Revision history for cryptostore

0.4.0.0 - 2025-10-12

• Private keys are now represented as type KeyPair defined in module Crypto.Store.PKCS8 instead of PrivKey. This ensures that the corresponding public key is always available and that the library detects and reports data mistakes involving a wrong public key. A new error PublicPrivateKeyMismatch is added for that purpose and returned by functions certSigner, withRecipientKeyAgree, fromCredential and fromNamedCredential. Behavior of functions toCredential and toNamedCredential is now more strict, they return a key and leaf certificate that always match. Functions to convert KeyPair to/from the usual type PrivKey are also exposed from module Crypto.Store.PKCS8.

• Added support of PBMAC1 for PKCS#12 integrity. Type IntegrityParams used in functions writeP12File and writeP12FileToMemory is modified. A low-level function for PBMAC1 is also available in the PKCS5 module.

• CMS now supports SHA-3 algorithms in HMAC, ECDSA, or as digest algorithm

• Functions pemToKey, pemToPubKey and pemToContentInfo are modified to return error details when a PEM object cannot be read. The old API signature that discarded error details is available with functions renamed pemToKeyAccum, pemToPubKeyAccum and pemToContentInfoAccum.

• Function generateEncryptionParams is removed and can be replaced with functions ecbParams, generateCBCParams, generateCFBParams or generateCTRParams according to the desired mode.

• Functions generateAuthEnc128Params and generateAuthEnc256Params are replaced with authEnc128Params and authEnc256Params. The new API expects a ContentEncryptionParams argument instead of ContentEncryptionAlg.

• CMS encrypted data, enveloped data and authenticated-enveloped data now support optional HKDF-SHA256 derivation of the content-encryption key. When generating encryption parameters, enable the key derivation feature with a call to functions deriveEncryptionKey or authDeriveEncryptionKey. The feature prevents AEAD-to-CBC downgrade attack scenarios for CCM and GCM modes but requires support from the receiving end.

• Fixed encoding of some HMAC and PRF parameters

0.3.1.0 - 2024-05-05

• Strict validation of GCM/CCM authentication tag length

0.3.0.1 - 2023-06-25

• Add optional flag to use crypton instead of cryptonite

0.3.0.0 - 2023-01-14

• API change in PKCS5, PKCS8 and PKCS12 modules to handle better password-based encryption derived from an empty password. All encryption/decryption functions now expect an opaque ProtectionPassword data type. Conversion functions toProtectionPassword and fromProtectionPassword are provided. Additionnally in the PKCS12 module, the type OptProtected is replaced with OptAuthenticated when dealing with password integrity. Similarly at that level, function recover is to be replaced with recoverAuthenticated.

• Added support for KMAC (Keccak Message Authentication Code) in CMS authenticated data, through constructors KMAC_SHAKE128 and KMAC_SHAKE256.

• CMS key agreement now supports derivation with HKDF along with X9.63. Data type KeyAgreementParams is modified to include a KDF instead of simply the digest algorithm. HKDF has assigned OIDs only for standard DH and cannot be used with cofactor DH.

• Added CMS utility functions to deal with the signingTime attribute.

• Changed withSignerCertificate validation callback API to include the signingTime value when available.

0.2.3.0 - 2022-11-05

• Fix RC2 on big-endian architectures

0.2.2.0 - 2022-04-16

• Fix buffer overrun in pkcs12Derive

0.2.1.0 - 2019-10-13

• Added CMS fuctions contentInfoToDER and berToContentInfo in order to generate and parse raw ASN.1.

• Implementation of AES key wrap had some optimizations.

• SHAKE hash algorithms now allow arbitrary output lengths. Lengths that are very small decrease security. A protection is added so that attempts to use lengths which are too small fail, although the criteria are conservative. Generating and parsing content has no restriction.

0.2.0.0 - 2019-03-24

• Added functions toNamedCredential and fromNamedCredential to handle PKCS#12 elements with an alias (friendly name).

• Functions fromCredential and fromNamedCredential now generate PKCS#12 elements with the localKeyId attribute.

• Function toCredential is now able to locate the leaf certificate and issuers more reliably.

• Algorithms X25519, X448, Ed25519 and Ed448 are now supported.

• CMS functions digestVerify and verifySignedData now return an Either instead of a Maybe. Errors DigestMismatch and SignatureNotVerified are added to report failures.

• CMS types SignedData, DigestedData and AuthenticatedData now retain the encapsulated content in encoded form (with type alias EncapsulatedContent) instead of a decoded and parsed ContentInfo. The ContentInfo is parsed and provided only when successfully unwrapping the encapsulated type.

• The CMS interface is transformed to support detached content. CMS types now have a type parameter to distinguish between a direct reference to the encapsulated or encrypted content, and the Encap indirection which denotes an attached or detached content. Functions building CMS types do not return the ContentInfo directly anymore, but an intermediate type to be fed into toAttachedCI or toDetachedCI. Reverse transformation is possible with utility functions fromAttached and fromDetached when unwrapping a ContentInfo.

0.1.0.0 - 2018-09-23

• First version. Released on an unsuspecting world.