v1.3.0

Features

• Now build implements the option '--clean-modules' making clean builds easier.
• Cmd tool's system tests tidied up.
• Soft-tokens implemented.
• Manual reader implemented through command 'man'.
• Build adjustments for MINIX.
• Pager selection improved on ('status' command).
• Stop using DES for catalog encryption.
• Showing available kdfs through command 'show' (kdfs).
• Fixing get_test_protlayer(). It was making tests break randomly.
• Using snprintf instead of sprintf when possible.
• Using strncat instead of strcat when possible.
• Encryption by socket hooking implemented in NetBSD, but e2ee not implemented yet.
• Now also running net tests on FreeBSD, OpenBSD and NetBSD.
• Commands 'lock *' and 'unlock *' speeded.
• Now is possible to pass extended asciis as cipher parameters by using escaped chars
  (e.g.:\xde\xad\xbe\xef).
• All protection layer is being encoded with radix-64 inside the catalog.
• Native memcmp, memcpy and memset were implemented (libc hook avoidance measure).
• Now linking statically when possible (libc hook avoidance measure).
• Now build searches for bad functions usages.
• Testing for libc hooking avoidance.
• Implemented the command 'count'.

Bugfixes

• None!:1st_place_medal:

v1.2.0

Features

• Now GCM mode is also available. The current supported ciphers (according to user's build options) are: AES, CAMELLIA, RC6, MARS, NOEKEON, NOEKEON-D and SERPENT.
• HMAC + GCM was implemented (yes, overkill but possible).
• Two new hash functions are avaiable: Blake2s-256 and Blake2b-512.
• New HMACs schemes based on Blake2s-256 and Blake2b-512 usage.
• Now is possible to use an external KDF instead of the native. The available KDFs are: HKDF, PBKDF2 and ARGON2I.
• Internal key crunching improved on.
• Implementing repo options through .bcrepo/CONFIG file.
• Implemented do command (command line tool).
• Minor improvements on info command output (command line tool).
• First-layer key was enhanced against dictionary attacks. Old repos will be automatically enhanced.
• Windows port (no net, paranoid nor lkm commands are available).
• Build fine tunings to easily build in OpenBSD.
• Build improved on. Now protection layers picked during the tests are based on the ciphers selected by the user during the build.
• Another build improvement. Were introduced two build compatibility files: BCDEV_PLATFORMS and SKIP_NET_TESTS.
• Now untouch command can also change time date metainfo from directories.
• Status output viewer by using .bcrepo/CONFIG/status-viewer.

Bugfixes

• Data corruption when changing keys. Now the protection layer is always re-constructed in order to avoid this kind of trouble [commit-id#7fb45df].
• Bugfix in paranoid command. The options were not being properly read [commit-id#b571fee].
• Bugfixes related to stream ciphers Rabbit and SEAL2/3 [commit-id#29bb5e8].
• Bugfix in a memcpy with wrong size. Sometimes it was causing heap corruption [commit-id#444b32c].
• Bugfix related to wrong memory area returned when calculating modular inverse by right shifts [commit-id#655bf9f].
• Bugfix related to heap corruption during RC2 key schedule [commit-id#5fde53b].

v1.0.0

Features

• Code re-written from its original 2006 code.
• Now files are encrypted and gathered by using a scm concept (repository).
• Cryptographic library also re-written.
• More encryption schemes are available, including HMACs.
• Available mode of operations: CBC, CTR, OFB.
• Possibility of protecting the repository with one or two keys (keyed alike or twice).
• Usage of key derivation functions when assembling the protection layer from the user key(s).
• Adoption of more modern and secure hash functions.
• The first layer key can also be authenticated with bcrypt.
• Now cascading can be applied by using two ways (single and otp).
• Vpn tunnel less dependent of environment conveniences (by using socket functions hooking).
• For network encryption, E2EE also available with double ratchet like mechanism.
• Vpn tunnel can use modified DH scheme for a session key agreement.
• Plausibly deniable encryption.
• Data wiping using some points observed in DoD 5220.22-M.
• A command to set the file access time (access, creation, edition) for a default one.
• Device driver for NetBSD, FreeBSD and Linux that enforces some paranoid cares: by detecting syscall hooking, hiding the files in a repository, hiding the entire repository in order to avoid data leaking (some intruder downloading your stuff). Enforcing the main idea: when you got a leak, it was the minimum leakage possible.
• Now UUEncode is also a option for data encoding besides Radix-64.
• RAM swapping mitigation by using Posix capabilities.

Bugfixes

• otp dumper was not being included during the writing verification [commit-id: #b16334].