## Changelog

### 0.17.0 [2023-05-01]

#### General

* Added support for hidden recipient during decryption.
* Added support for AEAD-OCB for OpenSSL backend.
* Improve support for offline secret keys during default key selection.
* Support for GnuPG 2.3+ secret key store format.
* SExp parsing code is moved to separate library, https://github.com/rnpgp/sexp.
* Mark subkeys as expired instead of invalid if primary key is expired.
* AEAD: use OCB by default instead of EAX.
* Do not attempt to validate signatures of unexpected types.
* Use thread-safe time and date handling functions.
* Added ENABLE_BLOWFISH, ENABLE_CAST5 and ENABLE_RIPEMD160 build time options.
* Do not use `EVP_PKEY_CTX_set_dsa_paramgen_q_bits()` if OpenSSL backend version is < 1.1.1e.
* Corrected usage of CEK/KEK algorithms if those differs.

#### FFI

* Added function `rnp_signature_export()`.
* Added flag `RNP_VERIFY_ALLOW_HIDDEN_RECIPIENT` to `rnp_op_verify_set_flags()`.

#### CLI

* Added default armor message type for `--enarmor` command.
* Added command `--set-filename` to specify which file name should be stored in message.
* Added `--add-subkey` subcommand to the `--edit-key`.
* Added `set-expire` subcommand to the `--edit-key`.
* Added `--s2k-iterations` and `--s2k-msec` options to the `rnp`.
* Added `--allow-weak-hash` command to allow usage of weak hash algorithms.
* Report number of new/updated keys during the key import.

### 0.16.3 [2023-04-11]

#### Security

* Fixed issue with possible hang on malformed inputs (CVE-2023-29479).
* Fixed issue where in some cases, secret keys remain unlocked after use (CVE-2023-29480).

### 0.16.2 [2022-09-20]

#### General

* Fixed CMake issues with ENABLE_IDEA and ENABLE_BRAINPOOL.

### 0.16.1 [2022-09-06]

#### General

* Ensure support for RHEL9/CentOS Stream 9/Fedora 36, updating OpenSSL backend support for v3.0.
* Optional import and export of base64-encoded keys.
* Optional raw encryption of the data.
* Optional overriding of the current timestamp.
* Do not fail completely on unknown signature versions.
* Do not fail completely on unknown PKESK/SKESK packet versions.
* Support armored messages without empty line after the headers.
* Added automatic feature detection based on backend.

#### Security

* Separate security rules for the data and key signatures, extending SHA1 key signature support till the Jan, 19 2024.
* Set default key expiration time to 2 years.
* Limit maximum AEAD chunk bits to 16.

#### FFI

* Changed behaviour of `rnp_op_verify_execute()`: now it requires single valid signature to succeed.
* Added function `rnp_op_verify_set_flags()` to override default behaviour of verification.
* Added function `rnp_key_is_expired()`.
* Added function `rnp_op_encrypt_set_flags()` and flag `RNP_ENCRYPT_NOWRAP` to allow raw encryption.
* Added flag `RNP_LOAD_SAVE_BASE64` to the function `rnp_import_keys()`.
* Added flag `RNP_KEY_EXPORT_BASE64` to the function `rnp_key_export_autocrypt()`.
* Added function `rnp_set_timestamp()` to allow to override current time.
* Update security rules functions with flags `RNP_SECURITY_VERIFY_KEY` and `RNP_SECURITY_VERIFY_DATA`.

#### CLI

* Make password request more verbose.
* Print `RSA` instead of `RSA (Encrypt and Sign)` in the key listing to avoid confusion.
* Added option `--source` to specify detached signature's source file.
* Added option `--no-wrap` to allow raw data encryption.
* Added option `--current-time` to allow to override current timestamp.
* Strip known extensions (like `.pgp`, `.asc`, etc.) when decrypting or verifying data.
* Display key and signature validity status in the key listing.
* Do not attempt to use GnuPG's config to set default key.

