mirror of
https://github.com/danbulant/jose
synced 2026-05-25 13:01:49 +00:00
17 KiB
17 KiB
Change Log
All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
1.21.1 (2020-01-25)
Bug Fixes
- contactKDF iteration count fixed for key sizes larger than 256 bits (70ff222)
1.21.0 (2020-01-23)
Bug Fixes
- typescript: don't expose non existant classes, fix decode key (0f8bf88)
Features
- add opt-in support for Unsecured JWS algorithm "none" (3a6d17f)
1.20.0 (2020-01-16)
Features
1.19.0 (2020-01-13)
Features
- exposed shorthands for JWT verification profiles (b1864e3)
1.18.2 (2020-01-08)
Bug Fixes
- ensure asn1.js version to remove Buffer deprecation notice (13b1106)
- expose JOSENotSupported key import errors on unsupported runtimes (bc81e5d)
- typo in JOSENotSupported error when x509 certs are not supported (bb58c9c)
1.18.1 (2020-01-01)
Bug Fixes
- force iat past check when maxTokenAge option is used + JWT refactor (828ad5a)
1.18.0 (2019-12-31)
Features
- add JWT validation profiles for Access Tokens and Logout Tokens (7bb5c95)
1.17.2 (2019-12-17)
Bug Fixes
- skip validating iat is in the past when exp is present (0ed5025)
1.17.1 (2019-12-10)
Bug Fixes
- properly fail to import unsupported openssh keys (bee5744)
1.17.0 (2019-12-10)
Features
1.16.2 (2019-12-05)
Bug Fixes
1.16.1 (2019-12-05)
Bug Fixes
- allow PBES2 for the correct JWK
usevalues (f0d7194)
1.16.0 (2019-12-04)
Features
1.15.1 (2019-11-30)
Bug Fixes
- typescript: export Key Input types (0277fcd)
1.15.0 (2019-11-27)
Bug Fixes
- default JWT.sign
kidoption value is false for HMAC signatures (ce77388)
Features
- allow JWK.asKey inputs for sign/verify/encrypt/decrypt operations (5e1009a)
1.14.0 (2019-11-26)
Features
- allow JWKS.KeyStore .all and .get to filter for key curves (ea60338)
1.13.0 (2019-11-23)
Features
- return the CEK from JWE.decrypt operation with { complete: true } (c3eb845)
1.12.1 (2019-11-14)
1.12.0 (2019-11-05)
Features
- add JWS.verify encoding and parsing options (6bb66d4)
1.11.0 (2019-11-03)
Features
- expose crypto.KeyObject instances in supported runtimes (8ea9683)
1.10.2 (2019-10-29)
Bug Fixes
- only use secp256k1 keys for signing/verification (9588223)
1.10.1 (2019-10-04)
Bug Fixes
1.10.0 (2019-10-01)
Features
- rename package (26f4cf2)
1.9.2 (2019-09-16)
Bug Fixes
1.9.1 (2019-09-10)
1.9.0 (2019-08-24)
Features
- allow JWKS.asKeyStore to swallow errors (78398d3)
1.8.0 (2019-08-22)
Features
- added Node.js lts/dubnium support for runtime supported features (67a8601)
1.7.0 (2019-08-20)
Features
1.6.1 (2019-07-29)
Bug Fixes
- properly pad calculated RSA primes (dd121ce)
1.6.0 (2019-07-27)
Bug Fixes
- use the correct ECPrivateKey version when importing EC JWK (24acd20)
Features
- electron v6.x support (e7ad82c)
1.5.2 (2019-07-27)
Bug Fixes
- importing x5c in electron requires the input split (181fd09)
1.5.1 (2019-07-27)
Bug Fixes
- correctly pad integers when importing RSA JWK (1dc7f35)
1.5.0 (2019-07-23)
Features
- validate JWTs according to a JWT profile - ID Token (6c98b61)
1.4.1 (2019-07-14)
Bug Fixes
1.4.0 (2019-07-08)
Features
- add secp256k1 EC Key curve and ES256K (211d7af)
1.3.0 (2019-06-21)
Features
- compute private RSA key p, q, dp, dq, qi when omitted (6e3d6fd), closes #26
- add support for JWK x5c, x5t and x5t#S256 (9d46c48)
- instances of JWKS.KeyStore are now iterable (e.g. for ... of) (2eae293)
Bug Fixes
- limit calculation of missing RSA private components (5b53cb0)
- reject rsa keys without all factors and exponents with a specific message (b0ff436)
Deprecations
- this deprecates the use of
JWK.importKeyin favor ofJWK.asKey - this deprecates the use of
JWKS.KeyStore.fromJWKSin favor ofJWKS.asKeyStore
Both JWK.importKey and JWKS.KeyStore.fromJWKS could have resulted
in the process getting blocked when large bitsize RSA private keys
were missing their components and could also result in an endless
calculation loop when the private key's private exponent was outright
invalid or tampered with.
