1 2Revision 0.2.8, released 16-11-2019 3----------------------------------- 4 5- Improve test routines for modules that use certificate extensions 6- Improve test for RFC3709 with a real world certificate 7- Added RFC7633 providing TLS Features Certificate Extension 8- Added RFC7229 providing OIDs for Test Certificate Policies 9- Added tests for RFC3280, RFC3281, RFC3852, and RFC4211 10- Added RFC6960 providing Online Certificate Status Protocol (OCSP) 11- Added RFC6955 providing Diffie-Hellman Proof-of-Possession Algorithms 12- Updated the handling of maps for use with openType for RFC 3279 13- Added RFC6486 providing RPKI Manifests 14- Added RFC6487 providing Profile for X.509 PKIX Resource Certificates 15- Added RFC6170 providing Certificate Image in the Internet X.509 Public 16 Key Infrastructure, and import the object identifier into RFC3709. 17- Added RFC6187 providing Certificates for Secure Shell Authentication 18- Added RFC6482 providing RPKI Route Origin Authorizations (ROAs) 19- Added RFC6664 providing S/MIME Capabilities for Public Keys 20- Added RFC6120 providing Extensible Messaging and Presence Protocol 21 names in certificates 22- Added RFC4985 providing Subject Alternative Name for expression of 23 service names in certificates 24- Added RFC5924 providing Extended Key Usage for Session Initiation 25 Protocol (SIP) in X.509 certificates 26- Added RFC5916 providing Device Owner Attribute 27- Added RFC7508 providing Securing Header Fields with S/MIME 28- Update RFC8226 to use ComponentPresentConstraint() instead of the 29 previous work around 30- Add RFC2631 providing OtherInfo for Diffie-Hellman Key Agreement 31- Add RFC3114 providing test values for the S/MIME Security Label 32- Add RFC5755 providing Attribute Certificate Profile for Authorization 33- Add RFC5913 providing Clearance Attribute and Authority Clearance 34 Constraints Certificate Extension 35- Add RFC5917 providing Clearance Sponsor Attribute 36- Add RFC4043 providing Internet X.509 PKI Permanent Identifier 37- Add RFC7585 providing Network Access Identifier (NAI) Realm Name 38 for Certificates 39- Update RFC3770 to support openType for attributes and reported errata 40- Add RFC4334 providing Certificate Extensions and Attributes for 41 Authentication in PPP and Wireless LAN Networks 42 43Revision 0.2.7, released 09-10-2019 44----------------------------------- 45 46- Added maps for use with openType to RFC 3565 47- Added RFC2985 providing PKCS#9 Attributes 48- Added RFC3770 providing Certificate Extensions and Attributes for 49 Authentication in PPP and Wireless LAN Networks 50- Added RFC5914 providing Trust Anchor Format 51- Added RFC6010 providing CMS Content Constraints (CCC) Extension 52- Added RFC6031 providing CMS Symmetric Key Package Content Type 53- Added RFC6032 providing CMS Encrypted Key Package Content Type 54- Added RFC7030 providing Enrollment over Secure Transport (EST) 55- Added RFC7292 providing PKCS #12, which is the Personal Information 56 Exchange Syntax v1.1 57- Added RFC8018 providing PKCS #5, which is the Password-Based 58 Cryptography Specification, Version 2.1 59- Automatically update the maps for use with openType for RFC3709, 60 RFC6402, RFC7191, and RFC8226 when the module is imported 61- Added RFC6211 providing CMS Algorithm Identifier Protection Attribute 62- Added RFC8449 providing Certificate Extension for Hash Of Root Key 63- Updated RFC2459 and RFC5280 for TODO in the certificate extension map 64- Added RFC7906 providing NSA's CMS Key Management Attributes 65- Added RFC7894 providing EST Alternative Challenge Password Attributes 66- Updated the handling of maps for use with openType so that just doing 67 an import of the modules is enough in most situations; updates to 68 RFC 2634, RFC 3274, RFC 3779, RFC 4073, RFC 4108, RFC 5035, RFC 5083, 69 RFC 5084, RFC 5480, RFC 5940, RFC 5958, RFC 6019, and RFC 8520 70- Updated the handling of attribute maps for use with openType in 71 RFC 5958 to use the rfc5652.cmsAttributesMap 72- Added RFC5990 providing RSA-KEM Key Transport Algorithm in the CMS 73- Fixed malformed `rfc4210.RevRepContent` data structure layout 74- Added RFC5934 providing Trust Anchor Management Protocol (TAMP) 75- Added RFC6210 providing Experiment for Hash Functions with Parameters 76- Added RFC5751 providing S/MIME Version 3.2 Message Specification 77- Added RFC8494 providing