Revision 0.2.8, released 16-11-2019 ----------------------------------- - Improve test routines for modules that use certificate extensions - Improve test for RFC3709 with a real world certificate - Added RFC7633 providing TLS Features Certificate Extension - Added RFC7229 providing OIDs for Test Certificate Policies - Added tests for RFC3280, RFC3281, RFC3852, and RFC4211 - Added RFC6960 providing Online Certificate Status Protocol (OCSP) - Added RFC6955 providing Diffie-Hellman Proof-of-Possession Algorithms - Updated the handling of maps for use with openType for RFC 3279 - Added RFC6486 providing RPKI Manifests - Added RFC6487 providing Profile for X.509 PKIX Resource Certificates - Added RFC6170 providing Certificate Image in the Internet X.509 Public Key Infrastructure, and import the object identifier into RFC3709. - Added RFC6187 providing Certificates for Secure Shell Authentication - Added RFC6482 providing RPKI Route Origin Authorizations (ROAs) - Added RFC6664 providing S/MIME Capabilities for Public Keys - Added RFC6120 providing Extensible Messaging and Presence Protocol names in certificates - Added RFC4985 providing Subject Alternative Name for expression of service names in certificates - Added RFC5924 providing Extended Key Usage for Session Initiation Protocol (SIP) in X.509 certificates - Added RFC5916 providing Device Owner Attribute - Added RFC7508 providing Securing Header Fields with S/MIME - Update RFC8226 to use ComponentPresentConstraint() instead of the previous work around - Add RFC2631 providing OtherInfo for Diffie-Hellman Key Agreement - Add RFC3114 providing test values for the S/MIME Security Label - Add RFC5755 providing Attribute Certificate Profile for Authorization - Add RFC5913 providing Clearance Attribute and Authority Clearance Constraints Certificate Extension - Add RFC5917 providing Clearance Sponsor Attribute - Add RFC4043 providing Internet X.509 PKI Permanent Identifier - Add RFC7585 providing Network Access Identifier (NAI) Realm Name for Certificates - Update RFC3770 to support openType for attributes and reported errata - Add RFC4334 providing Certificate Extensions and Attributes for Authentication in PPP and Wireless LAN Networks Revision 0.2.7, released 09-10-2019 ----------------------------------- - Added maps for use with openType to RFC 3565 - Added RFC2985 providing PKCS#9 Attributes - Added RFC3770 providing Certificate Extensions and Attributes for Authentication in PPP and Wireless LAN Networks - Added RFC5914 providing Trust Anchor Format - Added RFC6010 providing CMS Content Constraints (CCC) Extension - Added RFC6031 providing CMS Symmetric Key Package Content Type - Added RFC6032 providing CMS Encrypted Key Package Content Type - Added RFC7030 providing Enrollment over Secure Transport (EST) - Added RFC7292 providing PKCS #12, which is the Personal Information Exchange Syntax v1.1 - Added RFC8018 providing PKCS #5, which is the Password-Based Cryptography Specification, Version 2.1 - Automatically update the maps for use with openType for RFC3709, RFC6402, RFC7191, and RFC8226 when the module is imported - Added RFC6211 providing CMS Algorithm Identifier Protection Attribute - Added RFC8449 providing Certificate Extension for Hash Of Root Key - Updated RFC2459 and RFC5280 for TODO in the certificate extension map - Added RFC7906 providing NSA's CMS Key Management Attributes - Added RFC7894 providing EST Alternative Challenge Password Attributes - Updated the handling of maps for use with openType so that just doing an import of the modules is enough in most situations; updates to RFC 2634, RFC 3274, RFC 3779, RFC 4073, RFC 4108, RFC 5035, RFC 5083, RFC 5084, RFC 5480, RFC 5940, RFC 5958, RFC 6019, and RFC 8520 - Updated the handling of attribute maps for use with openType in RFC 5958 to use the rfc5652.cmsAttributesMap - Added RFC5990 providing RSA-KEM Key Transport Algorithm in the CMS - Fixed malformed `rfc4210.RevRepContent` data structure layout - Added RFC5934 providing Trust Anchor Management Protocol (TAMP) - Added RFC6210 providing