- Support for Curve25519 GPG keys (via vendored PR: keybase/go-crypto#38)
- Support for Signature Subpacket 33 (via vendored PR: keybase/go-crypto#39)
- Some people (like @brentmaxwell) had broken sigchains due to bad short signature IDs. Ignore those. (via vendored PR: keybase/go-crypto#36)
- Preliminary ECDH support so that people can import/export these keys (though not currently possible to decrypt/encrypt with them) (Via vendored PR: keybase/go-crypto#37)
- Fix for #4661 and #4634 via PR #4667
- The bug was that some people were encrypting their local secret keys with the wrong symmetric key, if provisioned by a buggy device. We still need to roll out further fixes to unbreak devices broken by this change. PR #4667 just ensures that it won't continue to happen.
- Allow signatures with DSA keys without needing to specify explicit signing flags in the Public key. Also, better tie-breaking if there are two self-signatures at the same time; use the one with the valid flags. (via vendored PR: keybase/go-crypto#31 and keybase/go-crypto#32 respectively)
- Don't overwrite valid flags with empty flags, and assume lots of power for a primary key without flags (via vendored PR: keybase/go-crypto#33 and keybase/go-crypto#34, respectively)
- Don't publish private warnings to debug log
- Ignore signatures over attributes like pictures in OpenPGP keys (via vendored PR: keybase/go-crypto#29)
- If a public key really consists of the same key listed twice, then merge the two keys and try again (PR: #2130).
- Support for sneak's public key (via vendored PR: keybase/go-crypto#17)
- Support for Brainpool elliptic curves in PGP keys (via vendored PR: keybase/go-crypto#18)
- Support for selecting keys from GPG smart cards/YubiKeys (PRs: keybase/go-crypto#22 #2440)
- Change login provisioning flow to start with username (PR: #2176)
keybase log send
works when service isn't running (PR: #2336)- Add
keybase pgp list
command (PR: #2338) keybase id
uses Identify2 (PR: #2426)- Identify2 displays revoked proofs (PR: #2445)
- Add --skip-proof-cache option to id command (PR: #2310)
- Return non-zero status when showing an error (PR: #2361)
- Include device ID in non-Tor-mode requests to keybase.io, for logging (PR: keybase/client##2434)
- Fix a bug where
keybase id
printed nothing (PR: #2468)
- Fix crasher on passphrase recover on Linux (PR: #2062)
- Local snooze for broken remote proofs (PR: #1934)
- More Gnu S2K Support (commit: 24fc27084690c564464263b9e35936ba9dc40bc1)
- Remove Gopass and Miniline; use patched ssh/terminal (PR: #2078)
- Modernize and fix up config get/set (PR: #2071)
- Fix service not restarting after version mismatch check
- Fix bad sigchain link error (PR: #1998)
- Fix invalid plist on brew install/upgrade (#2074)
- Forward-compatibility fix, for future RPCS (PR: #1919)
- Fix potential recursive LogUI Explosion (PR: #1925)
- Another crack at GNU S2K Dummy (via vendored PR: keybase/go-crypto#10)
- Performance improvement in sigchain replays (PR #1930)
- Logs in devel mode go to ~/Library/Logs/KeybaseDevel on darwin (PR: #1926)
- RSA Support for public exponent e's with <= 7 bytes (rather than 3) (via vendored PR: keybase/go-crypto#8)
- Don't encrypt for DSA and do encrypt for ElGamal subkeys (via vendored PR: keybase/go-crytpo#11)
