Skip to content

openssl_encrypt 1.4.7

Latest

Choose a tag to compare

@jahlives jahlives released this 29 Jun 14:03

A documentation and packaging release. It refreshes README.md — which is rendered as the PyPI project page — for the 1.4.6 feature set. There are no functional, CLI, or on-disk format changes; 1.4.7 is byte-for-byte equivalent to 1.4.6 in behavior. It was cut because PyPI artifacts are immutable: after the 1.4.6 upload the project page still showed 1.4.5-era content, so correcting it required a new version.

What changed

  • README "What's New" and release history updated to cover the 1.4.6 features (PIV/PKCS#11 HSM backend, source-code integrity manifest, envelope encryption with O(header) rekey, detached ML-DSA-65 signing, ASCII armor, Independent XOR v13 default, the sequential-XOR KDF-cost fix, and the streaming decrypt fix).
  • "KDF Composition Modes" section corrected. It previously described Independent XOR v11 as the STANDARD/PARANOID default and pointed at a now-superseded re-injection TODO. It now documents format version 13 (per-component domain-separated HKDF salts) as the default, and records the sequential-XOR last-stage cancellation fix (ADVISORY 2026-02) as shipped.

Notes

For the actual feature set and security fixes, see the 1.4.6 release. Existing encrypted files remain decryptable; no action is required.