* Thu Oct 17 2019 Michael Ströder <email@example.com>
- update to 2.8
* Added support for Python 3.8.
* Added class methods Poly1305.generate_tag and Poly1305.verify_tag for Poly1305 sign and verify operations.
* Deprecated support for OpenSSL 1.0.1. Support will be removed in cryptography 2.9.
* We now ship manylinux2010 wheels in addition to our manylinux1 wheels.
* Added support for ed25519 and ed448 keys in the CertificateBuilder, CertificateSigningRequestBuilder, CertificateRevocationListBuilder and OCSPResponseBuilder.
* cryptography no longer depends on asn1crypto.
* FreshestCRL is now allowed as a CertificateRevocationList extension.
* Mon Jun 03 2019 Ond?ej Súkup <firstname.lastname@example.org>
- update to 2.7
* BACKWARDS INCOMPATIBLE: Removed the cryptography.hazmat.primitives.mac.MACContext interface.
The CMAC and HMAC APIs have not changed, but they are no longer registered
as MACContext instances.
* Removed support for running our tests with setup.py test.
* Add support for :class:`~cryptography.hazmat.primitives.poly1305.Poly1305`
when using OpenSSL 1.1.1 or newer.
* Support serialization with Encoding.OpenSSH and PublicFormat.OpenSSH
in :meth:`Ed25519PublicKey.public_bytes <cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey.public_bytes>` .
* Correctly allow passing a SubjectKeyIdentifier to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`
and deprecate passing an Extension object.
* Wed May 29 2019 Tomá? Chvátal <email@example.com>
- Simplify the test execution to be more understandable
* Thu Feb 28 2019 Michael Ströder <firstname.lastname@example.org>
- update to 2.6.1:
* BACKWARDS INCOMPATIBLE:
which had been deprecated for nearly 4 years. Use encode_dss_signature()
* BACKWARDS INCOMPATIBLE: Removed cryptography.x509.Certificate.serial, which
had been deprecated for nearly 3 years. Use serial_number instead.
* Updated Windows, macOS, and manylinux1 wheels to be compiled with
* Added support for Ed448 signing when using OpenSSL 1.1.1b or newer.
* Added support for Ed25519 signing when using OpenSSL 1.1.1b or newer.
* load_ssh_public_key() can now load ed25519 public keys.
* Add support for easily mapping an object identifier to its elliptic curve
* Add support for OpenSSL when compiled with the no-engine
* Fri Jan 25 2019 Michael Ströder <email@example.com>
- Dependency on python-idna changed to "Recommends" aligned with
change in upstream source (see below)
- update to 2.5:
* BACKWARDS INCOMPATIBLE: U-label strings were deprecated in version 2.1,
but this version removes the default idna dependency as well. If you still
need this deprecated path please install cryptography with the idna extra:
pip install cryptography[idna].
* BACKWARDS INCOMPATIBLE: The minimum supported PyPy version is now 5.4.
* Numerous classes and functions have been updated to allow bytes-like
types for keying material and passwords, including symmetric algorithms,
AEAD ciphers, KDFs, loading asymmetric keys, and one time password classes.
* Updated Windows, macOS, and manylinux1 wheels to be compiled with OpenSSL 1.1.1a.
* Added support for SHA512_224 and SHA512_256 when using OpenSSL 1.1.1.
* Added support for SHA3_224, SHA3_256, SHA3_384, and SHA3_512 when using OpenSSL 1.1.1.
* Added support for X448 key exchange when using OpenSSL 1.1.1.
* Added support for SHAKE128 and SHAKE256 when using OpenSSL 1.1.1.
* Added initial support for parsing PKCS12 files with load_key_and_certificates().
* Added support for IssuingDistributionPoint.
* Added rfc4514_string() method to x509.Name,
x509.RelativeDistinguishedName, and x509.NameAttribute to format the name
or component an RFC 4514 Distinguished Name string.
* Added from_encoded_point(), which immediately checks if the point is on
the curve and supports compressed points. Deprecated the previous method
* Added signature_hash_algorithm to OCSPResponse.
