Changes in earlier versions

Changes in Version 6.21 (27 May 2023):

• Added a new interface for Python 3 - seeA Python interface to CryptoSys API. Call CryptoSys API functions from your Python programs and access the functions directly from the command-line using the Python REPL.
• Added support for the cipher suite ASCON which was selected as the new standard for lightweight cryptography by NIST in 2023. This Toolkit provides Ascon authenticated encryption with associated data (AEAD) (Ascon-128 and Ascon-128a), hashing functionality (Ascon-Hash and Ascon-Hasha), and an extendable output function (XOF) (Ascon-Xof and Ascon-Xofa).
• Added the HASH_Length function.
• Added the new diagnostic functions API_Platform and API_ModuleInfo.
• Added new function CNV_ShortPathName to help handle filenames with "International" characters. See Filenames with "International" characters.
• Removed old VB.NET examples.

Changes in Version 6.20 (25 September 2021):

• Added new interface for C++ programmers using STL. No need to allocate or free any memory to use the C++ wrapper functions, just use strings and vectors.
• Added many new VBA wrapper functions. There is now a VBA wrapper function for all generic functions (Cipher, Hash, Mac, Compr, etc).
• Added new shorter-named synonyms for the VBA hex and base64 conversion functions cnvToHex, cnvFromHex, cnvToBase64 and cnvFromBase64, plus a convenient cnvBytesMid function that does the same operations on a byte array as the Mid function does on strings.
• Consolidated all the 32-bit and 64-bit VBA declarations and all the wrapper functions into the one module basCryptoSys.bas. The old files basCryptoSys64.bas, basCryptoSys64_32.bas and basCryptoSysWrappers.bas are no longer needed and indeed must not be used.
• Added new generic compression functions including the Zstandard compression algorithm from [RFC8878]. See COMPR_Compress and COMPR_Uncompress and their .NET, VBA and C++ equivalents.
• Added new functions CIPHER_EncryptBytes and CIPHER_DecryptBytes to replace deprecated CIPHER_EncryptBytes2 and CIPHER_DecryptBytes2. This has no effect on .NET methods or the VBA wrapper functions (it just gets rid of that "2").
• Streamlined the .NET interface functions to replace some overloads by a single method with default parameters. This requires .NET 4.0 and above (previously it just required .NET 2.0, which is now 16 years old).
• Added HMAC-SHA-3 to the Mac incremental functions MAC_Init / MAC_AddBytes / MAC_Final, and their .NET, VBA and C++ equivalents.
• Added convenient error message formating functions errFormatErrorMessage (VBA), General.FormatErrorMessage Method (.NET), and crsysapi::Err::FormatErrorMessage (C++).

Changes in Version 6.0 (2 March 2021):

• Added generic stateful functions to handle hash, MAC and block cipher functions with repeated inputs using a context handle:
  • Generic stateful hash functions: HASH_Init, HASH_AddBytes and HASH_Final (.NET Hash.Init Method, Hash.AddData Method, and Hash.Final Method).
  • Generic stateful MAC functions: MAC_Init, MAC_AddBytes and MAC_Final (.NET Mac.Init Method, Mac.AddData Method, and Mac.Final Method).
  • Generic stateful block cipher functions: CIPHER_Init, CIPHER_Update and CIPHER_Final, (.NET Cipher.InitEncrypt Method, Cipher.InitDecrypt Method, Cipher.Update Method, and Cipher.Dispose Method). Plus alternative functions to pass data in hexadecimal-encoded form CIPHER_InitHex, CIPHER_UpdateHex.
• Added new functions CIPHER_EncryptHex and CIPHER_DecryptHex carry out block cipher encryption with padding using hex-encoded parameters (.NET Cipher.Encrypt Method and Cipher.Decrypt Method). These functions provide an alternative input mechanism using hexadecimal-encoded strings, which are simpler to handle than byte arrays.
• Added more convenient set of VBA wrapper functions that make it simpler for VBA programmers to use the "raw" functions that output to a string or byte array. No need to do a first pass to find the required length, or pre-dimension variables before use. The wrapper functions return the output in one step directly as a string or byte array. See VBA wrapper function list.

