1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
changes from 1.0 to 1.1
-----------------------
* portability fixes for test suite
* add a remove_encryption() function
* always write a 1.0 PSKC version, even when another version was read
* correctly write a PSKC file with a global IV
* correctly write a PSKC file without a MAC key
* add a pskc2pskc script for converting a legacy PSKC file to a RFC 6030
compliant version and for adding or removing encryption
* add a csv2pskc script for generating a PSKC file from a CSV file
* make all the scripts (pskc2csv, pskc2pskc and csv2pskc) entry points so
they are available on package installation
changes from 0.5 to 1.0
-----------------------
* fix a bug in writing passphrase encrypted PSKC files on Python3
* fix a typo in the pin_max_failed_attempts attribute (the old name is
available as a deprecated property)
* switch from pycrypto to cryptography as provider for encryption functions
because the latter is better supported
* switch to using the PBKDF2 implementation from hashlib which requires
Python 2.7.8 or newer
* use defusedxml when available (python-pskc now supports both standard
xml.etree and lxml with and without defusedxml)
* support checking and generating embedded XML signatures (this requires the
signxml library which is not required for any other operations)
* add limited support for very old draft PSKC versions (it is speculated that
this resembles the "Verisign PSKC format" that some applications produce)
* support Camellia-CBC and KW-Camellia encryption algorithms
* support any hashing algorithm available in Python
* add a --secret-encoding option to pskc2csv to allow base64 encoded binary
output
* support naming the CSV column headers in pskc2csv
* add a manual page for pskc2csv
* a number of documentation, code style and test suite improvements
changes from 0.4 to 0.5
-----------------------
* numerous compatibility improvements for reading PSKC files that do not
follow the RFC 6030 schema exactly: specifically accept a number of old
Internet Draft specifications that preceded RFC 6030 and support an
ActivIdentity file format
* split device information from key information (keep old API available) to
allow multiple keys per device (this is not allowed by RFC 6030 but was
allowed in older Internet Drafts)
* accept MAC to be over plaintext in addition to ciphertext
* fall back to using encryption key as MAC key
* refactoring of some encryption, parsing and serialising functionality into
separate modules for better maintainability
* add configuration for running test suite via Tox
* addition of a large number of test cases, bringing the branch coverage to
100%
* documentation improvements
* drop official support for Python 2.6 (the module still works but is just no
longer tested with it)
changes from 0.3 to 0.4
-----------------------
* add support for writing encrypted PSKC files (with either a pre-shared key
or PBKDF2 password-based encryption)
* extend may_use() policy checking function to check for unknown policy
elements and key expiry
* add a number of tests for existing vendor PSKC files and have full line
coverage with tests
* be more lenient in handling a number of XML files (e.g. automatically
sanitise encryption algorithm URIs, ignore XML namespaces and support more
spellings of some properties)
* support reading password or key files in pskc2csv
* support Python 3 in the pskc2csv script (thanks Mathias Laurin)
* refactoring and clean-ups to be more easily extendible (thanks Mathias
Laurin)
changes from 0.2 to 0.3
-----------------------
* support writing unencrypted PSKC files
* include a sample pskc2csv script in the source code
* fix an issue with XML namespaces for PBKDF2 parameters
* support Python 3
* update documentation
changes from 0.1 to 0.2
-----------------------
* raise exceptions on parsing, decryption and other problems
* support Python 2.6 and multiple ElementTree implementations (lxml is
required when using Python 2.6)
* support more encryption algorithms (AES128-CBC, AES192-CBC, AES256-CBC,
TripleDES-CBC, KW-AES128, KW-AES192, KW-AES256 and KW-TripleDES) and be
more lenient in accepting algorithm URIs
* support all HMAC algorithms that Python's hashlib module has hash functions
for (HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 and
HMAC-SHA512)
* support PRF attribute of PBKDF2 algorithm
* support creating PSKC objects and keys
* when accessing values for which a MAC is present, a MAC failure will raise
an exception (DecryptionError)
* many code cleanups
* improve test coverage
changes in 0.1
--------------
Initial release
|