The new methods still allow to import private RSA keys with these optimization key parameters missing but it is disabled by default and one should choose to enable it when working with keys from trusted sources
It is recommended not to use jose versions with this feature in
its original on-by-default form - v1.1.0 and v1.2.0
1.0.2 (2019-05-13)
Bug Fixes
1.0.1 (2019-04-27)
Bug Fixes
- oct key ts "k" type fix (0750d2c)
1.0.0 (2019-04-23)
Bug Fixes
- fail to import invalid PEM formatted strings and buffers (857dc2b)
Features
- add JWK key_ops support, fix .algorithms() op returns (23b874c)
- add key.toPEM() export function with optional encryption (1159b0d)
- add OKP Key and EdDSA sign/verify support (2dbd3ed), closes #12
BREAKING CHANGES
- key.algorithms(op) un+wrapKey was split into correct wrapKey/unwrapKey/deriveKey returns
- keystore.all and keystore.get
operationoption was removed,key_ops: string[]supersedes it - Node.js minimal version is now v12.0.0 due to its added EdDSA support (crypto.sign, crypto.verify and eddsa key objects)
0.12.0 (2019-04-07)
Reverts
- add EC P-256K JWK and ES256K sign/verify support (e21fea1)
BREAKING CHANGES
- removing ES256K alg and EC P-256K crv support until the IETF WG decides on what the final names will be.
0.11.5 (2019-04-04)
Features
- add key.secret and key.type for completeness (2dd7053)
- add key.thumbprint always returning the JWK Thumbprint (RFC7638) (65db7e0)
0.11.4 (2019-03-28)
Bug Fixes
- properly restrict EC curves in generate(Sync) (764b863)
- remove unintended exposure of private material via enumerables (946d9df)
0.11.3 (2019-03-27)
Bug Fixes
- throw on unsupported EC curves (cfa4222)
Features
- add EC P-256K JWK and ES256K sign/verify support (2e33e1c)
0.11.2 (2019-03-19)
Bug Fixes
- internal symbol method is now really a symbol (925d47c)
- key.toJWK() fixed on windows (57f1692), closes #17
0.11.1 (2019-03-17)
Bug Fixes
- restrict RS key algorithms by the key's bit size (9af295b)
0.11.0 (2019-03-16)
Bug Fixes
- all JWA defined RSA operations require key of 2048 or more (cc70c5d)
- use correct salt length for RSASSA-PSS (e936d54)
BREAKING CHANGES
- all JWA defined RSA based operations require key size of 2048 bits or more.
0.10.0 (2019-03-12)
Bug Fixes
- do not list "dir" under wrap/unwrapKey operations (17b37d3)
Features
- keystore .all and .get operation option (d349ba9)
BREAKING CHANGES
- "dir" is no longer returned as wrap/unwrapKey key operation
0.9.2 (2019-03-05)
Bug Fixes
- "dir" is only available on keys with correct lengths (6854860)
- do not 'in' operator when importing keys as string (be3f4e4)
0.9.1 (2019-03-02)
Bug Fixes
- only import RSA, EC and oct successfully (e5e02fc)
0.9.0 (2019-03-02)
Initial release
Implemented Features
- JSON Web Signature (JWS) - RFC7515
- JSON Web Encryption (JWE) - RFC7516
- JSON Web Key (JWK) - RFC7517
- JSON Web Algorithms (JWA) - RFC7518
- JSON Web Token (JWT) - RFC7519
- JSON Web Key (JWK) Thumbprint - RFC7638
- JWS Unencoded Payload Option - RFC7797
| JWK Key Types | Supported | |
|---|---|---|
| RSA | ✓ | RSA |
| Elliptic Curve | ✓ | EC |
| Octet sequence | ✓ | oct |
| Serialization | JWS Sign | JWS Verify | JWE Encrypt | JWE Decrypt |
|---|---|---|---|---|
| Compact | ✓ | ✓ | ✓ | ✓ |
| General JSON | ✓ | ✓ | ✓ | ✓ |
| Flattened JSON | ✓ | ✓ | ✓ | ✓ |
| JWS Algorithms | Supported | |
|---|---|---|
| RSASSA-PKCS1-v1_5 | ✓ | RS256, RS384, RS512 |
| RSASSA-PSS | ✓ | PS256, PS384, PS512 |
| ECDSA | ✓ | ES256, ES384, ES512 |
| HMAC with SHA-2 | ✓ | HS256, HS384, HS512 |
| JWE Key Management Algorithms | Supported | |
|---|---|---|
| AES | ✓ | A128KW, A192KW, A256KW |
| AES GCM | ✓ | A128GCMKW, A192GCMKW, A256GCMKW |
| Direct Key Agreement | ✓ | dir |
| RSAES OAEP | ✓* | RSA-OAEP (*RSA-OAEP-256 is not supported due to its lack of support in Node.js) |
| RSAES-PKCS1-v1_5 | ✓ | RSA1_5 |
| PBES2 | ✓ | PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW |
| ECDH-ES | ✓ | ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW |
| JWE Content Encryption Algorithms | Supported | |
|---|---|---|
| AES GCM | ✓ | A128GCM, A192GCM, A256GCM |
| AES_CBC_HMAC_SHA2 | ✓ | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 |