### 0.16.0 [2022-01-20]

#### General

* Added support for OpenSSL cryptography backend so RNP may be built and used on systems without the Botan installed.
* Added compile-time switches to disable certain features (AEAD, Brainpool curves, SM2/SM3/SM4 algorithms, Twofish)
* Fixed possible incompatibility with GnuPG on x25519 secret key export from RNP to GnuPG.
* Fixed building if Git is not available.
* Fixed export of non-FFI symbols from the rnp.so/rnp.dylib.
* Fixed support for Gnu/Hurd (absence of PATH_MAX).
* Added support for `None` compression algorithm.
* Added support for the dumping of notation data signature subpackets.
* Fixed key expiration time calculation in the case with newer non-primary self-certification.
* Improved performance of key import (no key material checks)

#### Security

* Added initial support for customizable security profiles.
* Mark SHA1 signatures produced later than 2019-01-19, as invalid.
* Mark MD5 signatures produced later than 2012-01-01, as invalid.
* Remove SHA1 and 3DES from the default key preferences.
* Use SHA1 collision detection code when using SHA1.
* Mark signatures with unknown critical notation as invalid.
* Do not prematurely mark secret keys as valid.
* Validate secret key material before the first operation.
* Limit the number of possible message recipients/signatures to a reasonable value (16k).
* Limit the number of signature subpackets during parsing.

#### FFI

* Added functions `rnp_backend_string()` and `rnp_backend_version()`.
* Added functions `rnp_key_25519_bits_tweaked()` and `rnp_key_25519_bits_tweak()` to check and fix x25519 secret key bits.
* Added security profile manipulation functions: `rnp_add_security_rule()`, `rnp_get_security_rule()`, `rnp_remove_security_rule()`.
* Added function `rnp_signature_get_expiration()`.
* Deprecate functions `rnp_enable_debug()`/`rnp_disable_debug()`.

#### CLI

* Write new detailed help messages for `rnp` and `rnpkeys`.
* Added `-` (stdin) and `env:VAR_NAME` input specifiers, as well as `-` (stdout) output specifier.
* Do not fail with empty keyrings if those are not needed for the operation.
* Added algorithm aliases for better usability (i.e. `SHA-256`, `SHA256`, etc.).
* Added option `--notty` to print everything to stdout instead of TTY.
* Added command `--edit-key` with subcommands `--check-cv25519-bits` and `--fix-cv25519-bits`.
* Remove support for `-o someoption=somevalue`, which is unused.
* Remove no longer used support for additional debug dumping via `--debug source.c`.

### 0.15.2 [2021-07-20]

#### General

* Be less strict in userid validation: allow to use userids with self-signature, which has key expiration in the past.
* Do not mark signature as invalid if key which produced it is expired now, but was valid during signing.
* Fix incorrect key expiration calculation in some cases.
* Fix incorrect version number in the `version.txt`.

#### FFI

* Add function `rnp_key_get_default_key()` to pick the default key/subkey for the specific operation.
* Allow to pass NULL hash parameter to `rnp_key_add_uid()` to pick the default one.
* Use the same approach as in `rnp_op_encrypt_add_recipient()` for encryption subkey selection in `rnp_key_export_autocrypt()`.

#### CLI

* `rnp`: Show error message if encryption failed.
* `rnpkeys` : Add `--expiration` option to specify expiration time during key generation.

### 0.15.1 [2021-05-28]

#### General

* Make man pages building optional.
* Fixed updating of expiration time for a key with multiple user ids.
* Fixed key expiry check for keys valid after the year 2038.
* Pick up key expiration time from direct-key signature or primary userid certification if available.

#### FFI

* Added function `rnp_key_valid_till64()` to correctly handle keys which expire after the year 2038.
* Added `RNP_FEATURE_*` defines to be used instead of raw strings.

#### Security

* Fixed issue with cleartext key data after the `rnp_key_unprotect()`/`rnp_key_protect()` calls (CVE-2021-33589).