Changes in Version 5.4 (22 March 2020):

• Added new functions AEAD_EncryptWithTag and AEAD_DecryptWithTag to provide AEAD encryption with the authentication tag appended to the ciphertext (instead of being separate). (.NET Aead.EncryptWithTag Method and Aead.DecryptWithTag Method).
• Added API_IV_PREFIX option to CIPHER_EncryptBytes2 and CIPHER_DecryptBytes2 to prepend the IV before the ciphertext in the output. (.NET PrefixIV option for Cipher.Encrypt Method and Cipher.Decrypt Method).
• Added alternative features for C/VBA programmers using CIPHER_DecryptBytes2 when removal of padding bytes is involved. The user can now obtain the exact required length of the decrypted output buffer for ECB and CBC mode.
• Added SHA-3 algorithms to ActiveX wrapper diCryptOCX.dll for hash and mac classes.
• Minor improvements to the install program.
• Added double signing with both SHA-1 and SHA-256 for all distributed executables.

Changes in Version 5.3 (16 September 2018):

• Added the NIST Secure Hash Algorithm SHA-3 as per [FIPS202] (August 2015) with digest lengths 224, 256, 384 and 512 bits to all the Message Digest Hash functions and their .NET equivalent methods in the Hash Class.
• Added the stateful functions SHA3_Init, SHA3_AddBytes, SHA3_AddString and SHA3_HexDigest to compute the SHA-3 message digest of data passed in several chunks. The new equivalent .NET methods are Sha3.Init, Sha3.AddData (Byte[]), Sha3.AddData (String) and Sha3.HexDigest together with Sha3.Instance and Sha3.Dispose to create and dispose of the objects. The SHA3_LengthInBytes function or Sha3.LengthInBytes property will return the byte-length of the hash output for an initialized SHA-3 context.
  • For the equivalent SHA-3 function to, say, SHA1_BytesHexHash, use the HASH function HASH_HexFromBytes with the relevant API_HASH_SHA3_nnn option.
• Added the HMAC algorithms with the SHA-3 family (HMAC-SHA3-224/256/384/512) to the MAC functions and their .NET equivalent methods in the Mac Class as per FIPS PUB 202 [FIPS202].
• Added the KMAC128 and KMAC256 algorithms to the MAC functions and their .NET equivalent methods in the Mac Class.
• Added new function PRF_Bytes and equivalent .NET method Prf.Bytes to produce pseudorandom output of any length using KMAC128 and KMAC256 as per NIST SP800-185 [SP800185].
• Added new function XOF_Bytes and equivalent .NET method Xof.Bytes to provide extended-output functions of any length using SHAKE128 and SHAKE256 as per FIPS PUB 202 [FIPS202].
• Improved performance of WIPE_File (.NET Wipe.File Method), and added option to overwrite with a single pass of zero bytes (quicker but less secure).
• Improved the ZLIB_Inflate function to compute the required output size in bytes from the compressed data. In earlier versions you needed to know the size by other means. The .NET method Zlib.Inflate Method (Byte[]) now supersedes the old Zlib.Inflate Method (Byte[], Int32).
• Withdrew deprecated functions CIPHER_EncryptBytesPad and CIPHER_DecryptBytesPad. Use instead CIPHER_EncryptBytes2 and CIPHER_DecryptBytes2. This has no effect on .NET methods.

Changes in Version 5.2 (15 August 2016):

