Releases: covert-encryption/covert
v0.7.0
Major new features are included in this release:
- Forward Secrecy in conversations, making Covert the first offline messaging tool to implement that and the only one that conceals both the sender and the recipient, leaking no metadata.
- ID store for keeping permanent public keys and Forward Secrecy temporary keys.
- Avoids having to enter keys on command line, where identities stored on disk may be used by name
- Signature verification shows ID names for known keys
- Storage is protected by a Master ID passphrase that by default is 5 random words but can be changed
- See covert id --help
- Greatly improved CLI command help including colour and sub command help.
- Changes in signatures breaking compatibility with versions prior to 0.7.0. The current implementation is intended to be stable.
- Large number of bug and usability fixes, other improvements, increased test coverage, refactoring and more typing.
The main purpose of this release is for developers to start testing forward secrecy and ID store in actual use. Although their implementation is not stable, we need real world testing to guide further development. Please report anything that you find unclear or buggy, as well as ideas for improvement especially on user interface.
Both parties of a conversation need to have ID stores enabled to initiate a conversation with Forward Secrecy. The initial message sent uses standard public key cryptography, and unless the peer has ID store enabled, any replies to it are also not secured against key breaches. The protocol used is based on Signal's Double Ratchet with header encryption.
The GUI does not yet support the use of ID store, planned to be included in later versions once the system stabilises. Due to lacking agent support Covert will ask for ID store passphrase on each run but this is also subject to change such that the ID store may stay unlocked for a while and avoid frequent passphrase prompting.
We also like to thank our two new developers who have done valuable maintenance work and contributed to improved CLI help.
What's Changed
- Added Montgomery module and minor changes in Elliptic module by @covert-encryption in #67
- Minor fixes on key parsing, typing and additional tests by @covert-encryption in #76
- Fix blockstream decryption bug causing signature verification failures by @covert-encryption in #80
- Add some tests by @MarionetteAccount in #83
- Upgrade dependencies to avoid a problem with GUI not starting by @covert-encryption in #84
- List supported key formats and examples in usage by @heikkiorsila in #78
- Implement ID store in a file by @covert-encryption in #81
- Add more typing by @MarionetteAccount in #86
- Refactor CLI as a submodule with cli.py broken into smaller modules by @covert-encryption in #87
- Improve covert dec UX with passphrases and ID store by @covert-encryption in #88
- Second phase of ID store implementation by @covert-encryption in #89
- Passphrase wordlist word "joint" replaced by "joe" to avoid confusion with some combinations like "jointrace" and "jointramp"
New Contributors
- @MarionetteAccount made their first contribution in #83
- @heikkiorsila made their first contribution in #78
Full Changelog: v0.6.0...v0.7.0
Contributors
Assets 2
v0.6.0
It has been a few weeks since our last release but despite the holiday season we have been working and are proud to publish another big "minor" update in the form of 0.6 (with further patch releases expected in rapid succession). This is a breaking change for everything related to public keys.
This release implements Dirty Elligator 2, which is a system of ephemeral key creation and hiding. Covert had previously implemented the Elligator 2 algorithm in an effort to avoid any distinguishability from random data. Well, it turned out to be trickier than expected, as there still was a leakage of 3 bits in the form of Elliptic Curve subgroup selection. Actually, anyone who cares for that much technical detail should check out the issue and PR related to that, as there is plenty of highly educational discussion there. It should be noted that 0.6.0 uses our custom Python implementation of Ed25519 due to libsodium's shortcomings but that we are already working on making it instead use the excellent Monocypher library for such calculations (obviously also for better security).
Signatures have also been finally implemented using Signal's XEdDSA protocol (like Dirty Elligator, for now implemented in plain Python in the covert.elliptic submodule). This enables all types of 25519 keys to be used for both signing and encryption.
Other than cryptography, the GUI has also been largely rewritten, although bugs are still to be expected and will be fixed in shortly upcoming patch releases. The rewrite adds further functionality than before but more importantly makes future development much easier.
CLI has gained a new feature that had been requested by a couple of users: editing of files without extracting the plain text in between. This can be useful for keeping notes in an encrypted archive without ever exposing the contents to the hard drive. Use covert edit to edit any password-encrypted archive.
Automated testing and coverage CI has been in use for about a month now and we are steadily increasing coverage and making Covert more reliable by thoroughly testing all code.