### 0.15.0 [2021-04-04]

#### General

* Added CMake options to allow offline builds, i.e. without Googletest/ruby-rnp downloads.
* Removed major library version from the library name (librnp-0.so/dll -> librnp.so/dll).
* Improved handling of cleartext signatures, when empty line between headers and contents contains some whitespace characters.
* Relaxed requirements for the armored messages CRC (allow absence of the CRC, and issue warning instead of complete failure).
* Updated build instructions for MSVC.
* Improved support of 32-bit platforms (year 2038 problem).

#### CLI

* Added up-to-date manual pages for `rnp` and `rnpkeys`.
* rnpkeys: added `--remove-key` command.

#### FFI

* Added up-to-date manual page for `librnp`.
* Added function `rnp_signature_remove`
* Added function `rnp_uid_remove`
* Added function `rnp_key_remove_signatures` for batch signature removal and filtering.

### 0.14.0 [2021-01-15]

#### General

* Improved key validation: require to have at least one valid, non-expiring self signature.
* Added support for 'stripped' keys without userids and certifications but with valid subkey binding signature.
* Added support for Windows via MinGW/MSYS2.
* Added support for Windows via MSVC.
* Fixed secret key locking when it is updated with new signatures/subkeys.
* Fixed key expiry/flags calculation (take in account only the latest valid self-signature/subkey binding).
* Fixed MDC reading if it appears on 8k boundary.
* Disabled logging by default in release builds and added support for environment variable `RNP_LOG_CONSOLE` to enable it back.
* Fixed leading zeroes for secp521r1 b & n field constants.
* Allowed keys and signatures with invalid MPI bit count.
* Added support for private/experimental signature subpackets, used by GnuPG and other implementations.
* Added support for reserved/placeholder signatures.
* Added support for zero-size userid/attr packet.
* Relaxed packet dumping, ignoring invalid packets and allowing to find wrong packet easier.
* Improved logging of errored keys/subkeys information for easier debugging.
* Fixed support for old RSA sign-only/encrypt-only and ElGamal encrypt-and-sign keys.
* Fixed support for ElGamal keys larger then 3072 bits.
* Fixed symbol visibility so only FFI functions are exposed outside of the library.
* Added support for unwrapping of raw literal packets.
* Fixed crash with non-detached signature input, fed into the `rnp_op_verify_detached_create()`.
* Significantly reduced memory usage for the keys large number of signatures.
* Fixed long armor header lines processing.
* Added basic support for GnuPG's offline primary keys (`gnupg --export-secret-subkeys`) and secret keys, stored on card.
* Fixed primary key binding signature validation when hash algorithm differs from the one used in the subkey binding signature.
* Fixed multiple memory leaks related to invalid algorithms/versions/etc.
* Fixed possible crashes during processing of malformed armored input.
* Limited allowed nesting levels for OpenPGP packets.
* Fixed support for text-mode signatures.
* Replaced strcpy calls with std::string and memcpy where applicable.
* Removed usage of mktemp, replacing it with mkstemp.
* Replaced usage of deprecated `botan_pbkdf()` with `botan_pwdhash()`.
* Added support for the marker packet, issued by some implementations.
* Added support for unknown experimental s2ks.
* Fixed armored message contents detection (so armored revocation signature is not more reported as the public key).
* Changed behaviour to use latest encryption subkey by default.
* Fixed support for widechar parameters/file names on Windows.
* Implemented userid validity checks so only certified/non-expired/non-revoked userid may be searched.
* Fixed GnuPG compatibility issues with CR (`\r`) characters in text-mode and cleartext-signed documents.
* Improved performance of the key/uid signatures access.
* Migrated tests to the Python 3.
* Migrated most of the internal code to C++.