- Properly serialize ElGamal Subkeys (via vendored PR: keybase/go-crypto#13)
- Allow DSA sub-signing keys without an explicit KeyFlags (via vendored PR: keybase/go-crypto#12)
- Fix handling of revoked subkeys (via PR #1966 and vendored PR: keybase/go-crypto#15)
- Detached pgp verify was broken for messages shorter than 100 bytes (PR: #1862)
- Only restart driver if necessary when upgrading on Windows (PR: #1842)
- Fix formatting for certain errors (PR: #1830)
- Cache InputCanceled from SecretUI from KBFS crypto ops (PR: #1795)
- New
keybase status
command, previous one moved tokeybase dump-keyfamily
(PR: #1787) - Fix regression in auto-fork (PR: #1831)
- Add ChainLink cache to speed up identify2 (PR: #1868)
- Add
keybase log send
command (PR: #1846) - Client sends PATH to service (PR: #1907)
- Windows updater (PR: #1770)
- Fix passphrase confirmation logic (PR: #1752)
- Fix
keybase passphrase recover
SecretUI, LoginSession issues (PR: #1750) - Allow
keybase sigs revoke
to work with a prefix, and havekeybase sigs list
display Sig IDs that will work withkeybase sigs revoke
(PR: #1739) - Fix
pgp gen
export to gpg error if gpg doesn't exist (PR: #1735) - Binary mode for all saltpack commands (PR: #1727)
- All config save operations use transactions (PR: #1724)
- More robust key-parsing on KeyFamily import. Fixed two ways:
- Don't error out on bad signatures in the PGP keys themselves (vendored PR: keybase/go-crypto#7)
- Skip keys that don't import properly, rather than killing the whole key family import (PR: #1766)
- saltpack: better error messages (PR: #1777)
- Do not use current keybase ID as default when generating PGP keys (PR: #1706)
- Rename SaltPack to saltpack (PR: #1674)
- Fix hang in auth C/I tests (commit: 0a30c4ca47bd4d7b936f8bccf46afc00b143d5a7)
- Better
keybase exp encrypt
/identification interaction (PR: #1577) - Allow disabling self-encryption in
keybase exp encrypt
(PR: #1606) keybase exp decrypt
now properly identifies senders, and allows for interactive mode if requested (PRs: #1613, #1617)- Implement OpenPGP PolicyURI subpacket (via vendored PR: keybase/go-crypto#3)
- OpenPGP better check for nil signing subkeys (via vendored keybase/go-crypto commit de6e298306e9dfba84a8f4f9042ee6c2bb02df85)
- SaltPack: descriptive error message on failed decryption (PR: #1625)
- Preserve external log message order (PR: #1641)
- SaltPack: implement sign/verify commands (PR: #1635)
- SaltPack: implement sign/verify package (PRs: #1596, #1612, #1614)
- SaltPack: implement the sender secretbox (PR: #1645)
- Fix merkle tree path mismatch bug (PR: #1621)
- encoding: Speed up B62 decoder (PRs: #1644, #1640)
- Fix help topics to only display when 'help' is the parent command
- SaltPack: explain alternatives for failed encryption, and also be smart about decryption using the wrong command on the wrong type of stream; suggest alterntives. (PR: #1633)
- service: hook Identify2 RPC up to engine (PR: #1662)
- openpgp: ignore broken signature packets, since some keys are mangled due to misbehaving clients and/or key servers (via vendored PR: keybase/go-crypto#4)
- openpgp: slightly better error messages for bad subkey signatures (via vendored commit: 5604f1eaa4e038e23bdbbf5bb364fe167ff03e07)
- openpgp: don't choke on UID revocations (via vendored PR: keybase/go-crypto#5).
