Releases: secure-systems-lab/securesystemslib
Releases · secure-systems-lab/securesystemslib
v1.1.0
See CHANGELOG.md for details.
v1.0.0
See CHANGELOG.md for details.
v0.31.0
See CHANGELOG.md for details.
0.30.0
This release contains improved Sigstore support.
Changed
- SigstoreSigner adapted to sigstore-python 2.0 API: This allows
improved UX where a new signing identity can be defined using
interactive credentials (browser login):
SigstoreSigner.import_via_auth() - Documentation improvements
Removed
- Python 3.7 is no longer supported
0.29.0
This release is reaping the rewards of the new signer API with four(!) new
signing methods: Two cloud based KMSs, post-quantum crypto support and a
"keyless" signing system.
Advance notice to folks using the keys, ecdsa_keys, rsa_keys and
ed25519_keys modules: these modules are headed for deprecation. Please have
a look at the signer API and get in touch if the functionality you need
isn't there (or if more documentation is needed).
Added
- Sigstore as a new experimental signing method (#552)
- SPHINCS+ as a new experimental signing method (#568)
- Azure Key Vault as a new signing method (#588)
- AWS KMS as a new signing method (#609)
CryptoSigneras a more featureful replacement forSSLibSigner(#604)- Documentation that focuses on the signer API (#634, #622)
Changed
SSLibSignerhas been deprecated: Please useCryptoSignerinstead (#604)keysmodule is not used for signature verification insignerAPI (#585)- Various minor fixes, please see git log for details
New Contributors
- @malancas made their first contribution in #588
- @kommendorkapten made their first contribution in #597
- @ianhundere made their first contribution in #609
Full Changelog: v0.28.0...v0.29.0
Contributors
ianhundere, kommendorkapten, and malancas
Assets 4
v0.28.0
Added
- Signer: auto-keyid helper (#557)
- Signer: de/serialization helpers (#558)
- Signer: tests (#555, #556)
- Sigstore Signer: import methods (#535)
Changed
- HSMSigner: pre-hash data (#548)
- GCP Signer, HSM Signer: auto-keyid computation (#557)
- DSSE: serialize signature data as base64 for compliance (#565)
Removed
Fixed
v0.27.0
Added
- EXPERIMENTAL DSSE implementation (#487)
- EXPERIMENTAL sigstore signer and verifier (#522)
- Minimal TUF/in-toto spec-compliant GPG verifier (#488)
- API-typical 'import' and 'from URI' GPG signer methods (#488)
Changed
- Require public key in GPG signer and disallow subkey signatures (#488)
- Increase GPG subprocess timeout (#502)
- Rename default branch to 'main' (#523)
- Make HSM signer URI configurable (#526)
- Allow tox to skip virtual HSM tests (#528)
- Strip PEM keys to compute keyids consistently (#453)
Removed
Fixed
v0.26.0
Added
- Private key URI schemes for signer instantiation (#456)
- Public key container class for signature verification (#456)
- Post-quantum sphincs+ signing scheme (#427)
- Hardware Security Module (HSM) signing (#472)
- Google Cloud KMS signing (#442, #480)
Changed
- Use pyproject.toml for build configuration (#253)
- Use hatchling as build backend (#484)
- Auto-format and lint all code (#439, #490)
- Various CI and build improvements (#459, #460, #476, #493, #464)
Removed
- Drop colorama optional dependency and colorized output support (#443)
Fixed
v0.25.0
v0.24.0
Added
Changed
- Use max salt lengths in RSA PSS signature creation & automatically verify previous/new
sigs (#422) - Speed up canonical json encoding (#410)
- Bumped dependencies: cffi (#415), colorama (#413), cryptography (#405, #406, #414,
#417, #424, #425), ed25519 (#412) - Changed Debian packaging metadata (#392)