1 | # Change Log
|
2 |
|
3 | All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
|
4 |
|
5 | ## [1.27.3](https://github.com/panva/jose/compare/v1.27.2...v1.27.3) (2020-08-04)
|
6 |
|
7 |
|
8 | ### Bug Fixes
|
9 |
|
10 | * do not mutate unencoded payload when signing for multiple parties ([1695423](https://github.com/panva/jose/commit/169542363f884e4028db9f80086d631e626eb469)), closes [#89](https://github.com/panva/jose/issues/89)
|
11 | * ensure "b64" is the same for all recipients edge cases ([d56ec9f](https://github.com/panva/jose/commit/d56ec9f5ddc2612e5ff21fe35d45a56e7153e0e4))
|
12 |
|
13 |
|
14 |
|
15 | ## [1.27.2](https://github.com/panva/jose/compare/v1.27.1...v1.27.2) (2020-07-01)
|
16 |
|
17 |
|
18 | ### Bug Fixes
|
19 |
|
20 | * handle private EC keys without public component ([#86](https://github.com/panva/jose/issues/86)) ([e8ad389](https://github.com/panva/jose/commit/e8ad38993e29747098f7fd1594dde4ce893ba802)), closes [#85](https://github.com/panva/jose/issues/85)
|
21 |
|
22 |
|
23 |
|
24 | ## [1.27.1](https://github.com/panva/jose/compare/v1.27.0...v1.27.1) (2020-06-01)
|
25 |
|
26 |
|
27 | ### Bug Fixes
|
28 |
|
29 | * allow any JSON numeric value for timestamp values ([7ba4922](https://github.com/panva/jose/commit/7ba492237aaf788914166c134d50fb046041efa0))
|
30 |
|
31 |
|
32 |
|
33 | # [1.27.0](https://github.com/panva/jose/compare/v1.26.1...v1.27.0) (2020-05-05)
|
34 |
|
35 |
|
36 | ### Features
|
37 |
|
38 | * add opt-in objects to verify using embedded JWS Header public keys ([7c1cab1](https://github.com/panva/jose/commit/7c1cab196edc409ec6cc4741bdf7e06c5aaf5dab))
|
39 |
|
40 |
|
41 |
|
42 | ## [1.26.1](https://github.com/panva/jose/compare/v1.26.0...v1.26.1) (2020-04-27)
|
43 |
|
44 |
|
45 | ### Bug Fixes
|
46 |
|
47 | * **typescript:** types of key generate functions without overloads ([7e60722](https://github.com/panva/jose/commit/7e60722ae7054f8acf833e015c22679d56fbc0ca)), closes [#80](https://github.com/panva/jose/issues/80)
|
48 | * "typ" content-type validation, case insensitive and handled prefix ([0691586](https://github.com/panva/jose/commit/06915861b32c0ae252dcc84791050bc3716ce102))
|
49 |
|
50 |
|
51 |
|
52 | # [1.26.0](https://github.com/panva/jose/compare/v1.25.2...v1.26.0) (2020-04-16)
|
53 |
|
54 |
|
55 | ### Features
|
56 |
|
57 | * update JWT Profile for OAuth 2.0 Access Tokens to latest draft ([8c0a8a9](https://github.com/panva/jose/commit/8c0a8a950e4503cb7a756589e307286fe1116b05))
|
58 |
|
59 |
|
60 | ### BREAKING CHANGES
|
61 |
|
62 | * `at+JWT` JWT draft profile - in the draft's Section 2.2
|
63 | the claims `iat` and `jti` are now REQUIRED (was RECOMMENDED).
