Skip to content

v2.0.0

Latest
Latest

Choose a tag to compare

View all tags
@robin-nitrokey robin-nitrokey released this 15 Oct 13:12
v2.0.0
This tag was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Verified
Learn about vigilant mode.
f67e9a3
This commit was signed with the committer’s verified signature.
robin-nitrokey Robin Krahl
GPG key ID: 34F47D2F044B8F17
Verified
Learn about vigilant mode.

This release adds support for the new features introduced in NetHSM v3.0 and improves the key ID handling.

Breaking Changes

  • Remove support for EC_P224 keys
  • Remove enable_set_attribute_value config option
  • Reject invalid IDs when creating or changing objects

Features

  • Add support for EC_P256K1, BrainpoolP256, BrainpoolP384 and BrainpoolP512 keys (requires NetHSM v3.0 or later)
  • Implement C_SetAttributeValue for CKA_ID to support renaming keys (requires NetHSM v3.0 or later)
  • Add CKF_ENCRYPT flag for CKM_RSA_PKCS

Bugfixes

  • Fix ID validation. The new requirements are:
    • The ID must not be empty and not be longer than 128 characters.
    • The first character must be in the range a-z, A-Z or 0-9.
    • The remaining characters must be in the range a-z, A-Z or 0-9 or one of the characters ., -, _.
    • The characters ., - and _ can only be used with NetHSM v3.0 or later.

Bugfixes

  • Remove corresponding certificate and public key objects from the cache if a private key is deleted (#260)

Compatibility

  • This release is fully compatible with NetHSM v3.1.
  • This release is generally compatible with NetHSM v1.0, v2.0, v2.1, v2.2 and v3.0 but not all features are available on these versions (as indicated in the changelog entries).
  • RSA signatures using the PKCS1 mechanisms do not work with NetHSM v3.0.

Full Changelog

Assets 10
Loading