Changes in python-pskc¶
changes from 0.5 to 1.0¶
- fix a bug in writing passphrase encrypted PSKC files on Python3
- fix a typo in the pin_max_failed_attempts attribute (the old name is available as a deprecated property)
- switch from pycrypto to cryptography as provider for encryption functions because the latter is better supported
- switch to using the PBKDF2 implementation from hashlib which requires Python 2.7.8 or newer
- use defusedxml when available (python-pskc now supports both standard xml.etree and lxml with and without defusedxml)
- support checking and generating embedded XML signatures (this requires the signxml library which is not required for any other operations)
- add limited support for very old draft PSKC versions (it is speculated that this resembles the “Verisign PSKC format” that some applications produce)
- support Camellia-CBC and KW-Camellia encryption algorithms
- support any hashing algorithm available in Python
- add a –secret-encoding option to pskc2csv to allow base64 encoded binary output
- support naming the CSV column headers in pskc2csv
- add a manual page for pskc2csv
- a number of documentation, code style and test suite improvements
changes from 0.4 to 0.5¶
- numerous compatibility improvements for reading PSKC files that do not follow the RFC 6030 schema exactly: specifically accept a number of old Internet Draft specifications that preceded RFC 6030 and support an ActivIdentity file format
- split device information from key information (keep old API available) to allow multiple keys per device (this is not allowed by RFC 6030 but was allowed in older Internet Drafts)
- accept MAC to be over plaintext in addition to ciphertext
- fall back to using encryption key as MAC key
- refactoring of some encryption, parsing and serialising functionality into separate modules for better maintainability
- add configuration for running test suite via Tox
- addition of a large number of test cases, bringing the branch coverage to 100%
- documentation improvements
- drop official support for Python 2.6 (the module still works but is just no longer tested with it)
changes from 0.3 to 0.4¶
- add support for writing encrypted PSKC files (with either a pre-shared key or PBKDF2 password-based encryption)
- extend may_use() policy checking function to check for unknown policy elements and key expiry
- add a number of tests for existing vendor PSKC files and have full line coverage with tests
- be more lenient in handling a number of XML files (e.g. automatically sanitise encryption algorithm URIs, ignore XML namespaces and support more spellings of some properties)
- support reading password or key files in pskc2csv
- support Python 3 in the pskc2csv script (thanks Mathias Laurin)
- refactoring and clean-ups to be more easily extendible (thanks Mathias Laurin)
changes from 0.2 to 0.3¶
- support writing unencrypted PSKC files
- include a sample pskc2csv script in the source code
- fix an issue with XML namespaces for PBKDF2 parameters
- support Python 3
- update documentation
changes from 0.1 to 0.2¶
- raise exceptions on parsing, decryption and other problems
- support Python 2.6 and multiple ElementTree implementations (lxml is required when using Python 2.6)
- support more encryption algorithms (AES128-CBC, AES192-CBC, AES256-CBC, TripleDES-CBC, KW-AES128, KW-AES192, KW-AES256 and KW-TripleDES) and be more lenient in accepting algorithm URIs
- support all HMAC algorithms that Python’s hashlib module has hash functions for (HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384 and HMAC-SHA512)
- support PRF attribute of PBKDF2 algorithm
- support creating PSKC objects and keys
- when accessing values for which a MAC is present, a MAC failure will raise an exception (DecryptionError)
- many code cleanups
- improve test coverage
changes in 0.1¶
Initial release