• Added the SCRYPT password-based key derivation function from [RFC7914]. See PBE_Scrypt and PBE_ScryptHex and their equivalent .NET Pbe Class methods.
• Added new symmetrical block cipher functions CIPHER_EncryptBytes2 and CIPHER_DecryptBytes2 as safer replacements for CIPHER_EncryptBytesPad and CIPHER_DecryptBytesPad (withdrawn in [v5.3]) with explicit checks for lengths of key and IV byte arrays. These new safer functions are now used internally in the equivalent .NET Cipher class methods.
  • Warning: These functions now ignore any padding options except the default NoPadding for CTR, OFB and CFB modes (formerly the padding would have been added or stripped even though it wasn't needed).
• Added new block cipher functions CIPHER_FileEncrypt and CIPHER_FileDecrypt with explicit checks for lengths of key and IV byte arrays. These functions allow the user to specify the type of padding used for ECB and CBC modes (previously only PKCS5Padding), and give the option to prepend the IV to the ciphertext data. The equivalent .NET methods are Cipher.FileEncrypt Method and Cipher.FileDecrypt Method.
• Added stricter checks for lengths of key and IV byte arrays for the algorithm-specific .NET file encryption and decryption methods like Aes128.FileEncrypt or Tdea.FileDecrypt. A byte[] key or IV of the wrong length will now cause an explicit error (BAD_KEY_LEN_ERROR or BAD_IV_LEN_ERROR) before it does any more harm.
• Improved constant-time checks when stripping padding from decrypted data.
• Added new padding methods AnsiX923Padding and W3CPadding: see Padding schemes for block ciphers.
• Added support for different padding methods to the Padding functions: PAD_BytesBlock, PAD_UnpadBytes, PAD_HexBlock and PAD_UnpadHex.
• Added the generic padding .NET methods Cipher.Pad Method and Cipher.Unpad Method.
• Added two new methods Cipher.BlockBytes Method and Cipher.KeyBytes Method to return the correct sizes in bytes of the cipher block and key for a given block cipher algorithm.
• Changed the behaviour of the decoding functions CNV_BytesFromHexStr and CNV_BytesFromB64Str to be stricter and return an error if any obviously invalid characters are found (formerly they were just ignored). Whitespace characters are still allowed in both hex and base64 strings, and ASCII punctuation characters in a hex string. So, for example, the hex string "DE:AD:BE:EF" is still OK, but characters in the range [G-Zg-z] in a hex string now cause an error.
  • Warning: This change may break your application if you have assumed the earlier rather lax behaviour (but it was probably wrong anyway!).
• Minimum required operating system is now Windows XP SP2 and above (that is, XP/Vista/W7/W8/W10). Legacy support for W98/NT4/W2K removed.

Changes in Version 5.1 (18 July 2015):

• Added the AEAD family of 11 new functions and the Aead class of methods to provide authenticated encryption with additional data (AEAD) with support for the following algorithms:
  • AEAD_AES_128_GCM
  • AEAD_AES_256_GCM
  • AEAD_CHACHA20_POLY1305
  • The new AEAD functions supersede the older GCM functions (unless you need to use a non-standard key or IV length).
  • The functions AEAD_Encrypt and AEAD_Decrypt provide a simple, stateless interface to do one-off AEAD computations.
  • If you need to process a large quantity of data in chunks, use the stateful, incremental functions AEAD_InitKey, AEAD_SetNonce, ..., AEAD_Destroy.
  • See Authenticated Encryption with Additional Data (AEAD) and An interface for AEAD for more details.
• Changed some of the error code values. See Error Codes and Changes in error codes in version 5.1.
• Included lists of current error codes in suitable formats for inclusion in C/C++, VB6/VBA, VB.NET and C# programs. See the files errorcodes-api.h, errorcodes-api.bas, errorcodes-api.vb and errorcodes-api.cs in the distribution. You may need to cut and paste from these into your projects.

Changes in Version 5.0 (29 April 2015):

• Added the CIPHER_Stream family of functions and CipherStream class of methods to provide stream ciphers with support for CHACHA20, SALSA20, and ARCFOUR (a.k.a RC4).
• Added the POLY1305 one-time authenticator. Use the API_MAC_POLY1305 option with any of the MAC functions or the MacAlgorithm.Poly1305 option with any of the Mac class of methods.
• Added the functions CIPHER_EncryptBytesPad and CIPHER_DecryptBytesPad which use the specified block cipher algorithm, mode and padding to encrypt and decrypt data in a byte array. Padding is added if required before encryption and removed after decryption. The equivalent .NET methods are Cipher.Encrypt Method and Cipher.Decrypt Method.
• Removed the SHA-3 algorithm provisionally added in version 4.6. We'll put it back when it's all finalized and there are decent test vectors available ... if there's any demand.
• Changed API_Version to return a five-digit number of the form Major * 10000 + Minor * 100 + Release. For example, version 5.2.1 will return the number 50201 whereas version 4.7.0 would have returned 470.

Changes in Version 4.7 (15 September 2013):

• Changed behaviour of the RNG_Initialize function and Rng.Initialize method so they will create a new seed file if one does not exist (previously it just used to fail).
• Changed the C/C++ return types for RNG_Number, CRC_Bytes, CRC_File and CRC_String functions from long to the explicit-size int32_t type. This is only relevant for the MAC-OSX library, where the long type is 64 bits instead of 32 bits. It should have no effect in Windows or other platforms.
• Updated the RNG_Number function and Rng.Number method to cope with the full range of 32-bit signed integer limits.
• Reorganized the display of function syntaxes in this document and added reference document for C/C++ programmers, diCryptoSys.h File Reference, a shorter (!) summary of the C/C++ interface.

