You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
303 lines
12 KiB
303 lines
12 KiB
|
|
Revision 0.2.8, released 16-11-2019
|
|
-----------------------------------
|
|
|
|
- Improve test routines for modules that use certificate extensions
|
|
- Improve test for RFC3709 with a real world certificate
|
|
- Added RFC7633 providing TLS Features Certificate Extension
|
|
- Added RFC7229 providing OIDs for Test Certificate Policies
|
|
- Added tests for RFC3280, RFC3281, RFC3852, and RFC4211
|
|
- Added RFC6960 providing Online Certificate Status Protocol (OCSP)
|
|
- Added RFC6955 providing Diffie-Hellman Proof-of-Possession Algorithms
|
|
- Updated the handling of maps for use with openType for RFC 3279
|
|
- Added RFC6486 providing RPKI Manifests
|
|
- Added RFC6487 providing Profile for X.509 PKIX Resource Certificates
|
|
- Added RFC6170 providing Certificate Image in the Internet X.509 Public
|
|
Key Infrastructure, and import the object identifier into RFC3709.
|
|
- Added RFC6187 providing Certificates for Secure Shell Authentication
|
|
- Added RFC6482 providing RPKI Route Origin Authorizations (ROAs)
|
|
- Added RFC6664 providing S/MIME Capabilities for Public Keys
|
|
- Added RFC6120 providing Extensible Messaging and Presence Protocol
|
|
names in certificates
|
|
- Added RFC4985 providing Subject Alternative Name for expression of
|
|
service names in certificates
|
|
- Added RFC5924 providing Extended Key Usage for Session Initiation
|
|
Protocol (SIP) in X.509 certificates
|
|
- Added RFC5916 providing Device Owner Attribute
|
|
- Added RFC7508 providing Securing Header Fields with S/MIME
|
|
- Update RFC8226 to use ComponentPresentConstraint() instead of the
|
|
previous work around
|
|
- Add RFC2631 providing OtherInfo for Diffie-Hellman Key Agreement
|
|
- Add RFC3114 providing test values for the S/MIME Security Label
|
|
- Add RFC5755 providing Attribute Certificate Profile for Authorization
|
|
- Add RFC5913 providing Clearance Attribute and Authority Clearance
|
|
Constraints Certificate Extension
|
|
- Add RFC5917 providing Clearance Sponsor Attribute
|
|
- Add RFC4043 providing Internet X.509 PKI Permanent Identifier
|
|
- Add RFC7585 providing Network Access Identifier (NAI) Realm Name
|
|
for Certificates
|
|
- Update RFC3770 to support openType for attributes and reported errata
|
|
- Add RFC4334 providing Certificate Extensions and Attributes for
|
|
Authentication in PPP and Wireless LAN Networks
|
|
|
|
Revision 0.2.7, released 09-10-2019
|
|
-----------------------------------
|
|
|
|
- Added maps for use with openType to RFC 3565
|
|
- Added RFC2985 providing PKCS#9 Attributes
|
|
- Added RFC3770 providing Certificate Extensions and Attributes for
|
|
Authentication in PPP and Wireless LAN Networks
|
|
- Added RFC5914 providing Trust Anchor Format
|
|
- Added RFC6010 providing CMS Content Constraints (CCC) Extension
|
|
- Added RFC6031 providing CMS Symmetric Key Package Content Type
|
|
- Added RFC6032 providing CMS Encrypted Key Package Content Type
|
|
- Added RFC7030 providing Enrollment over Secure Transport (EST)
|
|
- Added RFC7292 providing PKCS #12, which is the Personal Information
|
|
Exchange Syntax v1.1
|
|
- Added RFC8018 providing PKCS #5, which is the Password-Based
|
|
Cryptography Specification, Version 2.1
|
|
- Automatically update the maps for use with openType for RFC3709,
|
|
RFC6402, RFC7191, and RFC8226 when the module is imported
