| |
| Revision 0.2.8, released 16-11-2019 |
| ----------------------------------- |
| |
| - Improve test routines for modules that use certificate extensions |
| - Improve test for RFC3709 with a real world certificate |
| - Added RFC7633 providing TLS Features Certificate Extension |
| - Added RFC7229 providing OIDs for Test Certificate Policies |
| - Added tests for RFC3280, RFC3281, RFC3852, and RFC4211 |
| - Added RFC6960 providing Online Certificate Status Protocol (OCSP) |
| - Added RFC6955 providing Diffie-Hellman Proof-of-Possession Algorithms |
| - Updated the handling of maps for use with openType for RFC 3279 |
| - Added RFC6486 providing RPKI Manifests |
| - Added RFC6487 providing Profile for X.509 PKIX Resource Certificates |
| - Added RFC6170 providing Certificate Image in the Internet X.509 Public |
| Key Infrastructure, and import the object identifier into RFC3709. |
| - Added RFC6187 providing Certificates for Secure Shell Authentication |
| - Added RFC6482 providing RPKI Route Origin Authorizations (ROAs) |
| - Added RFC6664 providing S/MIME Capabilities for Public Keys |
| - Added RFC6120 providing Extensible Messaging and Presence Protocol |
| names in certificates |
| - Added RFC4985 providing Subject Alternative Name for expression of |
| service names in certificates |
| - Added RFC5924 providing Extended Key Usage for Session Initiation |
| Protocol (SIP) in X.509 certificates |
| - Added RFC5916 providing Device Owner Attribute |
| - Added RFC7508 providing Securing Header Fields with S/MIME |
| - Update RFC8226 to use ComponentPresentConstraint() instead of the |
| previous work around |
| - Add RFC2631 providing OtherInfo for Diffie-Hellman Key Agreement |
| - Add RFC3114 providing test values for the S/MIME Security Label |
| - Add RFC5755 providing Attribute Certificate Profile for Authorization |
| - Add RFC5913 providing Clearance Attribute and Authority Clearance |
| Constraints Certificate Extension |
| - Add RFC5917 providing Clearance Sponsor Attribute |
| - Add RFC4043 providing Internet X.509 PKI Permanent Identifier |
| - Add RFC7585 providing Network Access Identifier (NAI) Realm Name |
| for Certificates |
| - Update RFC3770 to support openType for attributes and reported errata |
| - Add RFC4334 providing Certificate Extensions and Attributes for |
| Authentication in PPP and Wireless LAN Networks |
| |
| Revision 0.2.7, released 09-10-2019 |
| ----------------------------------- |
| |
| - Added maps for use with openType to RFC 3565 |
| - Added RFC2985 providing PKCS#9 Attributes |
| - Added RFC3770 providing Certificate Extensions and Attributes for |
| Authentication in PPP and Wireless LAN Networks |
| - Added RFC5914 providing Trust Anchor Format |
| - Added RFC6010 providing CMS Content Constraints (CCC) Extension |
| - Added RFC6031 providing CMS Symmetric Key Package Content Type |
| - Added RFC6032 providing CMS Encrypted Key Package Content Type |
| - Added RFC7030 providing Enrollment over Secure Transport (EST) |
| - Added RFC7292 providing PKCS #12, which is the Personal Information |
| Exchange Syntax v1.1 |
| - Added RFC8018 providing PKCS #5, which is the Password-Based |
| Cryptography Specification, Version 2.1 |
| - Automatically update the maps for use with openType for RFC3709, |
| RFC6402, RFC7191, and RFC8226 when the module is imported |
| - Added RFC6211 providing CMS Algorithm Identifier Protection Attribute |
| - Added RFC8449 providing Certificate Extension for Hash Of Root Key |
| - Updated RFC2459 and RFC5280 for TODO in the certificate extension map |
| - Added RFC7906 providing NSA's CMS Key Management Attributes |
| - Added RFC7894 providing EST Alternative Challenge Password Attributes |
| - Updated the handling of maps for use with openType so that just doing |
| an import of the modules is enough in most situations; updates to |
| RFC 2634, RFC 3274, RFC 3779, RFC 4073, RFC 4108, RFC 5035, RFC 5083, |
| RFC 5084, RFC 5480, RFC 5940, RFC 5958, RFC 6019, and RFC 8520 |
| - Updated the handling of attribute maps for use with openType in |
| RFC 5958 to use the rfc5652.cmsAttributesMap |
| - Added RFC5990 providing RSA-KEM Key Transport Algorithm in the CMS |
| - Fixed malformed `rfc4210.RevRepContent` data structure layout |
| - Added RFC5934 providing Trust Anchor Management Protocol (TAMP) |
| - Added RFC6210 providing Experiment for Hash Functions with Parameters |
| - Added RFC5751 providing S/MIME Version 3.2 Message Specification |