|
64 |
|
65 |
|
66 |
|
67 | ## [1.25.2](https://github.com/panva/jose/compare/v1.25.1...v1.25.2) (2020-04-15)
|
68 |
|
69 |
|
70 | ### Bug Fixes
|
71 |
|
72 | * **build:** don't publish junk files ([6e98c1a](https://github.com/panva/jose/commit/6e98c1a5f994224b9412fc47c4065b468c89fe2c))
|
73 |
|
74 |
|
75 |
|
76 | ## [1.25.1](https://github.com/panva/jose/compare/v1.25.0...v1.25.1) (2020-04-15)
|
77 |
|
78 |
|
79 | ### Bug Fixes
|
80 |
|
81 | * use native openssl AES Key Wrap 🤦 ([dcf8d75](https://github.com/panva/jose/commit/dcf8d75a8aca4f05fe04df64fdd2ba50bbc75bc9))
|
82 |
|
83 |
|
84 |
|
85 | # [1.25.0](https://github.com/panva/jose/compare/v1.24.1...v1.25.0) (2020-03-11)
|
86 |
|
87 |
|
88 | ### Features
|
89 |
|
90 | * update JWT Profile for OAuth 2.0 Access Tokens to latest draft ([bc77a15](https://github.com/panva/jose/commit/bc77a15fab10f8a29561ef667a923b2f074fa9b3))
|
91 |
|
92 |
|
93 |
|
94 | ## [1.24.1](https://github.com/panva/jose/compare/v1.24.0...v1.24.1) (2020-03-05)
|
95 |
|
96 |
|
97 | ### Bug Fixes
|
98 |
|
99 | * allow importing simpler passphrases as `oct` keys ([f86bda3](https://github.com/panva/jose/commit/f86bda3bb709f29e4264fb8de45242f518128744))
|
100 |
|
101 |
|
102 |
|
103 | # [1.24.0](https://github.com/panva/jose/compare/v1.23.0...v1.24.0) (2020-02-25)
|
104 |
|
105 |
|
106 | ### Features
|
107 |
|
108 | * add JWT.verify "typ" option for checking JWT Type Header parameter ([fc08426](https://github.com/panva/jose/commit/fc08426466233709b442ba21232768ddeeb94e56))
|
109 |
|
110 |
|
111 |
|
112 | # [1.23.0](https://github.com/panva/jose/compare/v1.22.2...v1.23.0) (2020-02-18)
|
113 |
|
114 |
|
115 | ### Bug Fixes
|
116 |
|
117 | * **typescript:** add optional JWK.Key props and make them readonly ([b92079c](https://github.com/panva/jose/commit/b92079cb64216b8ea91082adc07ac03972dbbb0e)), closes [#67](https://github.com/panva/jose/issues/67)
|
118 |
|
119 |
|
120 | ### Features
|
121 |
|
122 | * add ECDH-ES with X25519 and X448 OKP keys ([38369ea](https://github.com/panva/jose/commit/38369ea3d72812abe7ecebd6dc7da164b0a2e29d))
|
123 | * add RSA-OAEP-384 and RSA-OAEP-512 JWE Key Management Algorithms ([7477f08](https://github.com/panva/jose/commit/7477f0831b38765a9a916b35b1d40aaf11f0e6b8))
|
124 |
|
125 |
|
126 |
|
127 | ## [1.22.2](https://github.com/panva/jose/compare/v1.22.1...v1.22.2) (2020-02-06)
|
128 |
|
129 |
|
130 | ### Performance Improvements
|
131 |
|
132 | * various codepaths refactored ([3e3d7dd](https://github.com/panva/jose/commit/3e3d7dd38168159e188e54c48a9f83e3a02a8fe1))
|
133 |
|
134 |
|
135 |
|
136 | ## [1.22.1](https://github.com/panva/jose/compare/v1.22.0...v1.22.1) (2020-02-03)
|
137 |
|
138 |
|
139 | ### Bug Fixes
|
140 |
|
141 | * actually remove the base64url proper encoding check ([eae01b5](https://github.com/panva/jose/commit/eae01b57ab9f33e8c621ffcd2a77d513a51d22b2))
|
142 |
|
143 |
|
144 |
|
145 | # [1.22.0](https://github.com/panva/jose/compare/v1.21.1...v1.22.0) (2020-01-29)
|
146 |
|
147 |
|
148 | ### Features
|
149 |
|
150 | * keystore filtering by JWK Key thumbprint ([a9f6f71](https://github.com/panva/jose/commit/a9f6f7135005d6231d6f42d95c02414139a89d17))
|
151 |
|
152 |
|
153 | ### Performance Improvements
|
154 |
|
155 | * base64url decode, JWT.verify, JWK.Key instance re-use ([470b4c7](https://github.com/panva/jose/commit/470b4c73154e1fcf8b92726d521940e5e11c9d94))
|
156 |
|
157 |
|
158 |
|
159 | ## [1.21.1](https://github.com/panva/jose/compare/v1.21.0...v1.21.1) (2020-01-25)
|
160 |
|
161 |
|
162 | ### Bug Fixes
|
163 |
|
164 | * contactKDF iteration count fixed for key sizes larger than 256 bits ([70ff222](https://github.com/panva/jose/commit/70ff22227ad303e57228dc8351688531499a833a))
