-
Notifications
You must be signed in to change notification settings - Fork 24
/
NEWS
118 lines (94 loc) · 4.68 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
* Version 1.2.2 (unreleased)
* Version 1.2.1 (released 2016-11-03)
** Fixup release: Remove minimum version for sqlalchemy dependency which was
set too high.
** yhsm-yubikey-ksm: Add --proxy/--proxies argument for logging proxies
requests.
* Version 1.2.0 (released 2016-11-02)
** yhsm-validation-server: Support OATH TOTP.
** yhsm-init-oath-token: Handle keys with length != 20.
** yhsm-yubikey-ksm: Allow passing soft-HSM keys via stdin by passing "-" as
device argument.
** yhsm-yubikey-ksm: Allow passing --db-url via environment variable.
** Moved utils, yubikey-ksm and validation-server to be included when
installing using pip.
** Use entry_point scripts generated by setuptools.
** Moved man pages to man/ directory.
** Bugfix: Fix AEAD generation on Windows by writing in binary mode.
** Bugfix: Support AEADs generated on Windows using pyhsm <= 1.1.1.
** Bugfix: Avoid installing unit test package.
** Bugfix: yhsm-import-keys: Fix --aes-key argument used when importing
without a YubiHSM.
* Version 1.1.1 (released 2016-01-08)
** Fixup release.
* Version 1.1.0 (released 2016-01-08)
** Restructured the repository and build process.
** Use Semantic Versioning (semver.org).
** Added support for a "soft" HSM in yhsm-yubikey-ksm, yhsm-import-keys
and yhsm-generate-keys.
* Version 1.0.4l (released 2015-08-24)
** Documentation is now in asciidoc format.
** yhsm-yubikey-ksm: Fix bug when the same public ID occured for multiple
keyhandles.
* Version 1.0.4k (released 2014-09-18)
** yhsm-db-import, yhsm-db-export: Fix syntax error.
* Version 1.0.4j (released 2014-09-16)
** yhsm-yubikey-ksm: Fix syntax error.
* Version 1.0.4i (released 2014-09-16)
** yhsm-yubikey-ksm: Add --daemon.
** yhsm-yubikey-ksm: Add --db-url to specify SQL database path to AEAD store.
** yhsm-db-import, yhsm-db-export: New tools to do database import/export.
** Documentation cleanup.
* Version 1.0.4h (released 2014-01-09)
** yhsm-daemon: Use JSON messages instead of Python pickling.
(as suggested by Rogdham)
* Version 1.0.4g (released 2013-05-06)
** yhsm-daemon: Support listening to non-loopback interfaces.
** yhsm-daemon: Forward exceptions to the client.
** yhsm-daemon: Handle device unavailable, and attempt to recover.
* Version 1.0.4f (released 2013-04-12)
** Fix failing test.
** Support URLs in device field, for more info see:
http://pyserial.sourceforge.net/pyserial_api.html#serial.serial_for_url
** Added yhsm-daemon.
* Version 1.0.4e (released 2013-04-06)
** yhsm-decrypt-aead: For yubikey-csv output, fix prefix field.
Before the prefix was set to the AEAD nonce which is only correct for
old style AEAD files. Now it uses the AEAD filename for the prefix
field.
** yhsm-decrypt-aead: Improve diagnostic messages.
Errors and warnings are now printed to standard error. The count of
number of failed and processsed AEADs should now be accurate.
* Version 1.0.4d (released 2013-03-18)
** Fix so that yhsm-yubikey-ksm can work with the older format.
* Version 1.0.4c (released 2013-03-18)
** When doing OTP verification, if a nonce is written to the AEAD file
use that for decryption, not public id.
** yhsm-import-keys: add --random-nonce for using hsm generated nonce.
** yhsm-generate-keys: add --random-nonce for using hsm generated nonce.
* Version 1.0.4b (released 2013-02-11)
** yhsm-import-keys: Support soft HSM AEAD generation.
** yhsm-import-keys: Ignore lines starting with #.
** yhsm-import-keys: Block all-zero (ccc...c) keys.
** yhsm-decrypt-keys: Support generating AEADs.
** yhsm-decrypt-keys: Ignores non-modhex files in AEAD directory trees.
** yhsm-generate-keys: Bugfix that caused AEAD generation to fail.
** yhsm-generate-keys: Bugfix that caused wrong nonce to be used.
** yhsm-generate-keys: Prevent generating all-zero (ccc...c) keys.
** Added this NEWS file, based on debian/changelog in the Debian package.
* Version 1.0.4a (released 2012-06-26)
** Enable IPv6 --addr for network servers.
** Verifies communication with YubiHSM on initialization.
* Version 1.0.4 (released 2012-06-21)
** Match firmware 1.0.4.
Firmware adds flag YSM_USER_NONCE to address security problem
for some usages where AEADs could be decrypted by an attacker
capable of generating new AEADs.
** New file format for stored AEADs (code loading AEADs is backwards
** compatible), including key handle and nonce.
** AES CCM implementation compatible with YubiHSM in software, for
** transparency and to enable willfull decryption of AEADs.
** Tools to generate YubiKey secrets into AEADs as well as decrypt
** them to enable provisioning YubiKeys with the secrets.
* Version 1.0.3c (released 2012-01-05)
** First public release.