Skip to content

Releases: secure-systems-lab/securesystemslib

v1.3.1

26 Sep 09:44
@github-actions github-actions
v1.3.1
6f77419
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.3.1 Latest
Latest

See CHANGELOG.md for details.

Assets 4
Loading

v1.3.0

15 Apr 10:05
@github-actions github-actions
v1.3.0
47f2715
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.3.0

See CHANGELOG.md for details.

Loading

v1.2.0

03 Dec 09:32
@github-actions github-actions
v1.2.0
8b258c2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.2.0

See CHANGELOG.md for details.

Loading

v1.1.0

04 Jun 12:02
@github-actions github-actions
v1.1.0
c70d7be
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.1.0

See CHANGELOG.md for details.

Loading

v1.0.0

02 May 10:56
@github-actions github-actions
v1.0.0
1092ac6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.0

See CHANGELOG.md for details.

Loading

v0.31.0

04 Dec 08:55
@github-actions github-actions
v0.31.0
cc0ead6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.31.0

See CHANGELOG.md for details.

Loading

0.30.0

03 Oct 10:56
@jku jku
v0.30.0
fe0cf39
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
0.30.0

This release contains improved Sigstore support.

Changed

  • SigstoreSigner adapted to sigstore-python 2.0 API: This allows
    improved UX where a new signing identity can be defined using
    interactive credentials (browser login):
    SigstoreSigner.import_via_auth()
  • Documentation improvements

Removed

  • Python 3.7 is no longer supported
Loading

0.29.0

06 Sep 11:36
@jku jku
v0.29.0
03f4ad8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
0.29.0

This release is reaping the rewards of the new signer API with four(!) new
signing methods: Two cloud based KMSs, post-quantum crypto support and a
"keyless" signing system.

Advance notice to folks using the keys, ecdsa_keys, rsa_keys and
ed25519_keys modules: these modules are headed for deprecation. Please have
a look at the signer API and get in touch if the functionality you need
isn't there (or if more documentation is needed).

Added

  • Sigstore as a new experimental signing method (#552)
  • SPHINCS+ as a new experimental signing method (#568)
  • Azure Key Vault as a new signing method (#588)
  • AWS KMS as a new signing method (#609)
  • CryptoSigner as a more featureful replacement for SSLibSigner (#604)
  • Documentation that focuses on the signer API (#634, #622)

Changed

  • SSLibSigner has been deprecated: Please use CryptoSigner instead (#604)
  • keys module is not used for signature verification in signer API (#585)
  • Various minor fixes, please see git log for details

New Contributors

Full Changelog: v0.28.0...v0.29.0

Contributors

ianhundere, kommendorkapten, and malancas
Loading

v0.28.0

18 Apr 13:05
@lukpueh lukpueh
v0.28.0
88a3df2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.28.0

Added

  • Signer: auto-keyid helper (#557)
  • Signer: de/serialization helpers (#558)
  • Signer: tests (#555, #556)
  • Sigstore Signer: import methods (#535)

Changed

  • HSMSigner: pre-hash data (#548)
  • GCP Signer, HSM Signer: auto-keyid computation (#557)
  • DSSE: serialize signature data as base64 for compliance (#565)

Removed

  • Obsolete shebangs (#544, #545)
  • Outdated schemes: md5, sha1 (#554)

Fixed

Loading

v0.27.0

14 Mar 15:06
@lukpueh lukpueh
v0.27.0
a22cbba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.27.0

Added

  • EXPERIMENTAL DSSE implementation (#487)
  • EXPERIMENTAL sigstore signer and verifier (#522)
  • Minimal TUF/in-toto spec-compliant GPG verifier (#488)
  • API-typical 'import' and 'from URI' GPG signer methods (#488)

Changed

  • Require public key in GPG signer and disallow subkey signatures (#488)
  • Increase GPG subprocess timeout (#502)
  • Rename default branch to 'main' (#523)
  • Make HSM signer URI configurable (#526)
  • Allow tox to skip virtual HSM tests (#528)
  • Strip PEM keys to compute keyids consistently (#453)

Removed

  • Internal GPG version utils (#504)
  • Custom subprocess interface (#505)
  • Vendored ssl module (#506)

Fixed

  • Windows compatibility issues and re-enable Windows CI (#518)
  • GPG subprocess timeout configurability (#502)
Loading