Skip to content

Releases: ProtonMail/gopenpgp

Release v2.7.2

17 Jul 12:43
@wussler wussler
v2.7.2
b97d994
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.7.2

Update the underlying crypto library

Assets 2
Loading

Release v2.7.1-proton

24 Apr 07:41
@marinthiercelin marinthiercelin
v2.7.1-proton
91a1f0a
Compare
Choose a tag to compare
Release v2.7.1-proton

This release is 2.7.1 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

Assets 2
Loading

Release v2.7.1

24 Apr 07:36
@marinthiercelin marinthiercelin
v2.7.1
d37f4eb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.7.1

Added

  • Add mobile helpers for signature verification with contexts.
Assets 2
Loading

Release v2.7.0-proton

20 Apr 14:04
@marinthiercelin marinthiercelin
v2.7.0-proton
8e16442
Compare
Choose a tag to compare
Release v2.7.0-proton

This release is 2.7.0 with support for symmetric keys and automatic forwarding, both of which are not standardized yet.

Assets 2
Loading

Release v2.7.0

20 Apr 14:01
@marinthiercelin marinthiercelin
v2.7.0
753a3fe
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.7.0

Changed

  • The SignatureVerificationError struct now has a Cause error field, which is returned by the the Unwrap function. The cause is also included in the error message.
    NB: If the caller was relying on the exact message of the error, it might break the flow.
  • When a signature fails verification because of the signature context, it returns a SignatureVerificationError with
    status constants.SIGNATURE_BAD_CONTEXT instead of constants.SIGNATURE_FAILED.

Added

  • Add api for signature context on streams SignDetachedStreamWithContext.
  • Add API for signature context on embedded signatures.

Fixed

  • When verifying detached signatures, gopenpgp sometimes needs to reattempt verification a second time to check for edge cases of signature expiration. This logic was broken because it was not rewinding the data readers.
Assets 2
Loading

Release v2.6.1-proton

22 Mar 13:26
@marinthiercelin marinthiercelin
v2.6.1-proton
392c2e0
Compare
Choose a tag to compare
Release v2.6.1-proton

This release is 2.6.1 with support for symmetric keys and automatic forwarding, both of which are not standardized yet

Assets 2
Loading

Release v2.6.1

22 Mar 13:13
@marinthiercelin marinthiercelin
v2.6.1
5037273
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v2.6.1

Security fix

  • Update github.com/ProtonMail/go-crypto and github.com/ProtonMail/go-mime to fix
    panic on invalid inputs.
Assets 2
Loading

Release 2.6.0-proton

17 Mar 11:11
@wussler wussler
v2.6.0-proton
a10e9cd
Compare
Choose a tag to compare
Release 2.6.0-proton

This release is 2.6.0 with symmetric keys and forwarding support

Assets 2
Loading

Release version 2.6.0

15 Mar 09:46
@marinthiercelin marinthiercelin
v2.6.0
62f2ca8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release version 2.6.0

Added

  • API for adding context to detached signatures: 
     sig, err := keyRing.SignDetachedWithContext(message, context)
  • API to verify the context of detached signatures: 
     err := keyRing.VerifyDetachedWithContext(message, signature, verifyTime, verificationContext)

Changed

  • Update github.com/ProtonMail/go-crypto to the latest version
  • More strictly verify detached signatures: reject detached signatures from revoked and expired keys.
  • In GetVerifiedSignatureTimestamp, use the new VerifyDetachedSignatureAndHash function to get the verified signature, instead of parsing the signature packets manually to get the timestamp.
  • Upgraded golang.org/x/crypto dependency to v0.7.0
Assets 2
Loading

Release version 2.5.2

26 Jan 11:43
@marinthiercelin marinthiercelin
v2.5.2
b4e40eb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Release version 2.5.2

Changed

  • Update github.com/ProtonMail/go-crypto to the latest version
Assets 2
Loading