#### CLI

* Do not load keyring when it is not required, avoiding extra `keyring not found` output.
* Input/output data via the tty, if available, instead of stdin/stdout.
* Fixed possible crash when HOME variable is not set.
* rnpkeys: Added `--import-sigs` and changed behavior of `--import` to check whether input is key or signature.
* rnpkeys: Added `--export-rev` command to export key's revocation, parameters `--rev-type`, `--rev-reason`.
* rnpkeys: Added `--revoke-key` command.
* rnpkeys: Added `--permissive` parameter to `--import-keys` command.
* rnpkeys: Added `--password` options, allowing to specify password and/or generate unprotected key.

#### FFI

* Added keystore type constants `RNP_KEYSTORE_*`.
* Added `rnp_import_signatures`.
* Added `rnp_key_export_revocation`.
* Added `rnp_key_revoke`.
* Added `rnp_request_password`.
* Added `rnp_key_set_expiration` to update key's/subkey's expiration time.
* Added flag `RNP_LOAD_SAVE_PERMISSIVE` to `rnp_import_keys`, allowing to skip erroneous packets.
* Added flag `RNP_LOAD_SAVE_SINGLE`, allowing to import keys one-by-one.
* Added `rnp_op_verify_get_protection_info` to check mode and cipher used to encrypt message.
* Added functions to retrieve recipients information (`rnp_op_verify_get_recipient_count`, `rnp_op_verify_get_symenc_count`, etc.).
* Added flag `RNP_KEY_REMOVE_SUBKEYS` to `rnp_key_remove` function.
* Added function `rnp_output_pipe` allowing to write data from input to the output.
* Added function `rnp_output_armor_set_line_length` allowing to change base64 encoding line length.
* Added function `rnp_key_export_autocrypt` to export public key in autocrypt-compatible format.
* Added functions to retrieve information about the secret key's protection (`rnp_key_get_protection_type`, etc.).
* Added functions `rnp_uid_get_type`, `rnp_uid_get_data`, `rnp_uid_is_primary`.
* Added function `rnp_uid_is_valid`.
* Added functions `rnp_key_get_revocation_signature` and `rnp_uid_get_revocation_signature`.
* Added function `rnp_signature_get_type`.
* Added function `rnp_signature_is_valid`.
* Added functions `rnp_key_is_valid` and `rnp_key_valid_till`.
* Added exception guard to FFI boundary.
* Fixed documentation for the `rnp_unload_keys` function.

#### Security

* Removed version header from armored messages (see https://mailarchive.ietf.org/arch/msg/openpgp/KikdJaxvdulxIRX_yxU2_i3lQ7A/ ).
* Enabled fuzzing via oss-fuzz and fixed reported issues.
* Fixed a bunch of issues reported by static analyzer.
* Require at least Botan 2.14.0.

### 0.13.1 [2020-01-15]
#### Security

* rnpkeys: Fix issue #1030 where rnpkeys would generate unprotected secret keys.

### 0.13.0 [2019-12-31]
#### General

* Fixed a double-free on invalid armor headers.
* Fixed broken versioning when used as a git submodule.
* Fixed an infinite loop on parsing truncated armored keys.
* Fixed armored stream parsing to be more flexible and allow blank lines before trailer.
* Fixed the armor header for detached signatures (previously MESSAGE, now SIGNATURE).
* Improved setting of default qbits for DSA.
* Fixed a crash when retrieving signature revocation reason.
* Stop using expensive tests for key material validation.

#### CLI

* rnpkeys: Removed a few redundant commands (--get-key, --print-sigs, --trusted-keys, ...).
* rnpkeys: Added --secret option.
* rnpkeys: Display 'ssb' for secret subkeys.
* rnp: Added `--list-packets` parameters (`--json`, etc.).
* rnp: Removed `--show-keys`.