| - Added RFC8494 providing Multicast Email (MULE) over ACP 142 |
| - Added RFC8398 providing Internationalized Email Addresses in |
| X.509 Certificates |
| - Added RFC8419 providing Edwards-Curve Digital Signature Algorithm |
| (EdDSA) Signatures in the CMS |
| - Added RFC8479 providing Storing Validation Parameters in PKCS#8 |
| - Added RFC8360 providing Resource Public Key Infrastructure (RPKI) |
| Validation Reconsidered |
| - Added RFC8358 providing Digital Signatures on Internet-Draft Documents |
| - Added RFC8209 providing BGPsec Router PKI Profile |
| - Added RFC8017 providing PKCS #1 Version 2.2 |
| - Added RFC7914 providing scrypt Password-Based Key Derivation Function |
| - Added RFC7773 providing Authentication Context Certificate Extension |
| |
| Revision 0.2.6, released 31-07-2019 |
| ----------------------------------- |
| |
| - Added RFC3560 providing RSAES-OAEP Key Transport Algorithm |
| in CMS |
| - Added RFC6019 providing BinaryTime - an alternate format |
| for representing Date and Time |
| - RFC3565 superseded by RFC5649 |
| - Added RFC5480 providng Elliptic Curve Cryptography Subject |
| Public Key Information |
| - Added RFC8520 providing X.509 Extensions for MUD URL and |
| MUD Signer |
| - Added RFC3161 providing Time-Stamp Protocol support |
| - Added RFC3709 providing Logotypes in X.509 Certificates |
| - Added RFC3274 providing CMS Compressed Data Content Type |
| - Added RFC4073 providing Multiple Contents protection with CMS |
| - Added RFC2634 providing Enhanced Security Services for S/MIME |
| - Added RFC5915 providing Elliptic Curve Private Key |
| - Added RFC5940 providing CMS Revocation Information Choices |
| - Added RFC7296 providing IKEv2 Certificate Bundle |
| - Added RFC8619 providing HKDF Algorithm Identifiers |
| - Added RFC7191 providing CMS Key Package Receipt and Error Content |
| Types |
| - Added openType support for ORAddress Extension Attributes and |
| Algorithm Identifiers in the RFC5280 module |
| - Added RFC5035 providing Update to Enhanced Security Services for |
| S/MIME |
| - Added openType support for CMS Content Types and CMS Attributes |
| in the RFC5652 module |
| - Added openType support to RFC 2986 by importing definitions from |
| the RFC 5280 module so that the same maps are used. |
| - Added maps for use with openType to RFC 2634, RFC 3274, RFC 3709, |
| RFC 3779, RFC 4055, RFC 4073, RFC 4108, RFC 5035, RFC 5083, RFC 5480, |
| RFC 5940, RFC 5958, RFC 6010, RFC 6019, RFC 6402, RFC 7191, RFC 8226, |
| and RFC 8520 |
| - Changed `ValueSizeConstraint` erroneously applied to `SequenceOf` |
| and `SetOf` objects via `subtypeConstraint` attribute to be applied |
| via `sizeSpec` attribute. Although `sizeSpec` takes the same constraint |
| objects as `subtypeConstraint`, the former is only verified on |
| de/serialization i.e. when the [constructed] object at hand is fully |
| populated, while the latter is applied to [scalar] types at the moment |
| of instantiation. |
| |
| Revision 0.2.5, released 24-04-2019 |
| ----------------------------------- |
| |
| - Added module RFC5958 providing Asymmetric Key Packages, |
| which is essentially version 2 of the PrivateKeyInfo |
| structure in PKCS#8 in RFC 5208 |
| - Added module RFC8410 providing algorithm Identifiers for |
| Ed25519, Ed448, X25519, and X448 |
| - Added module RFC8418 providing Elliptic Curve Diffie-Hellman |
| (ECDH) Key Agreement Algorithm with X25519 and X448 |
| - Added module RFC3565 providing Elliptic Curve Diffie-Hellman |
| Key Agreement Algorithm use with X25519 and X448 in the |
| Cryptographic Message Syntax (CMS) |
| - Added module RFC4108 providing CMS Firmware Wrapper |
| - Added module RFC3779 providing X.509 Extensions for IP |
| Addresses and AS Identifiers |
| - Added module RFC4055 providing additional Algorithms and |
| Identifiers for RSA Cryptography for use in Certificates |
| and CRLs |
| |
| Revision 0.2.4, released 26-01-2018 |
| ----------------------------------- |
| |
| - Added modules for RFC8226 implementing JWT Claim Constraints |
| and TN Authorization List for X.509 certificate extensions |
| - Fixed bug in `rfc5280.AlgorithmIdentifier` ANY type definition |
| |
| Revision 0.2.3, released 30-12-2018 |
| ----------------------------------- |
| |
| - Added modules for RFC5083 and RFC5084 (CMS) |
| - Copyright notice extended to the year 2019 |
| |
| Revision 0.2.2, released 28-06-2018 |
| ----------------------------------- |
