Releases: Mastercard/pkcs11-tools
Releases · Mastercard/pkcs11-tools
v2.1.2
v2.1.1
v2.1.0
v2.0.2
v2.0.1
v2.0.0
The toolkit has reached v2.0. It features several major changes:
- it supports (and requires) OpenSSL v1.1.1+
- signing commands (
p11mkcert,p11reqandmasqreq) implement OpenSSL algorithm methods. This will enable supporting more algorithms in the future. - major overhaul of the wrapping/unwrapping system: it is now possible to perform double wrapping (aka enveloppe wrapping) with a single command, in a secure fashion
p11keygencan now generate a session key and wrap it under one or several wrapping keys- a new command,
p11rewrap, allows to unwrap a key and immediately rewrap in under one or several wrapping keys, in a secure fashion. - helper scripts greatly enhanced, to support also
pkcs11-spy.soshim when executing a command. - support for more HSMs and cryptographic tokens included
v1.2.0
Enhanced
- implemented CKA_AES_KEY_WRAP (rfc3394) and CKA_AES_KEY_WRAP_PAD (rfc5649)
- added support for Gemalto Safenet Luna HSM
- added flavour=nss parameter to rfc5649 algorithm, to identify non compliant RFC5649 implementation of NSS
Fixed
- fixed compilation warning on linux/debian 10 with gcc
- fixed issue that prevented cross-compilation to work, for mingw32
v1.1.0
- the build process can leverage pkg-config, when available
- the Git repository does not store generated source files anymore. It requires to execute
bootstrap.shbeforeconfigure gnulibis now a submodule of the project- PKCS11 version upgraded to v2.40, with the backport of EdDSA defines from v3.0
- enhanced installation documentation