Version 2.3.0

Changes

Additions

• Added SignatureContainer.MaxArrayLength
• Added AsymmetricKeyBase.MaxArrayLength
• Added CryptoEnvironment.Options.AsymmetricKeyMaxArrayLength
• Added CryptoEnvironment.Options.SignatureContainerMaxArrayLength

Fixed bugs

• Fixed SignatureContainer max. signer/counter signer key data length
• Fixed AsymmetricPublicKeySigningRequest serialized data limits
• Fixed AsymmetricKeyBase serialized data limits
• Fixed AsymmetricSignedPublicKey serialized data limits

Full Changelog: v2.2.0...v2.3.0

Version 2.2.0

Changes

Additions

• SignedAttributes.ValidationOptions can now be extended, and the GetCopy method is virtual

Fixed bugs

• Fixed SignatureContainer signer/counter signer public key serialization (increased object version to 2)
• Fixed client/server authentication key (signature request) signer validation

Full Changelog: v2.1.1...v2.2.0

Version 2.1.1

Changes

• Fixed hash and MAC algorithm base classes memory hash and MAC methods didn't dispose the used (Keyed)HashAlgorithm instance

Full Changelog: v2.1.0...v2.1.1

Version 2.1.0

Changes

Breaking changes

• IKeyExchangePrivateKey now inherits IKeyExchange
• Added SignedAttributes.PKI_SIGNATURE
• SignedPkiStore.RevokeKey(Async) will now revoke signed keys recursive, too
• AsymmetricSignedPublicKey.Validate(Async) will now validate attributes, too

Additions

• Added IKeyExchange
• PrivateKeySuite impements IKeyExchange over KeyExchangeKey now
• Pake impements IKeyExchange now
• EncryptionAlgorithmBase.DefaultOptions is virtual now
• Added CryptoOptions.(Default)(Async)EncryptionPasswordPreProcessor
• Added CryptoEnvironment.Options.(Async)EncryptionPasswordPreProcessor
• Added CryptoOptions.SetNew(Mac)Password
• Added SignedAttributes.ValidationOptions
• Added SignedAttributes.AdditionalValidation(Async)
• Added CryptoEnvironment.Options.DefaultAllowedValidationDomains
• Added CryptoEnvironment.Options.DefaultDeniedValidationDomains
• Added CryptoEnvironment.Options.DefaultAllowedKeyValidationApiUris
• Added CryptoEnvironment.Options.DefaultDeniedKeyValidationApiUris
• Added CryptoEnvironment.Options.DefaultAllowedUsages
• Added CryptoEnvironment.Options.DefaultDeniedUsages
• Added CryptoEnvironment.Options.DefaultRequiredUsages
• Added CryptoEnvironment.Options.DefaultRequireKeyExchangeCounterKey
• Added CryptoEnvironment.Options.DefaultRequireSignatureCounterKey
• Added CryptoEnvironment.Options.DefaultRequireCipherSuite
• Added CryptoEnvironment.Options.DefaultRequireSerial
• Added SignedAttributes.Validate(Async)
• AsymmetricSignedPublicKey.Validate(Async) supports additional (deep) attribute validation now
• Added AsymmetricSignedPublicKeyTypes PKI key type enumeration
• Added AsymmetricSignedPublicKey.Type
• Added SignedPkiStore.GetSignedKeys(Async)
• Added SignedPkiStore.GetKeyType(Async)

Fixed bugs

• Fixed encryption algorithm doesn't use encryption options when getting/ensuring the defaults
• Fixed missing call to Dispose on a key during asymmetric serialization tests
• Fixed CryptoOptionsFluentExtensions.WithoutPassword didn't set the Password property value to null
• Fixed CryptoOptions.SetCounterKeys overwrote AsymmetricAlgorithm instead of AsymmetricCounterAlgorithm

Full Changelog: v2.0.0...v2.1.0

Version 2.0.0

Changes

Breaking changes

• Build target is .NET 8 now
• Corrected TimeoutToken.Timeleft to TimeLeft
• Hybrid key exchange uses the ExtendKey method now, which isn't downward compatible to the used password extension method from v1
• PBKDF#2 defaults to 250,000 iterations, 16 byte min. salt length and SHA3-384 now
• Using SHA3 hash/HMAC 512 als default algorithms now
• Default post quantum hash algorithm is now SHA3-512
• Default post quantum MAC algorithm is now HMAC-SHA3-512
• ValueProtection default keys using the default hash algorithm now
• Asymmetric private key data is PKCS#8 now
• Added AsymmetricAlgorithmBase.DeserializePrivateKeyV1 for converting library v1 private key data

