- Support for '/key-capsules' OAS v2.1.0 in cdoc2-client and cdoc2-cli (added
-expoption) - cli: Improvements to interactive password asking (Don't ask password twice for decrypt). Label is not required, when CDOC2 file contains single password recipient.
- Add example project to demonstrate usage of cdoc2-java-ref-impl with cdoc4j (convert cdoc -> cdoc2)
- Expose Prometheus metrics endpoint for servers
- Split repository into cdoc2-java-ref-impl and cdoc2-capsule-server
- Upgraded Spring 2.7.5 -> 3.2.5 + other third-party dependency updates
- Use 'cdoc2' instead of 'cdoc20' everywhere (packages, documents etc). Salt strings remain unchanged (cdoc20kek, cdoc20cek and so)
- Fix jacoco test coverage reports (broken previously)
- Add gitlab CI build files
- Added scripts for making releases and managing versions (see VERSIONS.md)
- Refactoring required to build cdoc2-capsule-server repo without cdoc2-lib dependency (cdoc2-lib dependency is still needed for running tests )
- Upload/consume cdoc2-key-capsule-openapi.yaml as maven artifact
- Added bats tests to check backward compatibility of CDOC2 format with previous releases
- With rename cdoc20-cdoc2 salts values were also incorrectly changed. Broke backward compatibility. Fixed before release 1.2.0
- Added possibility to encrypt and decrypt CDOC2 container with password.
- Removed an option for Symmetric Key creation from plain text, left only Base64 encoded format.
- Added CDOC2 container re-encryption functionality for long-term cryptography.
- Added Bats tests automatic installation.
- Fixed CDOC2 container decryption failure with few files inside.
No changes, only version update in all components.
- Added Jenkins pipeline for uploading CDOC2 jar artifacts to RIA Nexus repository
- Update and run key server instances also on cdoc2-keyserver-02.dev.riaint.ee host
- Rewrite tar processing/ChaCha decryption so that Poly1305 MAC is always checked (even when zlib/tar processing errors happen)
- Added sample CDOC2 containers with keys and configuration files
- Added Unicode Right-To-Left Override (U+202E) to forbidden characters
- Incomplete CDOC container file is removed, when creation of CDOC container fails
- Remove keyserver secrets logging from CLI debug log
- client authenticate certificate revocation checks (OCSP) for get-server
- enable monitoring endpoints, see cdoc2-server/admin-guide.md
- only tls v1.3 is supported by servers
- remove deprecated ecc-details API
- gatling-tests updates
- constraint violation in OpenAPI spec are reported as http 400 (previously http 500)
- Add error codes for common user errors
- Gatling test updates
Switch to semantic versioning
- Enable POSIX (PAX) extension for tar:
- support long filenames (over 100 bytes)
- support big file sizes (over 8GB)
- always use utf-8 in filenames (even, when platform default is not utf-8)
- Synchronize flatbuffers schema files with Specification v0.7
- Symmetric Key scenario implementation
- Added
cdoc infocli command that lists recipients in CDOC header
- RSA-OAEP server scenario implementation
- Client uses cdoc2-key-capsules API to create/download key capsules
- Server configuration changes for client (single configuration file for create and decrypt
--serverconfiguration) - E-Resident certificate support (find e-resident certificate from SK LDAP)
- Basic filename validation in container (illegal symbols and filenames)
- CLI supports certificate and private key loading from .p12 file (PKCS12)
cdoc listcommand supports--serveroption
- Use RsaPublicKey encoding (RFC8017 RSA Public Key Syntax (A.1.1)) instead of X.509 (Java default encoding)
- Added support for RSA keys in key server
- Added support for 2 key server instances when using cdoc2-cli
- Added key server administration manual
- Support for creating and decrypting CDOC2 documents with RSA keys
- Improved Recipient.KeyLabel field support in cdoc2-lib (PublicKey used for encryption is paired with keyLabel)
- Removed cdoc2-cli -ZZ hidden feature (disable compression for payload)
- Added additional EC infinity point (X: null, Y: null) checks and tests
- The key server is composed of 2 server instances, each with its own configuration.
- The API for creating key capsules does not require client authentication (mTLS).
- Minimal support for Recipient.KeyLabel in FBS header (field is present in FB header, but lib is not filling its value with info from recipient certificate)
- Upgrade flatbuffers-java to version 2.0.8
- Move gatling-tests to main branch
- Key exchange server implementation
- CLI and libary support for key scenario
- Server OpenAPI changes (more strict string format for recipient_pub_key and server_pub_key fields)
- Refactor EllipticCurve code so that EC curve is created from certificate or public key. Interface support other EC curves besides secp384r1. No actual support for other curves implemented yet.
- Generate sender key pair to for recipient public key. Remove option to use pre-generated sender key pair
- Support for decrypting with private decryption key from PKCS11 (support for id-kaart)
- Support for downloading recipient Esteid certificate from SK LDAP
- Documentation updates
- First version server OpenAPI specification
- Use zlib compression instead of gzip compression
- Delete all files, when decryption fails (last file was not deleted)
- EllipticCurve was incorrectly created from fmkEncryption method not Details.EccPublicKey curve (no actual error as both had same byte value).
- Create/decrypt Cdoc2 files with software generated EC keys