You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CONTRIBUTORS.html
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -508,7 +508,7 @@
508
508
<li>Adam Vartanian <https://github.com/flooey> use of ShortBuffer exception and buffer size pre-check in Cipher.doFinal().</li>
509
509
<li>Bernd <https://github.com/ecki> Fix to make PGPUtil.pipeFileContents use buffer and not leak file handle.</li>
510
510
<li>Shartung <https://github.com/shartung> Additional EC Key Agreement algorithms in support of German BSI TR-03111.</li>
511
-
<li>Paul Schaub <https://github.com/vanitasvitae> bringing PGPSecretKey.getUserIds() into line with PGPPublicKey.getUserIds(). Exception message fix in BcPublicKeyDataDecryptorFactory. Additional tests on PGP key ring generation. Improved functionality of PGPSignatureSubpacketGenerator, PGPPublicKeyRing. Tweaks to PGPDataEncryptorBuilder interface, fix for JcaPGP/BcPGP Ed25519 private key conversion. Added configurable CRC detection to ArmoredInputStream, additional control character skipping in ArmoredInputStream. Rewind code for PGPPBEEncryptedData, addition of PGPSignature.getDigestPrefix(). Wrong list traversal fix in PGPSecretKeyRing. Further improvement to use of generics in PGP API. General interop improvements. PGP Public / Secure keyring ignore marker packets when reading. Initial work on PGP session key handling, filtering literal data for canoncialization. Addition of direct key identified key-ring construction. PGPSecretKeyRing.insertOrReplacePublicKey addition. Addition of PGP regexp packet, PolicyURI packet handling, UTF8 comment testing.</li>
511
+
<li>Paul Schaub <https://github.com/vanitasvitae> bringing PGPSecretKey.getUserIds() into line with PGPPublicKey.getUserIds(). Exception message fix in BcPublicKeyDataDecryptorFactory. Additional tests on PGP key ring generation. Improved functionality of PGPSignatureSubpacketGenerator, PGPPublicKeyRing. Tweaks to PGPDataEncryptorBuilder interface, fix for JcaPGP/BcPGP Ed25519 private key conversion. Added configurable CRC detection to ArmoredInputStream, additional control character skipping in ArmoredInputStream. Rewind code for PGPPBEEncryptedData, addition of PGPSignature.getDigestPrefix(). Wrong list traversal fix in PGPSecretKeyRing. Further improvement to use of generics in PGP API. General interop improvements. PGP Public / Secure keyring ignore marker packets when reading. Initial work on PGP session key handling, filtering literal data for canoncialization. Addition of direct key identified key-ring construction. PGPSecretKeyRing.insertOrReplacePublicKey addition. Addition of utility methods for joining/merging signatures and public keys. Addition of PGP regexp packet, PolicyURI packet handling, UTF8 comment testing.</li>
512
512
<li>Nick of Nexxar <https://github.com/nros> update to OpenPGP package to handle a broader range of EC curves.</li>
513
513
<li>catbref <https://github.com/catbref> sample implementation of RFC 7748/Ed25519 (incorporated work from github users Valodim and str4d as well).</li>
514
514
<li>gerlion <https://github.com/gerlion> detection of concurrency issue with pre-1.60 EC math library.</li>
Copy file name to clipboardExpand all lines: docs/releasenotes.html
+25-1Lines changed: 25 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -27,18 +27,42 @@ <h2>2.0 Release History</h2>
27
27
Date: TBD.
