Skip to content

Releases: XML-Security/signxml

v3.0.1

27 Nov 23:32
@kislyuk kislyuk
v3.0.1
0f12337
Compare
Choose a tag to compare
v3.0.1

  • Mark SHA1 as deprecated

    • Aggregate verification settings in SignatureConfiguration dataclass

    • Mark all dataclasses in API as frozen

    • Add ability to assert expected signature location

    • Add ability to assert expected signature algorithms

    • Add ability to assert expected digest algorithms

    • Add MGF1 ("RSASSA-PSS without parameters") algorithm identifiers

    • Remove PSS ("RSASSA-PSS with parameters") and EdDSA algorithm
      identifiers (given low usage and no interop examples, we will not be
      implementing PSS parameters for now; EdDSA key info additionally has
      no standardized way to serialize it)

    • Add debug logging of canonicalization outputs

    • Documentation and formatting improvements

Assets 3
Loading

v3.0.0

14 Nov 00:42
@kislyuk kislyuk
v3.0.0
3902722
Compare
Choose a tag to compare
v3.0.0

  • Add XAdES support

    • Migrate all configuration inputs to enums (string identifiers are still supported, but will be deprecated in a future version)

    • Migrate structured data inputs to dataclasses

    • Deprecate excise_empty_xmlns_declarations

    • Documentation and test infrastructure improvements

    • Clean up top level signxml and signxml.xades namespaces

    • Stop using default_backend for cryptography, it is no longer required

    • Drop Python 3.6 support (#200)

Assets 3
Loading

v2.10.1

09 Sep 23:05
@kislyuk kislyuk
v2.10.1
4fd41bf
Compare
Choose a tag to compare
v2.10.1

  • Do not excise any empty xmlns="" declarations by default. This behavior is now configurable as follows

    ```
signer = XMLSigner()
signer.excise_empty_xmlns_declarations = True
signer.sign(...)
```
```
verifier = XMLVerifier()
verifier.excise_empty_xmlns_declarations = True
verifier.verify(...)
```
    • Documentation and autoformatting improvements
Assets 3
Loading

v2.10.0

21 Aug 04:49
@kislyuk kislyuk
v2.10.0
6d6cb34
Compare
Choose a tag to compare
v2.10.0

  • Excise empty xmlns declarations only in signature, not in payload

    • Add pyinstaller support to signxml (#188)

    • Documentation, test infrastructure, and code organization improvements

Assets 3
Loading

v2.9.0

08 Oct 17:34
@kislyuk kislyuk
v2.9.0
This tag was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 8AFAFCD242818A52
Learn about vigilant mode.
320008f
This commit was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 8AFAFCD242818A52
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.9.0

  • Unlimit cryptography version constraint. Fixes #177

    • Bump pyOpenSSL compat range; add dep version strategy note
Assets 3
Loading

v2.8.2

14 May 23:39
@kislyuk kislyuk
v2.8.2
This tag was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 5BF9FD33EFBB8C4A
Learn about vigilant mode.
e2bf5a4
This commit was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 5BF9FD33EFBB8C4A
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.8.2

  • Allow the combination of X509Data and KeyValue when they represent the same public key (#169)

    • Use self.namespaces signature properties "Object" element (#167)
Assets 3
Loading

v2.8.1

29 Oct 19:55
@kislyuk kislyuk
v2.8.1
This tag was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 8AFAFCD242818A52
Learn about vigilant mode.
3bf7fe2
This commit was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 8AFAFCD242818A52
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.8.1

  • Allow cryptography versions >3 (but <4) (#164)

    • Add support for adding Signature Properties to a detached signature (#160)
Assets 3
Loading

v2.8.0

21 Jun 03:57
@kislyuk kislyuk
v2.8.0
This tag was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 8AFAFCD242818A52
Learn about vigilant mode.
7037431
This commit was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 8AFAFCD242818A52
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.8.0

  • Compare raw digest bytes instead of base64 encoded digests. Fixes #155

    • Initial X509IssuerSerial/X509Digest support

    • Support custom inclusive_ns_prefixes when signing

Assets 3
Loading

v2.7.3

10 Jun 17:04
@kislyuk kislyuk
v2.7.3
This tag was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 8AFAFCD242818A52
Learn about vigilant mode.
29966f8
This commit was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 8AFAFCD242818A52
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.7.3

  • Fix ECDSA signature encoding/decoding (#150)

    • Add InclusiveNamespaces PrefixList support for SignedInfo

    • Test and documentation improvements

Assets 3
Loading

v2.7.2

02 Dec 05:23
@kislyuk kislyuk
v2.7.2
This tag was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 8AFAFCD242818A52
Learn about vigilant mode.
b6bfd45
This commit was signed with the committer’s verified signature.
kislyuk Andrey Kislyuk
GPG key ID: 8AFAFCD242818A52
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.7.2

  • Relax dependency version range on eight

    • Update dependency installation documentation

    • XMLSigner.sign(): add always_add_key_value kwarg to include both
      X509Data and KeyValue for ill-defined signing applications

    • XMLVerifier.verify(): reject signatures that contain both X509Data
      and KeyValue by default; add ignore_ambiguous_key_info kwarg to
      bypass

Assets 3
Loading