New in this version

Changes in Version 22.0 (October 2023):

• Added support for the safecurve algorithms Ed448 and X448 for EdDSA signatures and ECDH key exchange, respectively. See Safe curves for elliptic cryptography and ECC_MakeKeys.
  • Support for the signature algorithm Ed448 is provided for basic signatures using SIG_SignData, CMS signed-data objects using CMS_MakeSigData, and for signing X509 certificates using X509_MakeCert.
  • The Diffie-Hellman key exchange algorithm X448 can be used for ECC_DHSharedSecret, and an X448 key can be included in an X.509 certificate using X509_MakeCert.
• Added support for the AEAD_CHACHA20_POLY1305 authenticated encryption algorithm as per [RFC8439]. This can be used directly with CIPHER_EncryptAEAD and in creating a CMS AuthEnvelopedData object using CMS_MakeEnvData.
• Added support for certain Hybrid Public Key Encryption (HPKE) helper functions as per [RFC9180]: HPKE_LabeledExtract, HPKE_LabeledExpand and HPKE_DerivePrivateKey. See Hybrid Public Key Encryption (HPKE).
• Added the SCRYPT password-based key derivation function from [RFC7914]. See PBE_Scrypt and PBE_ScryptHex and their equivalent .NET Pbe Class methods.
• Updated ECC_SaveKey so as to always save private EC keys with the equivalent public key included.
  • Added type "PKCS8 ONE ASYMMETRIC KEY" to ASN1_Type when detecting a PKCS#8 v2 OneAsymmetricKey private key object.
  • Added the option PKI_KEY_LEGACY to save safe curve keys (X25519, Ed25519, X448, Ed448) in the older PKCS#8 v1 PrivateKeyInfo form (some applications do not accept the newer v2 form).
• Added an option PKI_PFX_DOUBLE_ENCRYPT to create a "double-encrypted" P12/PFX file using PFX_MakeFile (like P12 files used by SET in Paraguay).
• Modified the output from ASN1_TextDump to display the object lengths more clearly.

[Contents] [Index]