| |
| - Copyright notice extended to the year 2018 |
| - Migrated references from SourceForge |
| - rfc2986 module added |
| |
| Revision 0.2.1, released 23-11-2017 |
| ----------------------------------- |
| |
| - Allow ANY DEFINED BY objects expanding automatically if requested |
| - Imports PEP8'ed |
| |
| Revision 0.1.5, released 10-10-2017 |
| ----------------------------------- |
| |
| - OCSP response blob fixed in test |
| - Fixed wrong OCSP ResponderID components tagging |
| |
| Revision 0.1.4, released 07-09-2017 |
| ----------------------------------- |
| |
| - Typo fixed in the dependency spec |
| |
| Revision 0.1.3, released 07-09-2017 |
| ----------------------------------- |
| |
| - Apparently, pip>=1.5.6 is still widely used and it is not PEP440 |
| compliant. Had to replace the `~=` version dependency spec with a |
| sequence of simple comparisons to remain compatible with the aging pip. |
| |
| Revision 0.1.2, released 07-09-2017 |
| ----------------------------------- |
| |
| - Pinned to pyasn1 ~0.3.4 |
| |
| Revision 0.1.1, released 27-08-2017 |
| ----------------------------------- |
| |
| - Tests refactored into proper unit tests |
| - pem.readBase64fromText() convenience function added |
| - Pinned to pyasn1 0.3.3 |
| |
| Revision 0.0.11, released 04-08-2017 |
| ------------------------------------ |
| |
| - Fixed typo in ASN.1 definitions at rfc2315.py |
| |
| Revision 0.0.10, released 27-07-2017 |
| ------------------------------------ |
| |
| * Fixed SequenceOf initializer to pass now-mandatory componentType |
| keyword argument (since pyasn1 0.3.1) |
| * Temporarily fixed recursive ASN.1 type definition to work with |
| pyasn1 0.3.1+. This is going to be fixed properly shortly. |
| |
| Revision 0.0.9, released 01-06-2017 |
| ----------------------------------- |
| |
| * More CRL data structures added (RFC3279) |
| * Added X.509 certificate extensions map |
| * Added X.509 attribute type map |
| * Fix to __doc__ use in setup.py to make -O0 installation mode working |
| * Copyright added to source files |
| * More PEP-8'ing done on the code |
| * Author's e-mail changed |
| |
| Revision 0.0.8, released 28-09-2015 |
| ----------------------------------- |
| |
| - Wheel distribution format now supported |
| - Fix to misspelled rfc2459.id_at_sutname variable |
| - Fix to misspelled rfc2459.NameConstraints component tag ID |
| - Fix to misspelled rfc2459.GeneralSubtree component default status |
| |
| Revision 0.0.7, released 01-08-2015 |
| ----------------------------------- |
| |
| - Extensions added to text files, CVS attic flushed. |
| - Fix to rfc2459.BasicConstraints syntax. |
| |
| Revision 0.0.6, released 21-06-2015 |
| ----------------------------------- |
| |
| - Typo fix to id_kp_serverAuth object value |
| - A test case for indefinite length encoding eliminated as it's |
| forbidden in DER. |
| |
| Revision 0.0.5 |
| -------------- |
| |
| - License updated to vanilla BSD 2-Clause to ease package use |
| (http://opensource.org/licenses/BSD-2-Clause). |
| - Missing components added to rfc4210.PKIBody. |
| - Fix to rfc2459.CRLDistPointsSyntax typo. |
| - Fix to rfc2511.CertReqMsg typo. |
| |
| Revision 0.0.4 |
| -------------- |
| |
| - CMP structures (RFC4210), cmpdump.py tool and test case added. |
| - SNMPv2c Message syntax (RFC1901) properly defined. |
| - Package version established in form of __init__.__version__ |
| which is in-sync with distutils. |
| - Package meta information and classifiers updated. |
| |
| Revision 0.0.3 |
| -------------- |
| |
| - Text cases implemented |
| - X.509 CRMF structures (RFC2511) and crmfdump.py tool added |
| - X.509 CRL structures and crldump.py tool added |
| - PKCS#10 structures and pkcs10dump.py tool added |
| - PKCS#8 structures and pkcs8dump.py tool added |
| - PKCS#1 (rfc3447) structures added |
| - OCSP request & response dumping tool added |
| - SNMPv2c & SNMPv3/USM structures added |
| - keydump.py moved into pkcs1dump.py |
| - PEM files read function generalized to be used more universally. |
| - complete PKIX1 '88 code implemented at rfc2459.py |
| |
| |
| Revision 0.0.2 |
| -------------- |
| |
| - Require pyasn1 >= 0.1.1 |
| - Fixes towards Py3K compatibility |
| + use either of existing urllib module |
| + adopt to the new bytes type |
| + print operator is now a function |
| + new exception syntax |
| |
| Revision 0.0.1a |
| --------------- |
| |
| - Initial revision, most code carried from pyasn1 examples. |