* Updated X25519 key exchange support to allow additional serialization
methods. Calling public_bytes() with no arguments has been deprecated.
* Added support for encoding compressed and uncompressed points via
public_bytes(). Deprecated the previous method encode_point().
* Thu Jan 03 2019 Martin Pluskal <firstname.lastname@example.org>
- Update to version 2.4.2:
* Updated Windows, macOS, and manylinux1 wheels to be compiled
with OpenSSL 1.1.0j.
* Thu Dec 06 2018 email@example.com
- Update to 2.4.1:
* Dropped support for LibreSSL 2.4.x.
* Deprecated OpenSSL 1.0.1 support. OpenSSL 1.0.1 is no
longer supported by the OpenSSL project. At this time there
is no time table for dropping support, however we strongly
encourage all users to upgrade or install cryptography from
* Added initial :doc:`OCSP </x509/ocsp>` support.
* Added support for cryptography.x509.PrecertPoison.
* Thu Dec 06 2018 Tomá? Chvátal <firstname.lastname@example.org>
- Fix fdupes call
* Tue Aug 21 2018 email@example.com
- Update to 2.3.1:
* updated tests for upstream wycheproof changes
* many other tiny test tweaks
* Wed Jul 18 2018 firstname.lastname@example.org
- update to 2.3:
* SECURITY ISSUE: finalize_with_tag() allowed tag truncation by default
which can allow tag forgery in some cases. The method now enforces the
min_tag_length provided to the GCM constructor.
* Added support for Python 3.7.
* Added extract_timestamp() to get the authenticated timestamp of a Fernet token.
* Support for Python 2.7.x without hmac.compare_digest has been deprecated.
We will require Python 2.7.7 or higher (or 2.7.6 on Ubuntu) in the next
* Fixed multiple issues preventing cryptography from compiling
against LibreSSL 2.7.x.
* Added get_revoked_certificate_by_serial_number for quick
serial number searches in CRLs.
* The RelativeDistinguishedName class now preserves the order of attributes.
Duplicate attributes now raise an error instead of silently discarding duplicates.
* aes_key_unwrap() and aes_key_unwrap_with_padding() now raise InvalidUnwrap
if the wrapped key is an invalid length, instead of ValueError.
* Tue Jun 12 2018 email@example.com
- update to 2.2.2
* fix build on some systems with openssl 1.1.0h
* Mon Mar 26 2018 firstname.lastname@example.org
- Cleanup with spec-cleaner
- Use %setup to unpack all archives do not rely on tar calls
* Sun Mar 25 2018 email@example.com
- Update to upstream release 2.2.1:
* Reverted a change to GeneralNames which prohibited having zero elements,
due to breakages.
* Fixed a bug in
that caused it to raise InvalidUnwrap when key length modulo 8 was zero.
* BACKWARDS INCOMPATIBLE: Support for Python 2.6 has been dropped.
* Resolved a bug in HKDF that incorrectly constrained output size.
support inter-operating with systems like German smart meters.
* Added token rotation support to :doc:`Fernet </fernet>` with
* Fixed a memory leak in
* Added support for AES key wrapping with padding via
* Allow loading DSA keys with 224 bit q.
* Fri Mar 02 2018 firstname.lastname@example.org
- fix deps for hypothesis, pytest
* Thu Feb 08 2018 email@example.com
- Fix previous change and explicitly require python2 instead of
python because python itself is also provided by python3.
ImportError: No module named _ssl
when using python-cryptography in a python2 build environment
* Sat Feb 03 2018 firstname.lastname@example.org
- Fix the previous change to not pull in py2 on py3 enviroment
* Sat Jan 27 2018 email@example.com
- fix requires on python ssl once more after the last change
* Thu Jan 18 2018 firstname.lastname@example.org
- Add proper conditional for the python2, the ifpython works only
for the requires/etc
* Tue Jan 16 2018 email@example.com
- add missing dependency on python ssl
* Fri Dec 08 2017 firstname.lastname@example.org
- update to version 2.1.4:
* Added X509_up_ref for an upcoming pyOpenSSL release.