Experiment for Hash Functions with Parameters - Added RFC5751 providing S/MIME Version 3.2 Message Specification - Added RFC8494 providing Multicast Email (MULE) over ACP 142 - Added RFC8398 providing Internationalized Email Addresses in X.509 Certificates - Added RFC8419 providing Edwards-Curve Digital Signature Algorithm (EdDSA) Signatures in the CMS - Added RFC8479 providing Storing Validation Parameters in PKCS#8 - Added RFC8360 providing Resource Public Key Infrastructure (RPKI) Validation Reconsidered - Added RFC8358 providing Digital Signatures on Internet-Draft Documents - Added RFC8209 providing BGPsec Router PKI Profile - Added RFC8017 providing PKCS #1 Version 2.2 - Added RFC7914 providing scrypt Password-Based Key Derivation Function - Added RFC7773 providing Authentication Context Certificate Extension Revision 0.2.6, released 31-07-2019 ----------------------------------- - Added RFC3560 providing RSAES-OAEP Key Transport Algorithm in CMS - Added RFC6019 providing BinaryTime - an alternate format for representing Date and Time - RFC3565 superseded by RFC5649 - Added RFC5480 providng Elliptic Curve Cryptography Subject Public Key Information - Added RFC8520 providing X.509 Extensions for MUD URL and MUD Signer - Added RFC3161 providing Time-Stamp Protocol support - Added RFC3709 providing Logotypes in X.509 Certificates - Added RFC3274 providing CMS Compressed Data Content Type - Added RFC4073 providing Multiple Contents protection with CMS - Added RFC2634 providing Enhanced Security Services for S/MIME - Added RFC5915 providing Elliptic Curve Private Key - Added RFC5940 providing CMS Revocation Information Choices - Added RFC7296 providing IKEv2 Certificate Bundle - Added RFC8619 providing HKDF Algorithm Identifiers - Added RFC7191 providing CMS Key Package Receipt and Error Content Types - Added openType support for ORAddress Extension Attributes and Algorithm Identifiers in the RFC5280 module - Added RFC5035 providing Update to Enhanced Security Services for S/MIME - Added openType support for CMS Content Types and CMS Attributes in the RFC5652 module - Added openType support to RFC 2986 by importing definitions from the RFC 5280 module so that the same maps are used. - Added maps for use with openType to RFC 2634, RFC 3274, RFC 3709, RFC 3779, RFC 4055, RFC 4073, RFC 4108, RFC 5035, RFC 5083, RFC 5480, RFC 5940, RFC 5958, RFC 6010, RFC 6019, RFC 6402, RFC 7191, RFC 8226, and RFC 8520 - Changed `ValueSizeConstraint` erroneously applied to `SequenceOf` and `SetOf` objects via `subtypeConstraint` attribute to be applied via `sizeSpec` attribute. Although `sizeSpec` takes the same constraint objects as `subtypeConstraint`, the former is only verified on de/serialization i.e. when the [constructed] object at hand is fully populated, while the latter is applied to [scalar] types at the moment of instantiation. Revision 0.2.5, released 24-04-2019 ----------------------------------- - Added module RFC5958 providing Asymmetric Key Packages, which is essentially version 2 of the PrivateKeyInfo structure in PKCS#8 in RFC 5208 - Added module RFC8410 providing algorithm Identifiers for Ed25519, Ed448, X25519, and X448 - Added module RFC8418 providing Elliptic Curve Diffie-Hellman (ECDH) Key Agreement Algorithm with X25519 and X448 - Added module RFC3565 providing Elliptic Curve Diffie-Hellman Key Agreement Algorithm use with X25519 and X448 in the Cryptographic Message Syntax (CMS) - Added module RFC4108 providing CMS Firmware Wrapper - Added module RFC3779 providing X.509 Extensions for IP Addresses and AS Identifiers - Added module RFC4055 providing additional Algorithms and Identifiers for RSA Cryptography for use in Certificates and CRLs Revision 0.2.4, released 26-01-2018 ----------------------------------- - Added modules for RFC8226 implementing JWT Claim Constraints and TN Authorization List for X.509 certificate extensions - Fixed bug in `rfc5280.AlgorithmIdentifier` ANY type definition Revision 0.2.3, released 30-12-2018 ----------------------------------- - Added modules for RFC5083 