* split device information from key information (keep old API available) to
  allow multiple keys per device (this is not allowed by RFC 6030 but was
  allowed in older Internet Drafts)
* accept MAC to be over plaintext in addition to ciphertext
* fall back to using encryption key as MAC key
* refactoring of some encryption, parsing and serialising functionality into
  separate modules for better maintainability
* add configuration for running test suite via Tox
* addition of a large number of test cases, bringing the branch coverage to
  100%
* documentation improvements
* drop official support for Python 2.6 (the module still works but is just no
  longer tested with it)


changes from 0.3 to 0.4
-----------------------

* add support for writing encrypted PSKC files (with either a pre-shared key
  or PBKDF2 password-based encryption)
* extend may_use() policy checking function to check for unknown policy
  elements and key expiry
* add a number of tests for existing vendor PSKC files and have full line
  coverage with tests
* be more lenient in handling a number of XML files (e.g. automatically
  sanitise encryption algorithm URIs, ignore XML namespaces and support more
  spellings of some properties)
* support reading password or key files in pskc2csv
* support Python 3 in the pskc2csv script (thanks Mathias Laurin)
* refactoring and clean-ups to be more easily extendible (thanks Mathias
  Laurin)


changes from 0.2 to 0.3
-----------------------

* support writing unencrypted PSKC files
* include a sample pskc2csv script in the source code
* fix an issue with XML namespaces for PBKDF2 parameters
* support Python 3
* update documentation


changes from 0.1 to 0.2
-----------------------

* raise exceptions on parsing, decryption and other problems
* support Python 2.6 and multiple ElementTree implementations (lxml is
  required when using Python 2.6)
* support more encryption algorithms (AES128-CBC, AES192-CBC, AES256-CBC,
  TripleDES-CBC, KW-AES128, KW-AES192, KW-AES256 and KW-TripleDES) and be
  more lenient in accepting algorithm URIs
* support all HMAC algorithms that Python's hashlib module has hash functions
  for (HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 and
  HMAC-SHA512)
* support PRF attribute of PBKDF2 algorithm
* support creating PSKC objects and keys
* when accessing values for which a MAC is present, a MAC failure will raise
  an exception (DecryptionError)
* many code cleanups
* improve test coverage


changes in 0.1
--------------

Initial release