|
|
- Added RFC6211 providing CMS Algorithm Identifier Protection Attribute
|
|
- Added RFC8449 providing Certificate Extension for Hash Of Root Key
|
|
- Updated RFC2459 and RFC5280 for TODO in the certificate extension map
|
|
- Added RFC7906 providing NSA's CMS Key Management Attributes
|
|
- Added RFC7894 providing EST Alternative Challenge Password Attributes
|
|
- Updated the handling of maps for use with openType so that just doing
|
|
an import of the modules is enough in most situations; updates to
|
|
RFC 2634, RFC 3274, RFC 3779, RFC 4073, RFC 4108, RFC 5035, RFC 5083,
|
|
RFC 5084, RFC 5480, RFC 5940, RFC 5958, RFC 6019, and RFC 8520
|
|
- Updated the handling of attribute maps for use with openType in
|
|
RFC 5958 to use the rfc5652.cmsAttributesMap
|
|
- Added RFC5990 providing RSA-KEM Key Transport Algorithm in the CMS
|
|
- Fixed malformed `rfc4210.RevRepContent` data structure layout
|
|
- Added RFC5934 providing Trust Anchor Management Protocol (TAMP)
|
|
- Added RFC6210 providing Experiment for Hash Functions with Parameters
|
|
- Added RFC5751 providing S/MIME Version 3.2 Message Specification
|
|
- Added RFC8494 providing Multicast Email (MULE) over ACP 142
|
|
- Added RFC8398 providing Internationalized Email Addresses in
|
|
X.509 Certificates
|
|
- Added RFC8419 providing Edwards-Curve Digital Signature Algorithm
|
|
(EdDSA) Signatures in the CMS
|
|
- Added RFC8479 providing Storing Validation Parameters in PKCS#8
|
|
- Added RFC8360 providing Resource Public Key Infrastructure (RPKI)
|
|
Validation Reconsidered
|
|
- Added RFC8358 providing Digital Signatures on Internet-Draft Documents
|
|
- Added RFC8209 providing BGPsec Router PKI Profile
|
|
- Added RFC8017 providing PKCS #1 Version 2.2
|
|
- Added RFC7914 providing scrypt Password-Based Key Derivation Function
|
|
- Added RFC7773 providing Authentication Context Certificate Extension
|
|
|
|
Revision 0.2.6, released 31-07-2019
|
|
-----------------------------------
|
|
|
|
- Added RFC3560 providing RSAES-OAEP Key Transport Algorithm
|
|
in CMS
|
|
- Added RFC6019 providing BinaryTime - an alternate format
|
|
for representing Date and Time
|
|
- RFC3565 superseded by RFC5649
|
|
- Added RFC5480 providng Elliptic Curve Cryptography Subject
|
|
Public Key Information
|
|
- Added RFC8520 providing X.509 Extensions for MUD URL and
|
|
MUD Signer
|
|
- Added RFC3161 providing Time-Stamp Protocol support
|
|
- Added RFC3709 providing Logotypes in X.509 Certificates
|
|
- Added RFC3274 providing CMS Compressed Data Content Type
|
|
- Added RFC4073 providing Multiple Contents protection with CMS
|
|
- Added RFC2634 providing Enhanced Security Services for S/MIME
|
|
- Added RFC5915 providing Elliptic Curve Private Key
|
|
- Added RFC5940 providing CMS Revocation Information Choices
|
|
- Added RFC7296 providing IKEv2 Certificate Bundle
|
|
- Added RFC8619 providing HKDF Algorithm Identifiers
|
|
- Added RFC7191 providing CMS Key Package Receipt and Error Content
|
|
Types
|
|
- Added openType support for ORAddress Extension Attributes and
|
|
Algorithm Identifiers in the RFC5280 module
|
|
- Added RFC5035 providing Update to Enhanced Security Services for
|
|
S/MIME
|
|
- Added openType support for CMS Content Types and CMS Attributes
|
|
in the RFC5652 module
|
|
- Added openType support to RFC 2986 by importing definitions from
|
|
the RFC 5280 module so that the same maps are used.