Multicast Email (MULE) over ACP 142 78- Added RFC8398 providing Internationalized Email Addresses in 79 X.509 Certificates 80- Added RFC8419 providing Edwards-Curve Digital Signature Algorithm 81 (EdDSA) Signatures in the CMS 82- Added RFC8479 providing Storing Validation Parameters in PKCS#8 83- Added RFC8360 providing Resource Public Key Infrastructure (RPKI) 84 Validation Reconsidered 85- Added RFC8358 providing Digital Signatures on Internet-Draft Documents 86- Added RFC8209 providing BGPsec Router PKI Profile 87- Added RFC8017 providing PKCS #1 Version 2.2 88- Added RFC7914 providing scrypt Password-Based Key Derivation Function 89- Added RFC7773 providing Authentication Context Certificate Extension 90 91Revision 0.2.6, released 31-07-2019 92----------------------------------- 93 94- Added RFC3560 providing RSAES-OAEP Key Transport Algorithm 95 in CMS 96- Added RFC6019 providing BinaryTime - an alternate format 97 for representing Date and Time 98- RFC3565 superseded by RFC5649 99- Added RFC5480 providng Elliptic Curve Cryptography Subject 100 Public Key Information 101- Added RFC8520 providing X.509 Extensions for MUD URL and 102 MUD Signer 103- Added RFC3161 providing Time-Stamp Protocol support 104- Added RFC3709 providing Logotypes in X.509 Certificates 105- Added RFC3274 providing CMS Compressed Data Content Type 106- Added RFC4073 providing Multiple Contents protection with CMS 107- Added RFC2634 providing Enhanced Security Services for S/MIME 108- Added RFC5915 providing Elliptic Curve Private Key 109- Added RFC5940 providing CMS Revocation Information Choices 110- Added RFC7296 providing IKEv2 Certificate Bundle 111- Added RFC8619 providing HKDF Algorithm Identifiers 112- Added RFC7191 providing CMS Key Package Receipt and Error Content 113 Types 114- Added openType support for ORAddress Extension Attributes and 115 Algorithm Identifiers in the RFC5280 module 116- Added RFC5035 providing Update to Enhanced Security Services for 117 S/MIME 118- Added openType support for CMS Content Types and CMS Attributes 119 in the RFC5652 module 120- Added openType support to RFC 2986 by importing definitions from 121 the RFC 5280 module so that the same maps are used. 122- Added maps for use with openType to RFC 2634, RFC 3274, RFC 3709, 123 RFC 3779, RFC 4055, RFC 4073, RFC 4108, RFC 5035, RFC 5083, RFC 5480, 124 RFC 5940, RFC 5958, RFC 6010, RFC 6019, RFC 6402, RFC 7191, RFC 8226, 125 and RFC 8520 126- Changed `ValueSizeConstraint` erroneously applied to `SequenceOf` 127 and `SetOf` objects via `subtypeConstraint` attribute to be applied 128 via `sizeSpec` attribute. Although `sizeSpec` takes the same constraint 129 objects as `subtypeConstraint`, the former is only verified on 130 de/serialization i.e. when the [constructed] object at hand is fully 131 populated, while the latter is applied to [scalar] types at the moment 132 of instantiation. 133 134Revision 0.2.5, released 24-04-2019 135----------------------------------- 136 137- Added module RFC5958 providing Asymmetric Key Packages, 138 which is essentially version 2 of the PrivateKeyInfo 139 structure in PKCS#8 in RFC 5208 140- Added module RFC8410 providing algorithm Identifiers for 141 Ed25519, Ed448, X25519, and X448 142- Added module RFC8418 providing Elliptic Curve Diffie-Hellman 143 (ECDH) Key Agreement Algorithm with X25519 and X448 144- Added module RFC3565 providing Elliptic Curve Diffie-Hellman 145 Key Agreement Algorithm use with X25519 and X448 in the 146 Cryptographic Message Syntax (CMS) 147- Added module RFC4108 providing CMS Firmware Wrapper 148- Added module RFC3779 providing X.509 Extensions for IP 149 Addresses and AS Identifiers 150- Added module RFC4055 providing additional Algorithms and 151 Identifiers for RSA Cryptography for use in Certificates 152 and CRLs 153 154Revision 0.2.4, released 26-01-2018 155----------------------------------- 156 157- Added modules for RFC8226 implementing JWT Claim Constraints 158 and TN Authorization List for X.509 certificate extensions 159- Fixed bug in `rfc5280.AlgorithmIdentifier` ANY type definition 160 161Revision 0.2.3, released 30-12-2018 162----------------------------------- 163 164- Added modules for RFC5083 and RFC5084 (CMS) 165- Copyright notice extended to the year 2019 166 167Revision 0.2.2, released 28-06-2018 168----------------------------------- 169 170- Copyright