v1.1.0

See CHANGELOG.md for details.

v1.0.0

See CHANGELOG.md for details.

v0.31.0

See CHANGELOG.md for details.

0.30.0

This release contains improved Sigstore support.

Changed

• SigstoreSigner adapted to sigstore-python 2.0 API: This allows
  improved UX where a new signing identity can be defined using
  interactive credentials (browser login):
  SigstoreSigner.import_via_auth()
• Documentation improvements

Removed

• Python 3.7 is no longer supported

0.29.0

This release is reaping the rewards of the new signer API with four(!) new
signing methods: Two cloud based KMSs, post-quantum crypto support and a
"keyless" signing system.

Advance notice to folks using the keys, ecdsa_keys, rsa_keys and
ed25519_keys modules: these modules are headed for deprecation. Please have
a look at the signer API and get in touch if the functionality you need
isn't there (or if more documentation is needed).

Added

• Sigstore as a new experimental signing method (#552)
• SPHINCS+ as a new experimental signing method (#568)
• Azure Key Vault as a new signing method (#588)
• AWS KMS as a new signing method (#609)
• CryptoSigner as a more featureful replacement for SSLibSigner (#604)
• Documentation that focuses on the signer API (#634, #622)

Changed

• SSLibSigner has been deprecated: Please use CryptoSigner instead (#604)
• keys module is not used for signature verification in signer API (#585)
• Various minor fixes, please see git log for details

New Contributors

• @malancas made their first contribution in #588
• @kommendorkapten made their first contribution in #597
• @ianhundere made their first contribution in #609

Full Changelog: v0.28.0...v0.29.0

v0.28.0

Added

• Signer: auto-keyid helper (#557)
• Signer: de/serialization helpers (#558)
• Signer: tests (#555, #556)
• Sigstore Signer: import methods (#535)

Changed

• HSMSigner: pre-hash data (#548)
• GCP Signer, HSM Signer: auto-keyid computation (#557)
• DSSE: serialize signature data as base64 for compliance (#565)

Removed

• Obsolete shebangs (#544, #545)
• Outdated schemes: md5, sha1 (#554)

Fixed

• Various test and CI fixes (#538, #541, #542, #543, #546)
• Minor SSlibKey.verify_signature error handling bug (#556)

v0.27.0

Added

• EXPERIMENTAL DSSE implementation (#487)
• EXPERIMENTAL sigstore signer and verifier (#522)
• Minimal TUF/in-toto spec-compliant GPG verifier (#488)
• API-typical 'import' and 'from URI' GPG signer methods (#488)

Changed

• Require public key in GPG signer and disallow subkey signatures (#488)
• Increase GPG subprocess timeout (#502)
• Rename default branch to 'main' (#523)
• Make HSM signer URI configurable (#526)
• Allow tox to skip virtual HSM tests (#528)
• Strip PEM keys to compute keyids consistently (#453)

Removed

• Internal GPG version utils (#504)
• Custom subprocess interface (#505)
• Vendored ssl module (#506)

Fixed

• Windows compatibility issues and re-enable Windows CI (#518)
• GPG subprocess timeout configurability (#502)

v0.26.0

Added

• Private key URI schemes for signer instantiation (#456)
• Public key container class for signature verification (#456)
• Post-quantum sphincs+ signing scheme (#427)
• Hardware Security Module (HSM) signing (#472)
• Google Cloud KMS signing (#442, #480)

Changed

• Use pyproject.toml for build configuration (#253)
• Use hatchling as build backend (#484)
• Auto-format and lint all code (#439, #490)
• Various CI and build improvements (#459, #460, #476, #493, #464)

Removed

• Drop colorama optional dependency and colorized output support (#443)

Fixed

• Don't shell out to gpg on import (#437)
• Fix metaclass definition (#473)
• Make GPGSigner signatures specification compliant (#486)

v0.25.0

Changed

• Do not use max salt lengths in RSA PSS signature creation (#436)
• Restrict read and write access for new private keys (#231)
• Replaced deprecated distutils.version.StrictVersion (#433)
• Bumped dependencies: cryptography (#435)

Fixed

• GPG availability check in tests (#434)

v0.24.0

Added

• GPGSigner to support gpg signing via Signer interface (#341, #419)

Changed

• Use max salt lengths in RSA PSS signature creation & automatically verify previous/new
  sigs (#422)
• Speed up canonical json encoding (#410)
• Bumped dependencies: cffi (#415), colorama (#413), cryptography (#405, #406, #414,
  #417, #424, #425), ed25519 (#412)
• Changed Debian packaging metadata (#392)

Fixed

• Minor test fixes (#403, #420)