Python-pyhsm NEWS -- History of user-visible changes.          -*- outline -*-

* Version 1.0.4f (released 2013-04-12)

** Fix failing test.

** Support URLs in device field, for more info see:
http://pyserial.sourceforge.net/pyserial_api.html#serial.serial_for_url

** Added yhsm-daemon.

* Version 1.0.4e (released 2013-04-06)

** yhsm-decrypt-aead: For yubikey-csv output, fix prefix field.
Before the prefix was set to the AEAD nonce which is only correct for
old style AEAD files.  Now it uses the AEAD filename for the prefix
field.

** yhsm-decrypt-aead: Improve diagnostic messages.
Errors and warnings are now printed to standard error.  The count of
number of failed and processsed AEADs should now be accurate.

* Version 1.0.4d (released 2013-03-18)

** Fix so that yhsm-yubikey-ksm can work with the older format.

* Version 1.0.4c (released 2013-03-18)

** When doing OTP verification, if a nonce is written to the AEAD file
use that for decryption, not public id.

** yhsm-import-keys: add --random-nonce for using hsm generated nonce.

** yhsm-generate-keys: add --random-nonce for using hsm generated nonce.

* Version 1.0.4b (released 2013-02-11)

** yhsm-import-keys: Support soft HSM AEAD generation.
** yhsm-import-keys: Ignore lines starting with #.
** yhsm-import-keys: Block all-zero (ccc...c) keys.

** yhsm-decrypt-keys: Support generating AEADs.
** yhsm-decrypt-keys: Ignores non-modhex files in AEAD directory trees.

** yhsm-generate-keys: Bugfix that caused AEAD generation to fail.
** yhsm-generate-keys: Bugfix that caused wrong nonce to be used.
** yhsm-generate-keys: Prevent generating all-zero (ccc...c) keys.

** Added this NEWS file, based on debian/changelog in the Debian package.

* Version 1.0.4a (released 2012-06-26)

** Enable IPv6 --addr for network servers.

** Verifies communication with YubiHSM on initialization.

* Version 1.0.4 (released 2012-06-21)

** Match firmware 1.0.4.
Firmware adds flag YSM_USER_NONCE to address security problem
for some usages where AEADs could be decrypted by an attacker
capable of generating new AEADs.

** New file format for stored AEADs (code loading AEADs is backwards
** compatible), including key handle and nonce.

** AES CCM implementation compatible with YubiHSM in software, for
** transparency and to enable willfull decryption of AEADs.

** Tools to generate YubiKey secrets into AEADs as well as decrypt
** them to enable provisioning YubiKeys with the secrets.

* Version 1.0.3c (released 2012-01-05)

** First public release.