- Fix missing SecretUI protocol for passphrase change/recover
- Add UnboxBytes32Any() with support for device and paper keys (PR: keybase/client #1693)
- Improve login error messages (PR: #1652)
- Don't mask errors in PromptSeletion (Commit: 060ff319e6b50aad09fd0162e50a3212c4f7516d)
- Periodic polling for new tracking statements (PR: #1500)
- Testing command for fake new tracking notifications (Commit: 540c01b9017502f95e4723f36a906684ff1f4ce6)
- terminal: dumb down miniline to not allow arrow movement, which doesn't work across all terminals, in particular, those that don't support ESC-u and ESC-e position saving. (Commit: ba3cd333dfcc8180a64219470ef48d7dfba207f9)
- Better device-name error message (Commit: c2d35f362915fb6fe8bcf220418424eb1a443594)
- SecretUI only has GetPassphrase now (PR: #1493)
- Allow generated PGP private key export to GPG (PR: #1524)
- Help detect typos in device add (PR: #1529)
- Fix login cancel (PR: #1546)
- libkb: Load optimizations; don't load unneeded fields (PR: #1473)
- engine: bugfix for user switching (PR: #1474)
- Fix goroutine leak in RPC calls (PR: #1462)
- Fix buggy "No device found No device found" error message
- (Commit: 8b96270704ac840ee22837f5c404948206742791)
- Fix PGP command line identify/track, flags (PR: #1475)
- Installer tweak: don't prompt to start service on windows (PR: #1495)
- Ansi color code support for terminal on Windows (PR: #1481)
- EdDSA for OpenPGP support (PR: #1519)
- Resolve RPC support (PR: #1520)
- Fix bug where cancelled RPC calls would cause hangs (PR: #1433)
- Add experimental encrypt/decrypt commands (PR: #1429)
- Save exported GPG key to local encrypted keyring (PR: #1419)
- Fix ugly warnings when eldest key not PGP key (PR: #1422)
- Further bugfixes for S2K Dummy mode (PR: #1420)
- Better handling of shell out to GPG during provisioning (PR: #1405)
- Avoid half-provisioned state by doing provisioning work in a transaction-like pattern (PR: #1406)
- Allow
keybase prove web
to work as in online documentation (PR: #1418) - Workaround for login after sigchain reset (Commmit: 4088eb8c61b856da7dfadf9631bed19270644a80)
- Fix no device ID during gpg/pgp provisioning (PR: #1400)
- Add Support for GNU S2K Dummy mode (PR: #1397)
- Emergency fix for coinbase proofs (Commit: 1e2539e58f3666f4fc357ca9c7192212b4b23999)
- Fix keybase-issues#1878, spurious key ownership error. (Commit: f1b6e135fdf3741ce823148e9e3f395f485cf734)
- Allow provision via GPG command line tool so secret key does not need to be imported. (PR #1359)
- Improve error message for no synced PGP key (Bug keybase/keybase-issues#1854)
- Fix username bug during passphrase provision (Bug keybase/keybase-issues#1855)
- Auto-restart the service if the client is newer (PR #1336)
- Rename
keybase reset
tokeybase deprovision
, make it more interactive, and have it delete all of your local account data, including keys. (PR #1330)
- Brew auto install
- Clarified GPG provisioning prompts.
- Added
--tor-mode
and related flags. - Made tricky commands less prominent in help.
- Fix passphrase change
- Fix 'pgp gen' documentation
- Rerelease for homebrew hashes
- Default to device provisioning via kex2
- Provision via paper key no longer requires username or passphrase
- Added QR code display to terminal when provisioner is a mobile device.
- Fixed confusing passphrase pinentry during device provisioning.
- Connection log cleanup.
- Fixed GPG device provisioning.
- Support for kex2 device provisioning.
- Bugfix: If no /dev/tty, still provide SecretEntry via UI.
- Bugfix: Update session mtime when saving session file.
- Performance improvement: Users plus device keys cached for kbfs.
-
Bugfix: Now the entire runtime directory contains the "RunMode", e.g. /run/user/1000/keybase.staging/. Once again, need to
killall keybase; killall kbstage
after upgrading on Linux. -
Performance improvement: Private device keys for the current device are cached in memory. They are removed upon logout.
-
Bugfix: keybase/keybase-issues#1783
-
Bugfix: We now add the "RunMode" to the socket and pid file paths, so that you can run more than one type of client at once on Linux (e.g.
keybase
andkbstage
). This means that you'll have to runkillall keybase
(or reboot your machine!) after upgrading from 1.0.0 on Linux.
- Initial staging release