diff --git a/NEWS b/NEWS index c4af7f43..15a4013c 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -* Relase 0.17.0 (27 May 2021) +* Release 0.17.0 (27 May 2021) New API: * Keys that use explicit curve parameters can now be read and written. @@ -38,13 +38,13 @@ Bug fix: `PointJacobi`, `VerifyingKey`, and `SigningKey` so that it behaves consistently and in the expected way both in Python 2 and Python 3. * Implement lock-less algorithm inside PointJacobi for keeping shared state - so that when calculation is aborted with KeyboardInterrupt, the state doesn't - become corrupted (this fixes the occasional breakage of ecdsa in interactive - shells). + so that when a calculation is aborted with KeyboardInterrupt, the state + doesn't become corrupted (this fixes the occasional breakage of ecdsa in + interactive shells). New features: * The `speed.py` script now provides performance for signature verification - without use of precomputation. + without the use of precomputation. * New curves supported: secp112r1, secp112r2, secp128r1, secp160r1. Performance: @@ -89,11 +89,11 @@ Support for reading and writing private keys in PKCS#8 format. New API: `to_pem` and `to_der` now accept new parameter, `format`, to specify -the format of the encoded files, either the dafault, legacy "ssleay", or +the format of the encoded files, either the default, legacy `ssleay`, or the new `pkcs8` to use PKCS#8. Note that only unencrypted PKCS#8 files are supported. Add `allow_truncate` to `verify` in `VerifyingKey`, it defaults to True, -when specified as False, use of large hashes smaller than curves will be +when specified as False, the use of large hashes smaller than curves will be disallowed (as it was in 0.14.1 and earlier). Bug fix: @@ -108,7 +108,7 @@ as such. Maintenance: Ensure that version checks will work with Python 4. Format the source with black. -Fix uses of `assert_` in test suite. +Fix uses of `assert_` in the test suite. Use newer Ubuntu in Travis to test against OpenSSL 1.1.1 (and thus test the interoperability of ECDH code in Travis). @@ -131,24 +131,24 @@ New API: `ecdsa.ecdh` module and `ECDH` class. `PointJacobi` added. `VerifyingKey.verify_digest`, `SigningKey.sign_digest` and -`SigningKey.sign_digest_deterministic` methods now accept `allow_truncate` -argument to enable use of hashes larger than the curve order. +`SigningKey.sign_digest_deterministic` methods now accept the `allow_truncate` +argument to enable the use of hashes larger than the curve order. `VerifyingKey` `from_pem` and `from_der` now accept `hashfunc` parameter like other `from*` methods. -`VerifyingKey` has `precompute` method now. +`VerifyingKey` has the `precompute` method now. `VerifyingKey.from_public_point` may now not perform validation of public -point when `validate_point=False` argument is passed to method. +point when `validate_point=False` argument is passed to the method. `CurveFp` constructor now accepts the `h` parameter - the cofactor of the -elliptic curve, it's used for selection of algorithm of public point +elliptic curve, it's used for the selection of algorithm of public point verification. Performance: -`randrange` now will now perform much fewer calls to system random number +`randrange` now will perform much fewer calls to the system random number generator. `PointJacobi` introduced and used as the underlying implementation; speeds up the library by a factor of about 20. -Library has now optional dependencies on `gmpy` and `gmpy2`. When they are -availbale, the elliptic curve calculations will be about 3 times faster. +The library has now optional dependencies on `gmpy` and `gmpy2`. When they are +available, the elliptic curve calculations will be about 3 times faster. Maintenance: expected minimum version of `six` module (1.9.0) is now specified explicitly @@ -173,13 +173,13 @@ Make `SigningKey.sign_digest_deterministic` use default object hashfunc when none was provided. `encode_integer` now works for large integers. Make `encode_oid` and `remove_object` correctly handle OBJECT IDENTIFIERs -with large second subidentifier and padding in encoded subidentifiers. +with large second sub-identifier and padding in encoded sub-identifiers. New features: -Deterministic signature methods now accept `extra_entropy` parameter to further -randomise the selection of `k` (the nonce) for signature, as specified in -RFC6979. -Recovery of public key from signature is now supported. +Deterministic signature methods now accept the `extra_entropy` parameter to +further randomise the selection of `k` (the nonce) for signature, as specified +in RFC6979. +Recovery of the public key from signature is now supported. Support for SEC1/X9.62 formatted keys, all three encodings are supported: "uncompressed", "compressed" and "hybrid". Both string, and PEM/DER will automatically accept them, if the size of the key matches the curve. @@ -204,7 +204,7 @@ added. `VerifyingKey`: `__repr__` is now supported Deprecations: -Python 2.5 is not supported any more - dead code removal. +Python 2.5 is not supported anymore - dead code removal. `from ecdsa.keys import *` will now import only objects defined in that module. Trying to decode a malformed point using `VerifyingKey.from_string` will rise now the `MalformedPointError` exception (that