#### FFI

* Added `rnp_version_commit_timestamp` to retrieve the commit timestamp
  (for non-release builds).
* Added a new (non-JSON) key generation API (`rnp_op_generate_create` etc.).
* Added `rnp_unload_keys` function to unload all keys.
* Added `rnp_key_remove` to unload a single key.
* Expanded bit length support for JSON key generation.
* Added `rnp_key_get_subkey_count`/`rnp_key_get_subkey_at`.
* Added various key property accessors (`rnp_key_get_bits`, `rnp_key_get_curve`).
* Added `rnp_op_generate_set_protection_password`.
* Added `rnp_key_packets_to_json`/`rnp_dump_packets_to_json`.
* Added `rnp_key_get_creation`, `rnp_key_get_expiration`.
* Added `rnp_key_get_uid_handle_at`, `rnp_uid_is_revoked`, etc.
* Added `rnp_key_is_revoked` and related functions to check for revocation.
* Added `rnp_output_to_path` and `rnp_output_finish`.
* Added `rnp_import_keys`.
* Added `rnp_calculate_iterations`.
* Added `rnp_supports_feature`/`rnp_supported_features`.
* Added `rnp_enable_debug`/`rnp_disable_debug`.
* Added `rnp_key_get_primary_grip`.
* Added `rnp_output_to_armor`.
* Added `rnp_op_generate_set_request_password`.
* Added `rnp_dump_packets_to_output`.
* Added `rnp_output_write`.
* Added `rnp_guess_contents`.
* Implemented `rnp_op_set_file_name`/`rnp_op_set_file_mtime`.
* Added `rnp_op_encrypt_set_aead_bits`.
* Added `rnp_op_verify_signature_get_handle`.
* Added `rnp_signature_packet_to_json`.

#### Packaging

* RPM: Split packages into librnp0, librnp0-devel, and rnp0.

### 0.12.0 [2019-01-13]
#### General

* We now require Botan 2.8+.
* Fixed key grip calculations for various key types.
* Fixed SM2 signatures hashing the hash of the message. See comment in issue #436.
* Added support for G10 ECC keys.
* Fixed dumping of partial-length packets.
* Added support for extra ECC curves:
  * Brainpool p256, p384, p512 ECDSA/ECDH
  * secp256k1 ECDSA/ECDH
  * x25519
* Fixed AEAD with newer versions of Botan.
* Removed a lot of legacy code.

#### CLI

* rnp: Added -f/--keyfile option to load keys directly from a file.
* rnp: Fixed issue with selecting G10 secret keys via userid.
* rnpkeys: Added support for SM2 with arbitrary hashes.
* redumper: Added -g option to dump fingerprints and grips.
* redumper: Display key id/fingerprint/grip in packet listings.

#### FFI

* Added FFI examples.
* Fixed a regression with loading subkeys directly.
* Implemented support for per-signature hash and creation/expiration time.
* Added AEAD support.

### 0.11.0 [2018-09-16]
#### General

* Remove some old SSH key support.
* Add support for dynamically calculating the S2K iterations.
* Add support for extracting the public key from the secret key.
* Add support for merging information between keys.

#### CLI

* Add options for custom S2K iterations/times (dynamic by default).

### 0.10.0 [2018-08-20]
#### General

* Fixed some compiler warnings.
* Switched armoring to use PRIVATE KEY instead of SECRET KEY.

#### ECDSA

* Use the matching hash to be used for the deterministic nonce generation.
* Check that the input is of the expected length.
* Removed the code to truncate the ECDSA input since this is now handled by Botan.

#### FFI

* Added enarmor and dearmor support.
* Added library version retrieval.
* Removed rnp_export_public_key, added rnp_key_export.


### 0.9.2 [2018-08-13]
#### General

* Support for generation and verification of embedded signature subpacket for signing subkeys
* Verification of public key signatures and key material
* Improved performance of asymmetric operations (key material is now validated on load)

#### FFI

* Fixed `rnp_op_add_signature` for G10 keys


### 0.9.1 [2018-07-12]
#### General

* Added issuer fingerprint to certifications and subkey bindings.

#### CLI

* Added support for keyid/fpr usage with (some) spaces and 0x prefix in
  operations (`--sign`, etc).

#### FFI

* Fixed key search by fingerprint. 


### 0.9.0 [2018-06-27]
* First official release.