Releases: pyauth/python-pkcs11
Releases · pyauth/python-pkcs11
v0.9.0
v0.9.0
This tag was signed with the committer’s verified signature.
MatthiasValvekens
Matthias Valvekens
5a258d7
This commit was signed with the committer’s verified signature.
MatthiasValvekens
Matthias Valvekens
A source distribution and wheels for common platforms have been published to PyPI.
Summary of changes
- Internal restructuring to allow loading (and unloading) multiple PKCS#11 libraries
- Better operation & cancellation management for search, encryption/decryption and signing/verification.
- Allow batch operations for search and attribute fetching.
- Support user-supplied attribute mappings via the
AttributeMapperclass, in a forward-compatible manner. - Enable AES-GCM and AES-CTR in tokens that support these primitives.
- Map
CKR_PIN_LEN_RANGEerror code. - Defensively decode the empty string as
Falsefor boolean attributes. - Correct X.509 EC public-key extraction logic.
- Test with multiple token implementations in CI (SoftHSMv2 and opencryptoki for now).
There should not be any API-breaking changes in the public API, except for users extending the shim classes in the types module (e.g. for use in test mocks).
v0.8.1
v0.8.1
This tag was signed with the committer’s verified signature.
MatthiasValvekens
Matthias Valvekens
a7e0505
This commit was signed with the committer’s verified signature.
MatthiasValvekens
Matthias Valvekens
v0.8.0
v0.8.0
This tag was signed with the committer’s verified signature.
MatthiasValvekens
Matthias Valvekens
b8fe284
This commit was signed with the committer’s verified signature.
MatthiasValvekens
Matthias Valvekens
v0.7.0
Changes in this release
- Release the GIL during PKCS#11 calls, so that the asyncio ThreadExecutor can be used on slow PKCS#11 calls.
- Add flag to use protected authentication path for login
- Add method to reinitialize PCKS#11 for broken implementations
- Fix decoding of EC private keys in util
v0.6.0
v0.5.0
Changes in this release:
- Switch to the updated 2016 version of PKCS#11 v2.4
- Use the new values for
AES_KEY_WRAPandAES_KEY_WRAP_PAD(#15). - Add additional new mechanisms from most recent specification
API Breaking Changes
AES_KEY_WRAPis now the default mechanism for wrapping AES keys, replacing ECB.
GPG Signature
This tag is signed with GPG key 1172 FC7B 4B57 5575 0C65 F9A5 44B8 0C28 0F80 807C.
v0.4.0
Changes in this release:
- Port the utilities from
pyasn1toasn1cryptowhich is faster and more widely used, with more up to date structures, also includes features such as PEM detecting and armoring/unarmoring that a lot of people need.
API breaking changes:
- EC named curves are now strings either as a common name (e.g.
secp256r1) or OIDs. This is a break from previously when they werepyasn1constants. This change should be easier for everyone involved.
GPG Signature
This tag is signed with GPG key 1172 FC7B 4B57 5575 0C65 F9A5 44B8 0C28 0F80 807C.
v0.3.0
Changes in this release:
- Fix bugs with string handling for information coming from library, slot and token
- Add certificate, key and signature interchange functions for X.509 and OpenSSL
- Fix bugs/add tests when exchanging data with OpenSSL/Python crypto libraries
- Cache object properties
- Fix encoding of EC_POINT for
derive_key - Use
AES_MACas the default signing/verification mechanism for AES - Fix some crashes, e.g. when no mechanisms are present