inherits from @@ -223,10 +223,10 @@ modular_exp: will emit `DeprecationWarning` Hardening: Deterministic signatures now verify that the signature won't leak private -key through very unlikely selection of `k` value (the nonce). +key through a very unlikely selection of `k` value (the nonce). Nonce bit size hiding was added (hardening against Minerva attack). Please -note that it DOES NOT make library secure against side channel attacks (timing -attacks). +note that it DOES NOT make the library secure against side-channel attacks +(timing attacks). Performance: The public key in key generation is not verified twice now, making key @@ -311,14 +311,15 @@ hashfunc=sha256 in each time they call sign() or verify(). Fix test failure against OpenSSL-1.0.0 (previous versions only worked against openssl-0.9.8 or earlier). Increase python requirement to py2.5 or later -(still no py3 compatibility, but work is underway). Replace use of obsolete +(still no py3 compatibility, but work is underway). Replace the use of obsolete 'sha' library with modern 'hashlib'. Clean up unit test runner (stop using subprocesses). * Release 0.6 (15 Oct 2010) -Small packaging changes: extract version number from git, add 'setup.py test' -command, set exit code correctly on test failure. Fix pyflakes warnings. +Small packaging changes: extract the version number from git, add +'setup.py test' command, set exit code correctly on test failure. Fix pyflakes +warnings. * Release 0.5 (27 Apr 2010) diff --git a/README.md b/README.md index 2c77a6c4..22db609e 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ curves over prime fields. ## Dependencies This library uses only Python and the 'six' package. It is compatible with -Python 2.6, 2.7 and 3.3+. It also supports execution on the alternative +Python 2.6, 2.7, and 3.3+. It also supports execution on alternative implementations like pypy and pypy3. If `gmpy2` or `gmpy` is installed, they will be used for faster arithmetic. @@ -78,7 +78,7 @@ pip install ecdsa[gmpy] The following table shows how long this library takes to generate keypairs (`keygen`), to sign data (`sign`), to verify those signatures (`verify`), to derive a shared secret (`ecdh`), and -to verify the signatures with no key specific precomputation (`no PC verify`). +to verify the signatures with no key-specific precomputation (`no PC verify`). All those values are in seconds. For convenience, the inverses of those values are also provided: how many keys per second can be generated (`keygen/s`), how many signatures @@ -87,7 +87,7 @@ per second (`verify/s`), how many shared secrets can be derived per second (`ecdh/s`), and how many signatures with no key specific precomputation can be verified per second (`no PC verify/s`). The size of raw signature (generally the smallest -way a signature can be encoded) is also provided in the `siglen` column. +the way a signature can be encoded) is also provided in the `siglen` column. Use `tox -e speed` to generate this table on your own computer. On an Intel Core i7 4790K @ 4.0GHz I'm getting the following performance: @@ -176,8 +176,8 @@ On the same machine I'm getting the following performance with `gmpy2`: (there's also `gmpy` version, execute it using `tox -e speedgmpy`) For comparison, a highly optimised implementation (including curve-specific -assembly for some curves), like the one in OpenSSL 1.1.1d, provides following -performance numbers on the same machine. +assembly for some curves), like the one in OpenSSL 1.1.1d, provides the +following performance numbers on the same machine. Run `openssl speed ecdsa` and `openssl speed ecdh` to reproduce it: ``` sign verify sign/s verify/s @@ -247,7 +247,7 @@ OpenSSL. [pyca/cryptography](https://cryptography.io) is one example of such a wrapper. The primary use-case of this library is as a portable library for interoperability testing and as a teaching tool. -**This library does not protect against side channel attacks.** +**This library does not protect against side-channel attacks.** Do not allow attackers to measure how long it takes you to generate a keypair or sign a message. Do not allow attackers to run code on the same physical @@ -262,7 +262,7 @@ operation with a private key will be sufficient to completely reconstruct the private key**. Please also note that any Pure-python cryptographic library will be vulnerable -to the same side channel attacks. This is because Python does not provide +to the same side-channel attacks. This is because Python does not provide side-channel secure primitives (with the exception of [`hmac.compare_digest()`][3]), making side-channel secure programming impossible. @@ -363,7 +363,7 @@ vk2 = VerifyingKey.from_pem(vk_pem) There are a couple of different ways to compute a signature. Fundamentally, ECDSA takes a number that represents the data being signed, and returns a pair of numbers that represent the signature. The `hashfunc=` argument to -`sk.sign()` and `vk.verify()` is used to turn an arbitrary string into +`sk.sign()` and `vk.verify()` is used to turn an arbitrary string into a fixed-length digest, which is then turned into a number that ECDSA can sign, and both sign and verify must use the same approach. The default value is `hashlib.sha1`, but if you use NIST256p or a longer curve, you can use