notice extended to the year 2018 171- Migrated references from SourceForge 172- rfc2986 module added 173 174Revision 0.2.1, released 23-11-2017 175----------------------------------- 176 177- Allow ANY DEFINED BY objects expanding automatically if requested 178- Imports PEP8'ed 179 180Revision 0.1.5, released 10-10-2017 181----------------------------------- 182 183- OCSP response blob fixed in test 184- Fixed wrong OCSP ResponderID components tagging 185 186Revision 0.1.4, released 07-09-2017 187----------------------------------- 188 189- Typo fixed in the dependency spec 190 191Revision 0.1.3, released 07-09-2017 192----------------------------------- 193 194- Apparently, pip>=1.5.6 is still widely used and it is not PEP440 195 compliant. Had to replace the `~=` version dependency spec with a 196 sequence of simple comparisons to remain compatible with the aging pip. 197 198Revision 0.1.2, released 07-09-2017 199----------------------------------- 200 201- Pinned to pyasn1 ~0.3.4 202 203Revision 0.1.1, released 27-08-2017 204----------------------------------- 205 206- Tests refactored into proper unit tests 207- pem.readBase64fromText() convenience function added 208- Pinned to pyasn1 0.3.3 209 210Revision 0.0.11, released 04-08-2017 211------------------------------------ 212 213- Fixed typo in ASN.1 definitions at rfc2315.py 214 215Revision 0.0.10, released 27-07-2017 216------------------------------------ 217 218* Fixed SequenceOf initializer to pass now-mandatory componentType 219 keyword argument (since pyasn1 0.3.1) 220* Temporarily fixed recursive ASN.1 type definition to work with 221 pyasn1 0.3.1+. This is going to be fixed properly shortly. 222 223Revision 0.0.9, released 01-06-2017 224----------------------------------- 225 226* More CRL data structures added (RFC3279) 227* Added X.509 certificate extensions map 228* Added X.509 attribute type map 229* Fix to __doc__ use in setup.py to make -O0 installation mode working 230* Copyright added to source files 231* More PEP-8'ing done on the code 232* Author's e-mail changed 233 234Revision 0.0.8, released 28-09-2015 235----------------------------------- 236 237- Wheel distribution format now supported 238- Fix to misspelled rfc2459.id_at_sutname variable 239- Fix to misspelled rfc2459.NameConstraints component tag ID 240- Fix to misspelled rfc2459.GeneralSubtree component default status 241 242Revision 0.0.7, released 01-08-2015 243----------------------------------- 244 245- Extensions added to text files, CVS attic flushed. 246- Fix to rfc2459.BasicConstraints syntax. 247 248Revision 0.0.6, released 21-06-2015 249----------------------------------- 250 251- Typo fix to id_kp_serverAuth object value 252- A test case for indefinite length encoding eliminated as it's 253 forbidden in DER. 254 255Revision 0.0.5 256-------------- 257 258- License updated to vanilla BSD 2-Clause to ease package use 259 (http://opensource.org/licenses/BSD-2-Clause). 260- Missing components added to rfc4210.PKIBody. 261- Fix to rfc2459.CRLDistPointsSyntax typo. 262- Fix to rfc2511.CertReqMsg typo. 263 264Revision 0.0.4 265-------------- 266 267- CMP structures (RFC4210), cmpdump.py tool and test case added. 268- SNMPv2c Message syntax (RFC1901) properly defined. 269- Package version established in form of __init__.__version__ 270 which is in-sync with distutils. 271- Package meta information and classifiers updated. 272 273Revision 0.0.3 274-------------- 275 276- Text cases implemented 277- X.509 CRMF structures (RFC2511) and crmfdump.py tool added 278- X.509 CRL structures and crldump.py tool added 279- PKCS#10 structures and pkcs10dump.py tool added 280- PKCS#8 structures and pkcs8dump.py tool added 281- PKCS#1 (rfc3447) structures added 282- OCSP request & response dumping tool added 283- SNMPv2c & SNMPv3/USM structures added 284- keydump.py moved into pkcs1dump.py 285- PEM files read function generalized to be used more universally. 286- complete PKIX1 '88 code implemented at rfc2459.py 287 288 289Revision 0.0.2 290-------------- 291 292- Require pyasn1 >= 0.1.1 293- Fixes towards Py3K compatibility 294 + use either of existing urllib module 295 + adopt to the new bytes type 296 + print operator is now a function 297 + new exception syntax 298 299Revision 0.0.1a 300--------------- 301 302- Initial revision, most code carried from pyasn1 examples. 303