|
|
- Added maps for use with openType to RFC 2634, RFC 3274, RFC 3709,
|
|
RFC 3779, RFC 4055, RFC 4073, RFC 4108, RFC 5035, RFC 5083, RFC 5480,
|
|
RFC 5940, RFC 5958, RFC 6010, RFC 6019, RFC 6402, RFC 7191, RFC 8226,
|
|
and RFC 8520
|
|
- Changed `ValueSizeConstraint` erroneously applied to `SequenceOf`
|
|
and `SetOf` objects via `subtypeConstraint` attribute to be applied
|
|
via `sizeSpec` attribute. Although `sizeSpec` takes the same constraint
|
|
objects as `subtypeConstraint`, the former is only verified on
|
|
de/serialization i.e. when the [constructed] object at hand is fully
|
|
populated, while the latter is applied to [scalar] types at the moment
|
|
of instantiation.
|
|
|
|
Revision 0.2.5, released 24-04-2019
|
|
-----------------------------------
|
|
|
|
- Added module RFC5958 providing Asymmetric Key Packages,
|
|
which is essentially version 2 of the PrivateKeyInfo
|
|
structure in PKCS#8 in RFC 5208
|
|
- Added module RFC8410 providing algorithm Identifiers for
|
|
Ed25519, Ed448, X25519, and X448
|
|
- Added module RFC8418 providing Elliptic Curve Diffie-Hellman
|
|
(ECDH) Key Agreement Algorithm with X25519 and X448
|
|
- Added module RFC3565 providing Elliptic Curve Diffie-Hellman
|
|
Key Agreement Algorithm use with X25519 and X448 in the
|
|
Cryptographic Message Syntax (CMS)
|
|
- Added module RFC4108 providing CMS Firmware Wrapper
|
|
- Added module RFC3779 providing X.509 Extensions for IP
|
|
Addresses and AS Identifiers
|
|
- Added module RFC4055 providing additional Algorithms and
|
|
Identifiers for RSA Cryptography for use in Certificates
|
|
and CRLs
|
|
|
|
Revision 0.2.4, released 26-01-2018
|
|
-----------------------------------
|
|
|
|
- Added modules for RFC8226 implementing JWT Claim Constraints
|
|
and TN Authorization List for X.509 certificate extensions
|
|
- Fixed bug in `rfc5280.AlgorithmIdentifier` ANY type definition
|
|
|
|
Revision 0.2.3, released 30-12-2018
|
|
-----------------------------------
|
|
|
|
- Added modules for RFC5083 and RFC5084 (CMS)
|
|
- Copyright notice extended to the year 2019
|
|
|
|
Revision 0.2.2, released 28-06-2018
|
|
-----------------------------------
|
|
|
|
- Copyright notice extended to the year 2018
|
|
- Migrated references from SourceForge
|
|
- rfc2986 module added
|
|
|
|
Revision 0.2.1, released 23-11-2017
|
|
-----------------------------------
|
|
|
|
- Allow ANY DEFINED BY objects expanding automatically if requested
|
|
- Imports PEP8'ed
|
|
|
|
Revision 0.1.5, released 10-10-2017
|
|
-----------------------------------
|
|
|
|
- OCSP response blob fixed in test
|
|
- Fixed wrong OCSP ResponderID components tagging
|
|
|
|
Revision 0.1.4, released 07-09-2017
|
|
-----------------------------------
|
|
|
|
- Typo fixed in the dependency spec
|
|
|
|
Revision 0.1.3, released 07-09-2017
|
|
-----------------------------------
|
|
|
|
- Apparently, pip>=1.5.6 is still widely used and it is not PEP440
|
|
compliant. Had to replace the `~=` version dependency spec with a
|
|
sequence of simple comparisons to remain compatible with the aging pip.
