New in this version
Changes in Version 22.0 (October 2023):
Added support for the safecurve algorithms Ed448 and X448 for EdDSA signatures and ECDH key exchange, respectively.
See Safe curves for elliptic cryptography and
- Support for the signature algorithm Ed448 is provided for basic signatures using
SIG_SignData, CMS signed-data objects using
and for signing X509 certificates using
- The Diffie-Hellman key exchange algorithm X448 can be used for
and an X448 key can be included in an X.509 certificate using
- Added support for the AEAD_CHACHA20_POLY1305 authenticated encryption algorithm as per [RFC8439].
This can be used directly with
and in creating a CMS AuthEnvelopedData object using
- Added support for certain Hybrid Public Key Encryption (HPKE) helper functions as per [RFC9180]:
See Hybrid Public Key Encryption (HPKE).
- Added the SCRYPT password-based key derivation function from [RFC7914].
and their equivalent .NET
Pbe Class methods.
ECC_SaveKey so as to always save private EC keys with the equivalent public key included.
- Added type
"PKCS8 ONE ASYMMETRIC KEY" to
when detecting a PKCS#8 v2 OneAsymmetricKey private key object.
- Added the option PKI_KEY_LEGACY to save safe curve keys (X25519, Ed25519, X448, Ed448) in the older PKCS#8 v1 PrivateKeyInfo form
(some applications do not accept the newer v2 form).
- Added an option PKI_PFX_DOUBLE_ENCRYPT to create a "double-encrypted" P12/PFX file using
PFX_MakeFile (like P12 files used by SET in Paraguay).
- Modified the output from
to display the object lengths more clearly.