Changes in Version 4.6 (7 November 2012):

• Added the NIST Secure Hash Algorithm SHA-3 based on the draft [KECCAK] specification (as of October 2012). Withdrawn in [v5.0]. Note this implementation is not compatible with the final specification [FIPS202] (August 2015).
• Improved the speed of the SHA-512 and SHA-384 functions.
• Added the HASH_HexFromBits function and Hash.HexFromBits method to compute the secure hash of a bit string (as opposed to the byte-oriented methods) using the SHA family of secure hash functions.
• Added the RNG_TestDRBGVS function and Rng.TestDrbgvs method to carry out the relevant validation test in The NIST SP 800-90A Deterministic Random Bit Generator Validation System (DRBGVS) [DRBGVS].

Changes in Version 4.5 (23 January 2011):

• Added the extended file cipher functions AES128_FileExt, AES192_FileExt, AES256_FileExt, TDEA_FileExt, DES_FileExt, BLF_FileExt, and their associated methods in .NET with the CipherFileOption parameter. The extended options (1) enable the IV to be embedded in the ciphertext file and (2) allow the padding to be left in place when decrypting. See Extensions to block cipher functions for files for more details.
• Upgraded the API_ErrorCode function and General.ErrorCode method so they now return an error code after calling most functions. This is useful to find the error when the .NET methods return an empty string.
• Removed all functions deprecated since version 4.0 and earlier to reduce bloat. These were functions deprecated in or before the year 2007. All have better equivalents in the latest version.

Changes in Version 4.4 (9 August 2010):

• Added a full set of VB.NET examples to this manual with cross references.
• Improved the level of detail for all .NET Classes and Methods with full cross references to the new examples and the equivalent VB6/C functions.
• Added new .NET methods to handle base64 strings in a safe manner and to convert directly between hex and base64 encodings: Cnv.FromBase64, Cnv.ToBase64, Cnv.Base64Filter, Cnv.Base64FromHex, Cnv.HexFromBase64, and Cnv.StringFromBase64.
• Fixed issue with CNV_HexFilter and non-ASCII characters,
• Improved the way the Secure Random Number Generator gathers entropy across threads.

Changes in Version 4.3 (17 December 2009):

• All DLL executables are now signed with our code authentication certificate.
• Added functions to detect the platform of the underlying DLL. See Detecting Win32 or X64 platform, General.IsWin64 Method and General.Platform Method.
• Various minor speed tweaks.
• Updated this manual with the List of .NET Methods and Cross-reference between Functions and .NET Methods.

Changes in Version 4.2 (19 March 2009):

• Compiled using VS2008 for both Win32 and X64, with legacy fix for older W9x and NT4 systems.
• Added Galois/Counter Mode (GCM) authenticated encryption and GMAC authentication. See the GCM functions; e.g. GCM_Encrypt.
• Added RIPEMD-160 message digest to generic HASH and HMAC functions.
• Improved the performance of the WIPE_File function - up to three times faster for large files.
• New format CHM manual

Changes in Version 4.1 (11 July 2008):

• Added key wrap functions with AES and Triple DES.
• Added SHA-224 message digest to generic HASH and HMAC functions.
• Upgraded password key derivation PBKDF2 functions to include SHA-2 hash functions as per PKCS#5 v2.1.
• Includes executables compiled for Windows 64-bit (x64) computers.
• Carried out an expensive product rebrand (well, we changed the colour of the CryptoSys API logo).

Changes in Version 4.0 (12 September 2007):

• Added generic HASH functions to provide SHA-384 and SHA-512 as well as existing hash digest functions.
• Added generic MAC functions to provide HMAC and CMAC message authentication code algorithms.
• Introduced new random number generator to strict NIST SP800-90 specification.

Changes in Version 3.2 (22 July 2006):

• Added CFB, OFB and CTR modes for all block ciphers. See Block Cipher Modes.
• Added padding and unpadding functions for block ciphers. See Padding Functions.
• Introduced the .NET class library as a more convenient and safer interface for C# and VB.NET programmers. Interface source code in C# is included.
• Added hex version of password key derivation and RC4-compatible stream cipher functions PBE_Kdf2Hex and PC1_Hex.
• Added base64 support for block ciphers, e.g. AES128_B64Mode.
• Added base64 conversion functions CNV_BytesFromB64Str and CNV_B64StrFromBytes.
• Various minor speed tweaks and improvements in error handling and thread local storage.

Version 1.0 first published 13 September 2001.

[Contents] [Index]