and RFC5084 (CMS) - Copyright notice extended to the year 2019 Revision 0.2.2, released 28-06-2018 ----------------------------------- - Copyright notice extended to the year 2018 - Migrated references from SourceForge - rfc2986 module added Revision 0.2.1, released 23-11-2017 ----------------------------------- - Allow ANY DEFINED BY objects expanding automatically if requested - Imports PEP8'ed Revision 0.1.5, released 10-10-2017 ----------------------------------- - OCSP response blob fixed in test - Fixed wrong OCSP ResponderID components tagging Revision 0.1.4, released 07-09-2017 ----------------------------------- - Typo fixed in the dependency spec Revision 0.1.3, released 07-09-2017 ----------------------------------- - Apparently, pip>=1.5.6 is still widely used and it is not PEP440 compliant. Had to replace the `~=` version dependency spec with a sequence of simple comparisons to remain compatible with the aging pip. Revision 0.1.2, released 07-09-2017 ----------------------------------- - Pinned to pyasn1 ~0.3.4 Revision 0.1.1, released 27-08-2017 ----------------------------------- - Tests refactored into proper unit tests - pem.readBase64fromText() convenience function added - Pinned to pyasn1 0.3.3 Revision 0.0.11, released 04-08-2017 ------------------------------------ - Fixed typo in ASN.1 definitions at rfc2315.py Revision 0.0.10, released 27-07-2017 ------------------------------------ * Fixed SequenceOf initializer to pass now-mandatory componentType keyword argument (since pyasn1 0.3.1) * Temporarily fixed recursive ASN.1 type definition to work with pyasn1 0.3.1+. This is going to be fixed properly shortly. Revision 0.0.9, released 01-06-2017 ----------------------------------- * More CRL data structures added (RFC3279) * Added X.509 certificate extensions map * Added X.509 attribute type map * Fix to __doc__ use in setup.py to make -O0 installation mode working * Copyright added to source files * More PEP-8'ing done on the code * Author's e-mail changed Revision 0.0.8, released 28-09-2015 ----------------------------------- - Wheel distribution format now supported - Fix to misspelled rfc2459.id_at_sutname variable - Fix to misspelled rfc2459.NameConstraints component tag ID - Fix to misspelled rfc2459.GeneralSubtree component default status Revision 0.0.7, released 01-08-2015 ----------------------------------- - Extensions added to text files, CVS attic flushed. - Fix to rfc2459.BasicConstraints syntax. Revision 0.0.6, released 21-06-2015 ----------------------------------- - Typo fix to id_kp_serverAuth object value - A test case for indefinite length encoding eliminated as it's forbidden in DER. Revision 0.0.5 -------------- - License updated to vanilla BSD 2-Clause to ease package use (http://opensource.org/licenses/BSD-2-Clause). - Missing components added to rfc4210.PKIBody. - Fix to rfc2459.CRLDistPointsSyntax typo. - Fix to rfc2511.CertReqMsg typo. Revision 0.0.4 -------------- - CMP structures (RFC4210), cmpdump.py tool and test case added. - SNMPv2c Message syntax (RFC1901) properly defined. - Package version established in form of __init__.__version__ which is in-sync with distutils. - Package meta information and classifiers updated. Revision 0.0.3 -------------- - Text cases implemented - X.509 CRMF structures (RFC2511) and crmfdump.py tool added - X.509 CRL structures and crldump.py tool added - PKCS#10 structures and pkcs10dump.py tool added - PKCS#8 structures and pkcs8dump.py tool added - PKCS#1 (rfc3447) structures added - OCSP request & response dumping tool added - SNMPv2c & SNMPv3/USM structures added - keydump.py moved into pkcs1dump.py - PEM files read function generalized to be used more universally. - complete PKIX1 '88 code implemented at rfc2459.py Revision 0.0.2 -------------- - Require pyasn1 >= 0.1.1 - Fixes towards Py3K compatibility + use either of existing urllib module + adopt to the new bytes type + print operator is now a function + new exception syntax Revision 0.0.1a --------------- - Initial revision, most code carried from pyasn1 examples.