All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog
- The default PBKDF2 iterations has been increased from 10,000 to 600,000. Review
uses of the following methods. Specify the numbers iterations when calling the method
if your code depends on the iterations to stay the same :
derive_key_pbkdf2,deriveKeyPbkdf2,DeriveKeyPbkdf2,EncryptWithPassword,EncryptWithPasswordAsBase64String,DecryptWithPassword,DecryptWithPasswordAsUtf8String,DeriveKey
- Multiple functions, such as
generate_keyandhash_password, now return aResultdue to therandlibrary upgrade.
- C#: Nullable annotations were added for nullable reference types.
- C#: Removed
EncryptWithKeyAsString,EncryptWithPasswordAsString,DecryptWithKeyAsString,DecryptWithPasswordAsString,GenerateAPIKey.
- Online encryption feature
- AAD feature
- Removes the
derive_keypairfunction as it was not used and was broken. - Added
constant_time_equalsin the utils.
- Added the
signing_keyandsignaturemodules to support public key signing using ed25519.
- Added
scrypt_simpleto Rust and C#
- Fixed missing file in NPM package
- Added
derive_key_argon2()method to derive a symmetric key from a set ofArgon2Parameters.
- Renamed
derive_key()toderive_key_pbkdf2().
- Added a legacy decryption handler, in case the header is invalid.
- Binded a Rust Scrypt method to WASM for a very specific use case, and this might be removed in the future, so don't rely on it.
- Binding to base64 encoding/decoding in url-safe format.
- Prevent derivation if encryption/decryption data is null.
- Fixes for Internet Explorer and Safari.
- Fixed crash in the GetDecodedLength method.
- Added Base64 bindings in utils
- Fixed iOS linking issue with multiple rust libraries.
base64urlEncodeandbase64urlDecodemethods to encode data to be passed by a URL.
- Wrapper for the shamir secret sharing feature.
utils::validate_header()
validateHeader()- Enumerations for versions instead of numbers.
- Fixed the Argon2Parameters for the Xamarin Mac Modern, iOS, Android caused by a typo in the entry point.
DataType.Hashis now deprecated and has been replaced byDataType.PasswordHash.Managed.ValidateSignatureis now deprecated and has been replaced byManaged.ValidateHeader- Performance improvements for the Derive Key bug.
- The entire API has been changed. Please refer to the documentation and the README.
- iOS 32 bit platforms no longer supported. They are now Tier 3. (i386, armv7, armv7s)
- The Xamarin Mac Modern platform is now tested.
- The Xamarin iOS platform is now tested.
- Asymmetric encryption. (Rust, C#, JS)
- Derive key pair from a password. (Rust, C#, JS)
- Shamir Secret Sharing. (Rust, JS)
- Official Javascript/Typescript support.
- Documented most functions and enums.
- The following functions have been added in the
Utils. It is not recommended to use them for performance reasons. Keep usingValidateSignature(byte[], DataType)when possible.ValidateSignatureFromBase64ValidateSignatureFromStream
- Renamed functions to be more consistent with what they do. The old functions now have the [Obsolete] attribute.
StringToByteArrayis nowStringToUtf8ByteArrayByteArrayToStringis nowByteArrayToUtf8StringDecodeis nowDecodeFromBase64Encodeis nowEncodeToBase64String
- Fixed issue in the
DeriveKey()function- Confusion between bits and bytes. The keys generated by the function would be 256 byte instead of 32 byte. The error is now fixed and our decryption will fallback to 256 bytes if the decryption fail.
DevolutionsCryptoExceptionshave now more details in the message and the stack trace.
- Renamed the following function
GenerateKeyExchangetoGenerateKeyPair
- Renamed the following class
KeyExchangetoKeyPair
- The function
DecryptWithKeyhad aiterationsparameter that wasn't used so it has been removed. - The function
DeriveKeynow returns a key of 32 bytes by default instead of 256 bytes, which couldn't be changed. If you already use the method, you can override the default value to 256 and the old data will still work, however it is recommended to migrate to 32 bytes key, mostly for performance reasons.
The API has completely changed since 0.3 to respect Javascript/Typescript coding styles. Notably, function names has been renamed
to follow the camelCase convention and types has been added to prevent key misuse. Also, Typescript declaration has been fixed.
- Added unit tests for
- Asymmetric encryption (C#, Rust, JS)
- Derive key pair from a password. (C#, Rust, JS)
- Secret Sharing (Rust, JS)
- Added conformity tests to make sure that old versions are not broken and that all languages are compatible.
- Key Derivation (C#, Rust, JS)
- Keypair Derivation (C#, Rust, JS)
- Symmetric decryption V1 and V2 (C#, Rust, JS)
- Asymmetric Decryption V2 (C#, Rust, JS)
- Password Hashin V1 (C#, Rust, JS)
- The Xamarin Mac Full platform is now tested.
- The Javascript/Typescript API is now tested using NodeJS, instead of only testing the browser features.
- The tests were not running, this has been fixed.
The CI now ensures that code pushed to the project is respecting our standards. It also prevent merge conflicts caused by the code formatting.
- Uses SecurityCodeScan and StylecopAnalyzers for code formatting checks.
- Warnings are now treated as errors.
- Uses rustfmt and rust-clippy for code formatting checks.
- Tests use eslint for formatting, using JavaScript Standard Style