Skip to content

Releases: Psychevus/cryptography-suite

Version 3.0.0

08 Aug 11:16
@Psychevus Psychevus
3.0.0
648087d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Version 3.0.0 Latest
Latest

[3.0.0] - 2025-08-08

Added

  • Encrypted KeyVault Serialization
    Full support for encrypted export/import of KeyVault objects using password-protected PEM or JSON with built-in key derivation and MAC integrity.

  • Streaming Encryption API (Beta)
    High-performance Encryptor / Decryptor streaming classes supporting large files, memory-safe operations, and resumable encryption flows.

  • Envelope Encryption Profiles
    Modular EncryptionProfile classes supporting multiple layers (e.g., hybrid + AEAD + metadata) with standardized pre-set profiles.

  • Tokenized Secrets Format
    New schema for secret encoding using Base85, checksum, versioning, and signature — human-readable yet cryptographically verifiable.

  • File-based Audit Logging
    Optional file-logger for sensitive operation logs with structured JSON entries, timestamping, and redacted content previewing.

  • CLI Plugin Loader
    Auto-discovery of external plugin commands via plugins/ folder. Adds support for custom user-defined tools in CLI.

  • XChaCha20Poly1305 AEAD (via libsodium)
    Additional support for extended-nonce AEAD encryption via pynacl.

  • Metadata Signing for Files
    Supports digital signatures attached to encrypted file bundles for tamper detection and integrity assurance.

  • Constant-Time MAC Comparison
    Hardened HMAC and authentication tag verification with timing-attack resistance.

  • Improved PQC Integration
    PQC key serialization (Kyber, Dilithium) with support for interop through standardized containers.

Fixed

  • Resolved edge-cases in hybrid decryption where envelope headers were malformed or truncated.
  • Fixed silent exception masking in with KeyVault: context managers.
  • Eliminated legacy code paths in CLI that caused inconsistency in help behavior.
  • Improved test coverage of error paths and invalid input cases across stream encryption modules.

Improved

  • Modular Internal Architecture
    All cipher operations moved to core.crypto.* modules with improved separation of concerns and logic reuse.

  • Error Reporting
    Unified exception classes with clearer traceback origins and user-level error hints.

  • Secure Defaults Overhaul
    All ciphers now enforce minimum 256-bit key size, 128-bit IV, and SHA3/SHA2 digests where applicable.

  • Type Safety and Hints
    Expanded type hint coverage and integrated mypy compliance for public and private APIs.

  • Build & CI Flow
    pyproject.toml fully restructured with isolated optional dependencies for CLI, PQC, Dev, Docs, etc.

Documentation

  • New User Guide for CLI commands with annotated examples and common use cases.
  • Mermaid-powered architecture and encryption flow diagrams integrated in docs/.
  • All public APIs now fully documented with docstrings, and grouped by module/category in TOC.
  • Markdown README enriched with badges, install examples, and CLI usage.
  • Added SECURITY.md with CVE response policy and dependency security audit checklist.
  • New automated test snippets for key scenarios embedded in CI pipeline.
Assets 2
Loading

Version 2.0.1

25 Jul 02:04
@Psychevus Psychevus
2.0.1
16830d5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Version 2.0.1

[2.0.1] - 2025-07-25

Fixed

  • TOTP/HOTP Secret Handling:
  • Auto-padding now applied to base32 secrets to prevent Incorrect padding errors when decoding malformed or legacy secrets.
  • Secrets like JBSWY3DPEHPK3PXP (16 chars) will now decode without error.
  • Added regression tests to ensure future stability of OTP flows.

Documentation

  • Updated README with correct secret padding note under OTP section.
  • Bumped version in README badges, setup.py, and PyPI metadata to 2.0.1.

Secure. Verified. Stable.

Loading

Version 2.0.0

25 Jul 01:05
@Psychevus Psychevus
2.0.0
1c9d3ba
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Version 2.0.0

[2.0.0] - 2025-07-24

Added

  • Hybrid Encryption
    Seamless integration of AES-GCM with RSA/EC key wrapping for secure and efficient file encryption.

  • Post-Quantum Cryptography (PQC)
    Native support for Kyber512, Dilithium2, and Sphincs+ with graceful fallback.

  • ChaCha20Poly1305 AEAD
    Secure authenticated encryption with modern stream cipher via cryptography’s native support.

  • BLS Signatures
    Support for Boneh–Lynn–Shacham (BLS12-381) signatures and verification.

  • KeyVault
    Secure in-memory key protection and zeroization with with-context support.

  • Audit Logging
    Optional Fernet-encrypted logging of sensitive operations using decorators.

  • Signal Protocol Primitives
    SignalSender/Receiver proof-of-concept classes for future secure messaging workflows.

  • ZK Proofs (experimental)
    Pluggable wrappers for SNARK/Bulletproof protocols with conditional dependencies.

  • CLI Tool Enhancements
    More commands (hash, generate-key, encrypt-file, decrypt-file, etc.) added with auto-help support.

Fixed

  • Resolved all Type Hint inconsistencies across public APIs for full mypy compatibility.
  • Fixed edge-case decoding bugs when decrypting malformed input under AES-GCM.
  • Prevented verbose-mode leaks of sensitive values under debug logging.
  • Removed broken/unsafe experimental ciphers from default exports (ascon, salsa20).

Improved

  • Unified KDF selection and parameter handling (Argon2id, Scrypt, PBKDF2) via centralized utility module.
  • Secure defaults enforced across key serialization and password-protected PEMs.
  • Fully modular architecture refactored for lazy imports and smaller install footprint.
  • Internal constants (DEFAULT_SALT_LEN, IV_SIZE, KDF_PARAMS) moved to dedicated constants module.
  • Restructured project tree to separate production logic, experimental modules, and testing code cleanly.

Documentation

  • All public APIs documented with rich docstrings, type annotations, and usage examples.
  • Architecture page now includes full module dependency graph (Mermaid rendered).
  • A new “Security Considerations” section added with safe usage tips and insecure cipher warnings.
  • Code examples in README synced and tested via CI (test_readme_snippet).
  • PyPI package metadata expanded with tags, links, and detailed classifiers.

Note: This release drops support for Python <3.10 and stream ciphers without authentication.
Users are encouraged to migrate to AEAD modes (AES-GCM, ChaCha20-Poly1305) or PQ-hybrid encryption pipelines.

Secure. Performant. Post-Quantum Ready.

Loading

Version 1.0.0

04 Dec 14:58
@Psychevus Psychevus
1.0.0
44ac1b3

Choose a tag to compare

View all tags
Version 1.0.0

[1.0.0] - 2024-12-04

Added

  • SPAKE2 implementation.
  • More comprehensive unit tests with 95% coverage.

Fixed

  • Resolved missing attributes in test cases.

Improved

  • Optimized the project structure and documentation for developer usability.
Loading

Version 0.1.0 - Initial Release

09 Nov 17:11
@Psychevus Psychevus
0.1.0
6cca368

Choose a tag to compare

View all tags
Version 0.1.0 - Initial Release

Initial Release:

  • Initial features included (AES encryption, RSA key management, etc.)
  • Any notable improvements, security enhancements, or bug fixes
  • Link back to relevant sections in your README.md for quick access.
Loading