0.7 - master
Note
This version is not yet released and is under active development.
- Cryptography has been relicensed from the Apache Software License, Version 2.0, to being available under either the Apache Software License, Version 2.0, or the BSD license.
- Added key-rotation support to :doc:`Fernet </fernet>` with :class:`~cryptography.fernet.MultiFernet`.
- More bit-lengths are now support for
pandqwhen loading DSA keys from numbers. - Added :class:`~cryptography.hazmat.primitives.interfaces.MACContext` as a common interface for CMAC and HMAC and deprecated :class:`~cryptography.hazmat.primitives.interfaces.CMACContext`.
- Updated Windows wheels to be compiled against OpenSSL 1.0.1j.
- Fixed an issue where OpenSSL 1.0.1j changed the errors returned by some functions.
- Added our license file to the
cryptography-vectorspackage. - Implemented DSA hash truncation support (per FIPS 186-3) in the OpenSSL backend. This works around an issue in 1.0.0, 1.0.0a, and 1.0.0b where truncation was not implemented.
- Added :func:`~cryptography.hazmat.primitives.serialization.load_pem_private_key` to ease loading private keys, and :func:`~cryptography.hazmat.primitives.serialization.load_pem_public_key` to support loading public keys.
- Removed the, deprecated in 0.4, support for the
salt_lengthargument to the :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` constructor. Thesalt_lengthshould be passed to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` instead. - Fix compilation on OS X Yosemite.
- Deprecated
elliptic_curve_private_key_from_numbersandelliptic_curve_public_key_from_numbersin favor ofload_elliptic_curve_private_numbersandload_elliptic_curve_public_numberson :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`. - Added :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePrivateKeyWithNumbers` and :class:`~cryptography.hazmat.primitives.interfaces.EllipticCurvePublicKeyWithNumbers` support.
- Work around three GCM related bugs in CommonCrypto and OpenSSL.
- On the CommonCrypto backend adding AAD but not subsequently calling update would return null tag bytes.
- One the CommonCrypto backend a call to update without an empty add AAD call would return null ciphertext bytes.
- On the OpenSSL backend with certain versions adding AAD only would give invalid tag bytes.
- Support loading EC private keys from PEM.
- Added several functions to the OpenSSL bindings to support new functionality in pyOpenSSL.
- Fixed a redefined constant causing compilation failure with Solaris 11.2.
- Updated Windows wheels to be compiled against OpenSSL 1.0.1i.
- Add :class:`~cryptography.hazmat.backends.interfaces.TraditionalOpenSSLSerializationBackend` support to :doc:`/hazmat/backends/multibackend`.
- Fix compilation error on OS X 10.8 (Mountain Lion).
- Add :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend` support to :doc:`/hazmat/backends/multibackend`.
- BACKWARDS INCOMPATIBLE:
:class:`~cryptography.hazmat.primitives.ciphers.modes.GCM` no longer allows
truncation of tags by default. Previous versions of
cryptographyallowed tags to be truncated by default, applications wishing to preserve this behavior (not recommended) can pass themin_tag_lengthargument. - Windows builds now statically link OpenSSL by default. When installing a wheel on Windows you no longer need to install OpenSSL separately. Windows users can switch between static and dynamic linking with an environment variable. See :doc:`/installation` for more details.
- Added :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDFExpand`.
- Added :class:`~cryptography.hazmat.primitives.ciphers.modes.CFB8` support for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.AES` and :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on :doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`.
- Added
AES:class:`~cryptography.hazmat.primitives.ciphers.modes.CTR` support to the OpenSSL backend when linked against 0.9.8. - Added :class:`~cryptography.hazmat.backends.interfaces.PKCS8SerializationBackend` and :class:`~cryptography.hazmat.backends.interfaces.TraditionalOpenSSLSerializationBackend` support to the :doc:`/hazmat/backends/openssl`.
- Added :doc:`/hazmat/primitives/asymmetric/ec` and :class:`~cryptography.hazmat.backends.interfaces.EllipticCurveBackend`.
- Added :class:`~cryptography.hazmat.primitives.ciphers.modes.ECB` support for :class:`~cryptography.hazmat.primitives.ciphers.algorithms.TripleDES` on :doc:`/hazmat/backends/commoncrypto` and :doc:`/hazmat/backends/openssl`.
- Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` in favor of backend specific providers of the :class:`~cryptography.hazmat.primitives.interfaces.RSAPrivateKey` interface.
- Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey` in favor of backend specific providers of the :class:`~cryptography.hazmat.primitives.interfaces.RSAPublicKey` interface.
- Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` in favor of backend specific providers of the :class:`~cryptography.hazmat.primitives.interfaces.DSAPrivateKey` interface.
- Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey` in favor of backend specific providers of the :class:`~cryptography.hazmat.primitives.interfaces.DSAPublicKey` interface.
- Deprecated :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAParameters` in favor of backend specific providers of the :class:`~cryptography.hazmat.primitives.interfaces.DSAParameters` interface.
- Deprecated
encrypt_rsa,decrypt_rsa,create_rsa_signature_ctxandcreate_rsa_verification_ctxon :class:`~cryptography.hazmat.backends.interfaces.RSABackend`. - Deprecated
create_dsa_signature_ctxandcreate_dsa_verification_ctxon :class:`~cryptography.hazmat.backends.interfaces.DSABackend`.
- Deprecated
salt_lengthon :class:`~cryptography.hazmat.primitives.asymmetric.padding.MGF1` and added it to :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`. It will be removed fromMGF1in two releases per our :doc:`/api-stability` policy. - Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.SEED` support.
- Added :class:`~cryptography.hazmat.primitives.cmac.CMAC`.
- Added decryption support to :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` and encryption support to :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`.
- Added signature support to :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey` and verification support to :class:`~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey`.
- Added :class:`~cryptography.hazmat.primitives.twofactor.hotp.HOTP`.
- Added :class:`~cryptography.hazmat.primitives.twofactor.totp.TOTP`.
- Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.IDEA` support.
- Added signature support to :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPrivateKey` and verification support to :class:`~cryptography.hazmat.primitives.asymmetric.rsa.RSAPublicKey`.
- Moved test vectors to the new
cryptography_vectorspackage.
- Removed a constant definition that was causing compilation problems with specific versions of OpenSSL.
- Fix a bug where importing cryptography from multiple paths could cause initialization to fail.
- Added :doc:`/hazmat/backends/commoncrypto`.
- Added initial :doc:`/hazmat/bindings/commoncrypto`.
- Removed
register_cipher_adaptermethod from :class:`~cryptography.hazmat.backends.interfaces.CipherBackend`. - Added support for the OpenSSL backend under Windows.
- Improved thread-safety for the OpenSSL backend.
- Fixed compilation on systems where OpenSSL's
ec.hheader is not available, such as CentOS. - Added :class:`~cryptography.hazmat.primitives.kdf.pbkdf2.PBKDF2HMAC`.
- Added :class:`~cryptography.hazmat.primitives.kdf.hkdf.HKDF`.
- Added :doc:`/hazmat/backends/multibackend`.
- Set default random for the :doc:`/hazmat/backends/openssl` to the OS random engine.
- Added :class:`~cryptography.hazmat.primitives.ciphers.algorithms.CAST5` (CAST-128) support.
- Initial release.