28
28
<h3>2.1.2 Defects Fixed</h3>
29
29
<ul>
30
+
<li>In line with GPG the PGP API now attempts to preserve comments containing non-ascii UTF8 characters.</li>
31
+
<li>An accidental partial dependency on Java 1.7 has been removed from the TLS API.</li>
32
+
<li>JcaPKIXIdentityBuilder would fail to process File objects correctly. This is now fixed.</li>
33
+
<li>Some byte[] parameters to the CMP API were not being defensively cloned to prevent accidental changes. Extra defensive cloning has been added.</li>
34
+
<li>CMS primitives would sometimes convert ASN.1 definite-length encodings into indefinite-length encodings. The primitives will now try and preserve the original encoding where possible.</li>
35
+
<li>CMSSignedData.getAttributeCertificates() now properly restricts the tag values checked to just 1 (the obsolete v1 tag) and 2 (for the more current v2 certificates).</li>
36
+
<li>BCJSSE now tries to validate a custom KeyManager selection in order to catch errors around a key manager ignoring key type early.</li>
37
+
<li>Compressed streams in PGP ending with zero length partial packets could cause failure on parsing the OpenPGP API. This has been fixed.</li>
38
+
<li>The fallback mode for JceAsymmetricKeyWrapper/Unwrapper would lose track of any algorithm parameters generated in the initial attempt. The algorithm parameters are now propagated.</li>
39
+
<li>An accidental regression introduced by a fix for another issue in PKIXCertPathReviewer around use of the AuthorityKeyIdentifier extension and it failing to match a certificate uniquely when the serial number field is missing has been fixed.</li>
30
40
</ul>
31
41
<h3>2.1.3 Additional Features and Functionality</h3>
32
42
<ul>
33
43
<li>Support has been added for OpenPGP regular expression signature packets.</li>
44
+
<li>Support has been added for OpenPGP PolicyURI signature packets.</li>
45
+
<li>A utility method has been added to PGPSecretKeyRing to allow for inserting or replacing a PGPPublicKey.</li>
34
46
<li>A utility method has been added to PGPSecretKeyRing to allow for inserting or replacing a PGPPublicKey.</li>
35
47
<li>The NIST PQC Finalist, Classic McEliece has been added to the low level API and the BCPQC provider.</li>
36
48
<li>The NIST PQC Alternate Candidate, SPHINCS+ has been added to the BCPQC provider.</li>
37
49
<li>The NIST PQC Alternate Candidate, FrodoKEM has been added to the low level API and the BCPQC provider.</li>
38
-
<li>The NIST PQC Alternate Candidate, SABER has been added to the low level API and the BCPQC provider.</li>
50
+
<li>The NIST PQC Finalist, SABER has been added to the low level API and the BCPQC provider.</li>
39
51
<li>KMAC128, KMAC256 has been added to the BC provider (empty customization string).</li>
40
52
<li>TupleHash128, TupleHash256 has been added to the BC provider (empty customization string).</li>
41
53
<li>ParallelHash128, ParallelHash256 has been added to the BC provider (empty customization string, block size 1024 bits).</li>
54
+
<li>Two new properties: "org.bouncycastle.rsa.max_size" (default 15360) and "org.bouncycastle.ec.fp_max_size" (default 1042) have been added to cap the maximum size of RSA and EC keys.</li>
55
+
<li>RSA modulus are now checked to be provably composite using the enhanced MR probable prime test.</li>
56
+
<li>Imported EC Fp basis values are now validated against the MR prime number test before use. The certainty level of the prime test can be determined by "org.bouncycastle.ec.fp_certainty" (default 100).</li>
57
+
<li>The BC entropy thread now has a specific name: "BC-ENTROPY-GATHERER".</li>
58
+
<li>Utility methods have been added for joining/merging PGP public keys and signatures.</li>
59
+
<li>Blake3-256 has been added to the BC provider.</li>
60
+
<li>DTLS: optimisation to delayed handshake hash.</li>
61
+
<li>Further additions to the ETSI 102 941 support in the ETSI/ITS package: certification request, signed message generation and verification now supported.</li>
62
+
<li>CMSSignedDataGenerator now supports the direct generation of definite-length data.</li>
63
+
<li>The NetscapeCertType class now has a hasUsages() method on it for querying usage settings on its bit string.</li>
64
+
<li>Support for additional input has been added for deterministic (EC)DSA.</li>
65
+
<li>The OpenPGP API provides better support for subkey generation.</li>
If used for key wrapping via the Cipher class, you will also need to make use of the KEMParameterSpec class to specify a symmetric wrapping algorithm.
770
+
</p>
771
+
<p>
772
+
If access to the shared secret is required, KeyGenerator implementations can also be used in conjuction with the KEMGenerateSpec and the KEMExtractSpec which return the shared secret directly.
773
+
</p>
739
774
<h4>ECIES</h4>
740
775
<p>
741
776
An implementation of ECIES (stream mode) as described in IEEE P 1363a. This now based more formally on Victor Shoup's paper and should be compatible with the implementation in Crypto++ (version 6 onwards).
0 commit comments