Version 4.3.0

• You can now quickly turn a SignatureKeyPair object into a birationally
  equivalent EncryptionKeyPair object by invoking the getEncryptionKeyPair()
  method.
• We now have 100% unit test coverage, in addition to our static analysis.

Version 4.2.0

• Implemented Asymmetric::signAndEncrypt() and Asymmetric::verifyAndDecrypt(),
  which facilitates the GPG use-case of signed-then-encrypted messages between
  two parties' Ed25519 keypairs. Encryption is facilitated using birationally
  equivalent X25519 keys.
• Removed our in-house implementations of binary-safe substr and strlen in
  favor of using the ones in the constant-time encoding library.

Version 4.1.0

Added support for libsodium 1.0.15, which was previously broken in 4.0.x.

Passwords should be autoamtically migrated, but if keys were being generated via
KeyFactory::derive______Key() (fill in the blank), you'll need to change your
usage of this API to get the same key as previously. Namely, you'll need to pass
the SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13 constant to the fourth argument after the
password, salt, and security level.

        $key = KeyFactory::deriveEncryptionKey(
            new HiddenString('correct horse barry staple'),
-             "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
+             "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
+             KeyFactory::INTERACTIVE,
+             SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13
        );

If you previously specified a security level, your diff might look like this:

        $key = KeyFactory::deriveEncryptionKey(
            new HiddenString('correct horse barry staple'),
            "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
-             KeyFactory::SENSITIVE
+             KeyFactory::SENSITIVE,
+             SODIUM_CRYPTO_PWHASH_ALG_ARGON2I13
        );

Version 4.0.2

This is mostly a boyscouting/documentation release. However, we now pass Psalm under the
strictest setting (totallyTyped = true). This means that not only is our public interface
totally type-safe, but Halite's internals are as well.

Version 4.0.1 (Relicense to MPL-2.0)

• Prompted by #67, Halite is now available under the terms of the Mozilla Public License 2.0 (MPL-2.0). Using Halite to build products that restrict user freedom (such as DRM) is highly discouraged, but not forbidden.

Version 1.6.0

Halite will attempt to use sodium_compat where ever it can. However, for best results, install version 1.0.6 of the libsodium extension from PECL.

The 1.x branch of Halite is the only version that still supports PHP 5. All future versions require PHP 7 or higher. Version 4 requires PHP 7.2.

Version 4.0.0

• Bump minimum PHP version to 7.2.0, which will be available before the end of 2017
• New methods: encryptWithAd() and decryptWithAd(), for satisfying true AEAD needs
• Encrypted password hashing through our Password class can also accept an optional,
  additional data parameter
• HiddenString objects can now be directly compared
  • $hiddenString->equals($otherHiddenString)
• Added Psalm to our Continuous Integration to assure Halite is fully type-safe
• Updated unit tests to be compatible with PHPUnit 6

Version 3.3.0

Fixes #61, Halite now works with the new libsodium v2 API from PECL. It also still works on the old v1 API.

Version 3.2.0

• Resolved #49, which
  requested making HiddenString defend against serialize() leaks.
• Fixed an encoding issue which broke legacy passwords.
  (Discovered in the course of CMS Airship development.)
• The File API now supports different encodings for signatures and
  checksums (more than just hex and binary).

Version 3.1.1

• Fixed #44, which
  caused Halite to be unusable for Symfony users. Thanks, Usman Zafar.