CHANGELOG

Development
=============

Version 0.12
==================

* Switch to GPLv2-or-later license


Version 0.11
==================

* Add CLI for Flightbox operations
* Allow listing and purging UNFINISHED cryptainers in cryptainer storages
* Add support for custom "cryptainer encryption stream" class in recording system
* Pretty-print decryption error report in CLI
* Add validate_data_against_schema() utility to factorize code
* Rename "errors" to "operation_report" in cryptainer decryption process, for clarity
* Add nesting to error report, to better understand the steps of decryption operations
* Rename private API split_as_formatted_data() to gather_data_as_blocks()
* Rework cryptainer storage API to allow synchronous operations
* Document CLI using sphinxcontrib.programoutput utility
* Stop automatically deleting files when they get encrypted (it makes no sense on the CLI)
* Auto-close CryptainerEncryptionPipeline stream on init error
* Remove keychain_uid from toolchain parameters, and fetch it from cryptoconf root if available
* Improve handling of stop failures for sensors
* Add lots of little bugfixes


Version 0.10
==================
* Allow symmetric algos in key encryption layers, thus making cryptainers deeply recursive
* Add a "summarize" CLI command, to display the structure of cryptoconfs and cryptainers
* Normalize keystore.get_keystore_metadata(), pool.get_foreign_keystore_metadata(keystore_uid) and pool.get_all_foreign_keystore_metadata() utilities, and add KeystoreMetadataDoesNotExist exception subtype
* Rename pad()/unpad() crypto utilities to pad_bytes()/unpad_bytes()
* Add PeriodicSensorRestarter and PeriodicSubprocessStreamRecorder sensor bases (private for now)


Version 0.9
==================
* Rename from "digest_list" to "ciphertext_chunks" the internal structure of RSA-OAEP ciphertext (but keep retrocompatibility)
* Implement support for USB device discovery on Apple platform
* Make get_trustee_id() a public API
* Add keystore_owner an optional field to "authenticator" trustee
* Rename ambiguous FilesystemKeystorePool get_foreign_keystore_metadata() to get_all_foreign_keystore_metadata()
* Rename check_conf_sanity() to check_cryptoconf_sanity()
* Add FilesystemKeystorePool.get_keystore_metadata() method
* Remove all junk files from published package, it must contain only wacryptolib, not tests/docs/changelog files else they pollute site-packages/
* Move crypto implementation to _crypto_backend/pycryptodome.py
* Add fallback crypto utilities for iOS where dlopen() is forbidden (so pycryptodome doesn't work)
* Change implementation of _compute_timestamped_hash() (will break existing signatures)
* Add gather_decryptable_symkeys() utility to cryptainer
* Rename PermissionAuthenticatorError to AuthenticationError
* Relax python versions supported in pyproject.toml
* Add MIT License
* Add keystore_creation_datetime field to authenticator metadata
* Change the name of the authenticator storage folder from ".authenticator" to "authenticator.keystore" with retrocompatibility
* Rename keystore metadata file from ".keystore.json" to "keystore_metadata.json" with retrocompatibility
* Refactor CryptainerDecryptor class to report errors as a list instead of raising exceptions
* Integrate support for remote decryption authorizations in CryptainerDecryptor
* Adjust the exceptions raised e.g. during PEM key loading
* Remove unsafe import_foreign_keystore_from_filesystem(), replaced by import from keystore tree
* Update keystore import/export methods so that they include new fields like "keystore_creation_datetime"


Version 0.8
==================

* Change the filename and fields of keystore metadata
* Add methods to import/export data in keystores and keystore-pools
* Gather small functions in utilities.py
* Add schema validators for internal use
* Rename "verify" argument of decryptors to "verify_integrity_tags"
* Change cryptainer algorithm to always store cryptainer_metadata along the encrypted symkey, and access them in Trustee API
* Rename DummyKeystore to InMemoryKeystore


Version 0.7
==================

* Prefix WIP containers with ~ so that they don't show up in management interfaces
* Make BIG REFACTORING (incompatible) of the codebase, with new naming of concepts and new container structure
* Add docs/concepts.rst to describe new concepts of the lib
* Change layout of user-profile directories
* Make "payload_digest" and "payload_signature_struct" optional in data schema
* Change exceptions hierarchy
* Implement "--cryptoconf" argument for CLI
* Add ReadonlyCryptainerStorage and ReadonlyFilesystemKeystore
* Replace len(cryptainer_storage) by cryptainer_storage.get_cryptainer_count()
* Replace len() of data aggregator and tarfile aggregator by custom methods


Version 0.6
==================

* Allow shamir shared secrets where threshold==shares_count
* Allow open file handles in enqueue_file_for_encryption()
* Rename message "prehash" as "digest"
* Rename max_containers_count as max_container_count
* Implement container purges based on total disk quota and container ages
* Make containers a recursive structure of "shamir" and "normal" strata
* Add support for Python 3.9 and 3.10
* Add authenticator submodule
* Add StreamManager and ContainerEncryptionStream API
* Make symmetric keys be dicts instead of bytes
* Add integrity tags (Poly1305, EAX...) to containers
* Add fields "message_digest" and "container_state" to container
* Add verify=True/False parameter to decryption API
* Add wacryptolib_installer.py
* Add check_container_sanity() and check_conf_sanity() API
* Optimize test runs via asymmetric key caching


Version 0.5.2
==================

* Repair linux version of USB authentication device listing


Version 0.5.1
==================

* Fix declaration of platform-specific dependencies


Version 0.5
==================

* Add API to list and initialize USB "authentication devices"
* Introduce KeyStorage pool, containing local and imported key storages
* Allow importing keypairs from authentication devices
* Add support for Shamir Shared Secrets in container encryption/decryption toolchain
* Allow listing of keypairs in FilesystemKeyStorage
* Support offloading of ciphertext in separate file nearby the json container
* Accept and normalize unicode passphrases as NFKC/UTF8 bytesstrings
* Begin using custom functional exceptions in APIs
* Extend ContainerStorage API to load containers or override encryption parameters per-file
* Allow overriding keychain_uid at different levels of encryption configuration


Version 0.4
==================

* Improve Key storage API to separate private and public keys
* Add FilesystemKeyStorage implementation
* Add APIs and workers for pregeneration of free keypairs
* Add Base classes for poll/push sensors
* Add some logging in encryption toolchain
* Add metadata to storage containers, and get_encryption_configuration_summary() utility
* Make UUIDs include a timestamp
* Add request_decryption_authorization() to Escrow API
* Complete error conversion utilities (using StatusSlugs for webservices)
* Add hashing utilities
* Ensure escrows only sign hashes, never real data
* Refactor key types to separate encryption and signature keys.
* Perform container encryption in a separate threads pool


Version 0.3
==================

* Rename key length arguments to distinguish bytes and bits
* Add thread-safe data aggregation classes ContainerStorage, TarfileAggregator and JsonAggregator
* Add JsonRpcProxy class
* Add url-based escrow type
* Add drafts of private error handling utilities


Version 0.2
==================

* Add Extended Json utilities to deal with both str and bytes
* Make most arguments of public functions keyword-only
* Forbid too small key lengths


Version 0.1
==================

* Draft of wacryptolib API