|
|
|
|
Revision 0.1.2, released 07-09-2017
|
|
-----------------------------------
|
|
|
|
- Pinned to pyasn1 ~0.3.4
|
|
|
|
Revision 0.1.1, released 27-08-2017
|
|
-----------------------------------
|
|
|
|
- Tests refactored into proper unit tests
|
|
- pem.readBase64fromText() convenience function added
|
|
- Pinned to pyasn1 0.3.3
|
|
|
|
Revision 0.0.11, released 04-08-2017
|
|
------------------------------------
|
|
|
|
- Fixed typo in ASN.1 definitions at rfc2315.py
|
|
|
|
Revision 0.0.10, released 27-07-2017
|
|
------------------------------------
|
|
|
|
* Fixed SequenceOf initializer to pass now-mandatory componentType
|
|
keyword argument (since pyasn1 0.3.1)
|
|
* Temporarily fixed recursive ASN.1 type definition to work with
|
|
pyasn1 0.3.1+. This is going to be fixed properly shortly.
|
|
|
|
Revision 0.0.9, released 01-06-2017
|
|
-----------------------------------
|
|
|
|
* More CRL data structures added (RFC3279)
|
|
* Added X.509 certificate extensions map
|
|
* Added X.509 attribute type map
|
|
* Fix to __doc__ use in setup.py to make -O0 installation mode working
|
|
* Copyright added to source files
|
|
* More PEP-8'ing done on the code
|
|
* Author's e-mail changed
|
|
|
|
Revision 0.0.8, released 28-09-2015
|
|
-----------------------------------
|
|
|
|
- Wheel distribution format now supported
|
|
- Fix to misspelled rfc2459.id_at_sutname variable
|
|
- Fix to misspelled rfc2459.NameConstraints component tag ID
|
|
- Fix to misspelled rfc2459.GeneralSubtree component default status
|
|
|
|
Revision 0.0.7, released 01-08-2015
|
|
-----------------------------------
|
|
|
|
- Extensions added to text files, CVS attic flushed.
|
|
- Fix to rfc2459.BasicConstraints syntax.
|
|
|
|
Revision 0.0.6, released 21-06-2015
|
|
-----------------------------------
|
|
|
|
- Typo fix to id_kp_serverAuth object value
|
|
- A test case for indefinite length encoding eliminated as it's
|
|
forbidden in DER.
|
|
|
|
Revision 0.0.5
|
|
--------------
|
|
|
|
- License updated to vanilla BSD 2-Clause to ease package use
|
|
(http://opensource.org/licenses/BSD-2-Clause).
|
|
- Missing components added to rfc4210.PKIBody.
|
|
- Fix to rfc2459.CRLDistPointsSyntax typo.
|
|
- Fix to rfc2511.CertReqMsg typo.
|
|
|
|
Revision 0.0.4
|
|
--------------
|
|
|
|
- CMP structures (RFC4210), cmpdump.py tool and test case added.
|
|
- SNMPv2c Message syntax (RFC1901) properly defined.
|
|
- Package version established in form of __init__.__version__
|
|
which is in-sync with distutils.
|
|
- Package meta information and classifiers updated.
|
|
|
|
Revision 0.0.3
|
|
--------------
|
|
|
|
- Text cases implemented
|
|
- X.509 CRMF structures (RFC2511) and crmfdump.py tool added
|
|
- X.509 CRL structures and crldump.py tool added
|
|
- PKCS#10 structures and pkcs10dump.py tool added
|
|
- PKCS#8 structures and pkcs8dump.py tool added
|
|
- PKCS#1 (rfc3447) structures added
|
|
- OCSP request & response dumping tool added
|
|
- SNMPv2c & SNMPv3/USM structures added
|
|
- keydump.py moved into pkcs1dump.py
|
|
- PEM files read function generalized to be used more universally.
|
|
- complete PKIX1 '88 code implemented at rfc2459.py
|
|
|
|
|
|
Revision 0.0.2
|
|
--------------
|
|
|
|
- Require pyasn1 >= 0.1.1
|
|
- Fixes towards Py3K compatibility
|
|
+ use either of existing urllib module
|
|
+ adopt to the new bytes type
|
|
+ print operator is now a function
|
|
+ new exception syntax
|
|
|
|
Revision 0.0.1a
|
|
---------------
|
|
|
|
- Initial revision, most code carried from pyasn1 examples.
|