What's Changed
- Changes for armor_max_size and tty_max_size. by @rocketdey in #59
- Minor cleanup of CLI main by @covert-encryption in #62
- Dirty Elligator for better hiding of the ephemeral key by @covert-encryption in #61
- Improve CLI error messages and testing by @covert-encryption in #64
- Support editing archives, keeping encrypted notes by @covert-encryption in #65
- Added tests to test_cli by @rocketdey in #69
- GUI improvements by @covert-encryption in #68
Full Changelog: v0.5.4...v0.6.0
A special THANK YOU
The Monocypher author @LoupVaillant reported elligator's dirty secret to us and has been far more than just helpful in getting the issue fixed and the fix thoroughly reviewed, and has given valuable feedback on signatures and other design details as well. We salute you!
It is no small feat that he apparently wrote the first and only implementation of what we have now dubbed the Dirty Elligator 2, using bits and pieces of information that hardly anyone in the world knows, filling in the blanks himself. Yes, the theory of Ed25519 was well known, and the Elligator 2 paper is known by people familiar with cryptography but the devil is in those dirty details!
v0.5.4
What's Changed
- Upgraded zxcvbn to avoid a crash on startup on Python 3.9.2 (Debian 11)
- Increased precision of random padding calculation by @covert-encryption in #58
Full Changelog: v0.5.3...v0.5.4
Contributors
Assets 2
v0.5.3
What's Changed
- Fix signature implementation broken by earlier blockstream refactoring. by @covert-encryption in #51
- Additional e2e test on CLI for more coverage by @covert-encryption in #52
Full Changelog: v0.5.1...v0.5.3
Contributors
Assets 2
v0.5.1
What's Changed
- Do not print speech bubble on decoded message in GUI by @covert-encryption in #46
- Allow mode selecting within combined short arguments. by @rocketdey in #45
- Parser for SSH secret keys with support for passwords by @covert-encryption in #47
- Adding tests for covert.passphrase by @covert-encryption in #48
- Fix benchmark mode and add tests using it by @covert-encryption in #50
- Run a full encryption/decryption test cycle over CLI by @covert-encryption in #49
Full Changelog: v0.5.0...v0.5.1
Contributors
Assets 2
v0.5.0
Our biggest release so far. A lot of changes, most notably a GUI in addition to CLI version. The file format of 0.5 is incompatible with earlier versions due to various changes made to it. Due to the sheer number of changes we except there to be bugs that should be ironed out in upcoming releases. Please report any issues encountered, so that we can fix them.
What's Changed
- Elligator2 hashing to scramble the ephemeral key header field. by @covert-encryption in #24
- New password hashing spec and implementation, and related cleanup. by @covert-encryption in #27
- Refactor armor functions to use str and removing any
>quotes. by @covert-encryption in #28 - Implementing graphical user interface by @covert-encryption in #23
- Refactor file records as lists to save a few bytes and simplify code. by @covert-encryption in #29
- Remove BOMs of input strings by @covert-encryption in #30
- Compatibility with legacy Windows terminals by @covert-encryption in #31
- Allow combining short CLI arguments by @rocketdey in #32
- Better error message when using -r on keyfile by @covert-encryption in #34
- Simplified decrypt auth handling (refactoring) by @covert-encryption in #36
- Update unit tests with recent API and format changes. by @covert-encryption in #40
- Add tox for automated testing, coverage etc. by @covert-encryption in #41
- Increase padding on short messages for stronger protection by @covert-encryption in #42
- Big refactoring of decryption functions, allowing for easier GUI implementation by @covert-encryption in #43
New Contributors
- @rocketdey made their first contribution in #32
Full Changelog: v0.4.1...v0.5.0
v0.4.1
No changes in functionality over v0.4.0 but using zxcvbn-covert from PyPi rather than from Github.
v0.4.0
What's Changed
- Implemented a slightly better message editor. by @covert-encryption in #18
- Automatic copy&paste support by
-Aby @covert-encryption in #20 - Depend on our own zxcvbn fork that fixes bugs the upstream is ignoring. by @covert-encryption in #19
- File signing and signature verification. by @covert-encryption in #21
- CLI help text clarified
- Arrow keys now function correctly in Windows Terminal which uses different escapes than other terminals on Windows that we were testing on before
Expect this version to be a bumpy ride, as many new and quite experimental features as well as new dependencies have been added. The signature implementation is not final but it works. The sender needs to use -i to specify on or more identities to sign with, and then the receiver will automatically verify them. Public keys are embedded in signed files, so the receiver does not have to have those.
Full Changelog: v0.3.3...v0.4.0
v0.3.3
- Encrypted message input no longer echoes to screen
- MiniSign keyfile decryption is attempted with empty password automatically
- Various small fixes and removed a dependency that prevented running the program on Windows
Full Changelog: v0.3.1...v0.3.3
v0.3.1
This is a minor patch to fix two source code typos introduced right before the prior release.