Additions

• Added SHA3 hash and MAC algorithms (256/384/512)
• Added Shake128/256 hash algorithms
• Added SP 800-108 HMAC CTR KBKDF algorithm
• DEK length of encryptable objects can now be defined in the DekAttribute constructor (may be overridden in the EncryptProperties method parameters)
• Added virtual DekAttribute.Length property
• Added KdfPbKdf2Options.DefaultHashAlgorithm
• Added CryptoEnvironment.Options.PbKdf2HashAlgorithm
• Added CryptoEnvironment.Options.Sp800_108HashAlgorithm
• Added IEncryptPropertiesKek
• Added IEncryptPropertiesKek.AutoEn/DecryptObject extension methods
• Added CryptoEnvironment.Options.StrictPostQuantum for calling CryptoHelper.ForcePostQuantumSafety when configuring using CryptoEnvironment.Configure
• Added ICryptoAlgorithm.UsesTpm and CryptoAlgorithmBase.UsesTpm
• Added ValueProtectionKeys, ValueProtectionLevels and ValueProtectionLevelsExtensions
• Added CryptoEnvironment.Options.ValueProtection(Tpm)MacAlgorithm
• Added CryptoEnvironment.Options.UseCryptoExceptionDelay to disable a random delay on a CryptographicException
• Added CryptoOptions.Encryption/AsymmetricAlgorithmOptions
• Added DisposableCryptoOptions
• Added AsymmetricAlgrithmBase.DefautAlgorithmOptions and IAsymmetricAlgorithm.DefaultAlgorithmOptions
• Added CryptoHelper.RemoveUnsupportedAlgorithms
• Added AsymmetricVoidAlgorithm/PublicKey/PrivateKey
• Added EncryptionVoidAlgorithm

Fixed bugs

• Fixed wrong shared hashing tests
• Fixed missing KDF options in serialized CryptoOptions
• Fixed CryptoAlgorithmBase implementing ICryptoAlgorithm

Removals

• Disabled algorithms which are not supported on the testing platform

Full Changelog: v1.26.1...v2.0.0

Version 1.26.1

Changes

• Updated references

Full Changelog: v1.26.0...v1.26.1

Version 1.26.0

Changes

• Added MacSignature
• Added SharedSecret
• Added ISecureValue
• Added ValueProtection
• Added CryptoEnvironment.Options.(Process/User/System)ScopeKey

Full Changelog: v1.25.0...v1.26.0

Version 1.25.0

Changes

• Added RngSeedTimer
• SymmetricKeySuite.Identifier/ExpandedKey have a protected setter now
• Added HashHelper.(Try)GetAlgorithmName
• Added MacHelper.(Try)GetAlgorithmName
• Added ServerAuthOptions.AllowedMacAlgorithms
• Added PakeServerAuthOptions.AllowedMacAlgorithms
• Authentication protocols allow optional multiple MAC algorithms for client authentication now (they'll be set to the PAKE server options during authentication automatically, depending on what the client is sending)

Full Changelog: v1.24.0...v1.25.0

Version 1.24.0

Changes

Breaking changes

• Changed the RandomDataGenerator default seed handling to respect RND.SeedConsumer as the first possible target, before trying RNG.Generator
• Instead of /dev/urandom now /dev/random will be used (type/property/method names changed everywhere accordingly)
• RND.UseDevRandom must be set manually to true now (before it was set to the value of HasDevRandom)
• RND.SeedConsumer can now be an ISeedConsumer
• Now using RND for byte array clearing from the wan24-Core library

Additions

• Added DevRandomRng
• Added DevRandomStreamPool
• Added RND.DevRandomPool
• Added CryptoEnvironment.Options.DevRandomPool
• Added DevHwRng
• Added ISeedConsumer
• Added RngOnlineSeedTimer.SeedAsync
• Added HavegeRng
• CryptoEnvironment.Options.RandomGenerator accepts an IRng now
• CryptoEnvironment.Options.SeedConsumer accepts an ISeedConsumer now

Full Changelog: v1.23.0...v1.24.0

Version 1.23.0

Changes

Breaking changes

• Stores which use a binary ID use EquatableArray instead now

Additions

• Added CryptoOptions.MacPassword
• Added Rng, a RandomNumberGenerator implementation which overrides the static methods, too, and uses RND instead of the OS random number generator implementation of .NET
• Added RngExtensions which extend any RandomNumberGenerator and RandomDataGenerator instance
• Added RND.Add(URandom)Seed(Async) and RandomDataGenerator.AddSeed(Async)
• Added RngSeedingTypes
• Added ISeedableRng (which is implemented by RandomDataGenerator)
• Added RND.AutoRngSeeding and SeedConsumer
• Added CryptoEnvironment.Options.AutoRngSeeding and SeedConsumer
• Added CryptoOptions.RngSeeding
• Added RngSeedingStream
• Added RngSeederQueue
• Added RngOnlineSeedTimer for receiving RNG seed from an URI in an interval
• Added IRng
• RND.Generator accepts an IRng now
• Added SignedAttributes
• Added AsymmetricKeySigner
• Added AsymmetricKeySignerService
• Added CryptoEnvironment.Options.AsymmetricKeySigner
• Added CryptoEnvironment.Options.AsymmetricKeySignerService
• Added (Disposable)RngBase and (Disposable)SeedableRngBase
• Added (Disposable)XorRng
• Added RngAdapter
• Added ObjectEncryption
• Added IEncryptProperties and IEncryptPropertiesExt
• Added DekAttribute
• Added EncryptAttribute

Bugfixes

• Fixed store disposing
• Fixed asymmetric key disposing
• Fixed ServerAuth and ClientAuth signature validation not disposing created signer key instances

Full Changelog: v1.22.0...v1.23.0