1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
changes from 1.2 to 1.3
-----------------------
* drop support for Python 2.7 and 3.5 (support Python 3.6 - 3.12)
* typo fixes in documentation
* have test suite not rely on current date/time
* update certificates in tests to support newer cryptography
changes from 1.1 to 1.2
-----------------------
* sort namespace declarations alphabetically in generated XML
* accept keys as bytearray values
* spelling fixes in documentation
* command-line utilities now support using - as stdin
* test and build environment improvements
* drop support for Python 3.4
* add support for Python 3.8 - 3.10 (was already working out-of-the-box)
changes from 1.0 to 1.1
-----------------------
* portability fixes for test suite
* add a remove_encryption() function
* always write a 1.0 PSKC version, even when another version was read
* correctly write a PSKC file with a global IV
* correctly write a PSKC file without a MAC key
* add a pskc2pskc script for converting a legacy PSKC file to a RFC 6030
compliant version and for adding or removing encryption
* add a csv2pskc script for generating a PSKC file from a CSV file
* make all the scripts (pskc2csv, pskc2pskc and csv2pskc) entry points so
they are available on package installation
changes from 0.5 to 1.0
-----------------------
* fix a bug in writing passphrase encrypted PSKC files on Python3
* fix a typo in the pin_max_failed_attempts attribute (the old name is
available as a deprecated property)
* switch from pycrypto to cryptography as provider for encryption functions
because the latter is better supported
* switch to using the PBKDF2 implementation from hashlib which requires
Python 2.7.8 or newer
* use defusedxml when available (python-pskc now supports both standard
xml.etree and lxml with and without defusedxml)
* support checking and generating embedded XML signatures (this requires the
signxml library which is not required for any other operations)
* add limited support for very old draft PSKC versions (it is speculated that
this resembles the "Verisign PSKC format" that some applications produce)
* support Camellia-CBC and KW-Camellia encryption algorithms
* support any hashing algorithm available in Python
* add a --secret-encoding option to pskc2csv to allow base64 encoded binary
output
* support naming the CSV column headers in pskc2csv
* add a manual page for pskc2csv
* a number of documentation, code style and test suite improvements
changes from 0.4 to 0.5
-----------------------
* numerous compatibility improvements for reading PSKC files that do not
follow the RFC 6030 schema exactly: specifically accept a number of old
Internet Draft specifications that preceded RFC 6030 and support an
ActivIdentity file format
* split device information from key information (keep old API available) to
allow multiple keys per device (this is not allowed by RFC 6030 but was
allowed in older Internet Drafts)
* accept MAC to be over plaintext in addition to ciphertext
* fall back to using encryption key as MAC key
* refactoring of some encryption, parsing and serialising functionality into
separate modules for better maintainability
* add configuration for running test suite via Tox
* addition of a large number of test cases, bringing the branch coverage to
100%
* documentation improvements
* drop official support for Python 2.6 (the module still works but is just no
longer tested with it)
changes from 0.3 to 0.4
-----------------------
* add support for writing encrypted PSKC files (with either a pre-shared key
or PBKDF2 password-based encryption)
* extend may_use() policy checking function to check for unknown policy
elements and key expiry
* add a number of tests for existing vendor PSKC files and have full line
coverage with tests
* be more lenient in handling a number of XML files (e.g. automatically
sanitise encryption algorithm URIs, ignore XML namespaces and support more
spellings of some properties)
* support reading password or key files in pskc2csv
* support Python 3 in the pskc2csv script (thanks Mathias Laurin)
* refactoring and clean-ups to be more easily extendible (thanks Mathias
Laurin)
changes from 0.2 to 0.3
-----------------------
* support writing unencrypted PSKC files
* include a sample pskc2csv script in the source code
* fix an issue with XML namespaces for PBKDF2 parameters
* support Python 3
* update documentation
changes from 0.1 to 0.2
-----------------------
* raise exceptions on parsing, decryption and other problems
* support Python 2.6 and multiple ElementTree implementations (lxml is
required when using Python 2.6)
* support more encryption algorithms (AES128-CBC, AES192-CBC, AES256-CBC,
TripleDES-CBC, KW-AES128, KW-AES192, KW-AES256 and KW-TripleDES) and be
more lenient in accepting algorithm URIs
* support all HMAC algorithms that Python's hashlib module has hash functions
for (HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 and
HMAC-SHA512)
* support PRF attribute of PBKDF2 algorithm
* support creating PSKC objects and keys
* when accessing values for which a MAC is present, a MAC failure will raise
an exception (DecryptionError)
* many code cleanups
* improve test coverage
changes in 0.1
--------------
Initial release
|