|
165 |
|
166 |
|
167 |
|
168 | # [1.21.0](https://github.com/panva/jose/compare/v1.20.0...v1.21.0) (2020-01-23)
|
169 |
|
170 |
|
171 | ### Bug Fixes
|
172 |
|
173 | * **typescript:** don't expose non existant classes, fix decode key ([0f8bf88](https://github.com/panva/jose/commit/0f8bf886da1b5d02cd0d968d0ec02a58673df258))
|
174 |
|
175 |
|
176 | ### Features
|
177 |
|
178 | * add opt-in support for Unsecured JWS algorithm "none" ([3a6d17f](https://github.com/panva/jose/commit/3a6d17fdd18d8bbd074c07c2dd08f0406c16a8f1))
|
179 |
|
180 |
|
181 |
|
182 | # [1.20.0](https://github.com/panva/jose/compare/v1.19.0...v1.20.0) (2020-01-16)
|
183 |
|
184 |
|
185 | ### Features
|
186 |
|
187 | * add JWTExpired error and JWTClaimInvalid claim and reason props ([a0c0c7a](https://github.com/panva/jose/commit/a0c0c7ad70f42d9b23b3e71de43599a8ac6fe1ff)), closes [#62](https://github.com/panva/jose/issues/62)
|
188 |
|
189 |
|
190 |
|
191 | # [1.19.0](https://github.com/panva/jose/compare/v1.18.2...v1.19.0) (2020-01-13)
|
192 |
|
193 |
|
194 | ### Features
|
195 |
|
196 | * exposed shorthands for JWT verification profiles ([b1864e3](https://github.com/panva/jose/commit/b1864e319d1a7a42eadfa0c4b0145952e7814726))
|
197 |
|
198 |
|
199 |
|
200 | ## [1.18.2](https://github.com/panva/jose/compare/v1.18.1...v1.18.2) (2020-01-08)
|
201 |
|
202 |
|
203 | ### Bug Fixes
|
204 |
|
205 | * ensure asn1.js version to remove Buffer deprecation notice ([13b1106](https://github.com/panva/jose/commit/13b1106048fdeae00b09d54f05245dded85b14a7))
|
206 | * expose JOSENotSupported key import errors on unsupported runtimes ([bc81e5d](https://github.com/panva/jose/commit/bc81e5dec2987f6ce6dc3fa5daa23dfe620c0a34))
|
207 | * typo in JOSENotSupported error when x509 certs are not supported ([bb58c9c](https://github.com/panva/jose/commit/bb58c9ce52e807ca4cfad6bcbf1ab96b91778b1f))
|
208 |
|
209 |
|
210 |
|
211 | ## [1.18.1](https://github.com/panva/jose/compare/v1.18.0...v1.18.1) (2020-01-01)
|
212 |
|
213 |
|
214 | ### Bug Fixes
|
215 |
|
216 | * force iat past check when maxTokenAge option is used + JWT refactor ([828ad5a](https://github.com/panva/jose/commit/828ad5a33dc0cc0049923b69f43f97463295456e))
|
217 |
|
218 |
|
219 |
|
220 | # [1.18.0](https://github.com/panva/jose/compare/v1.17.2...v1.18.0) (2019-12-31)
|
221 |
|
222 |
|
223 | ### Features
|
224 |
|
225 | * add JWT validation profiles for Access Tokens and Logout Tokens ([7bb5c95](https://github.com/panva/jose/commit/7bb5c953a9c6d9bd915e8ebc0608bc0649427745))
|
226 |
|
227 |
|
228 |
|
229 | ## [1.17.2](https://github.com/panva/jose/compare/v1.17.1...v1.17.2) (2019-12-17)
|
230 |
|
231 |
|
232 | ### Bug Fixes
|
233 |
|
234 | * skip validating iat is in the past when exp is present ([0ed5025](https://github.com/panva/jose/commit/0ed5025de30a754de95ae2587ce0f4573909b006))
|
235 |
|
236 |
|
237 |
|
238 | ## [1.17.1](https://github.com/panva/jose/compare/v1.17.0...v1.17.1) (2019-12-10)
|
239 |
|
240 |
|
241 | ### Bug Fixes
|
242 |
|
243 | * properly fail to import unsupported openssh keys ([bee5744](https://github.com/panva/jose/commit/bee574457f29597ccab09d51ac61b85dd7a7146a))
|
244 |
|
245 |
|
246 |
|
247 | # [1.17.0](https://github.com/panva/jose/compare/v1.16.2...v1.17.0) (2019-12-10)
|
248 |
|
249 |
|
250 | ### Features
|
251 |
|
252 | * importing a certificate populates x5c and x5t thumbprints ([25a7a71](https://github.com/panva/jose/commit/25a7a71915c4f7514536cec9e7e162d0ad3b670c)), closes [#59](https://github.com/panva/jose/issues/59)
|
253 |
|
254 |
|
255 |
|
256 | ## [1.16.2](https://github.com/panva/jose/compare/v1.16.1...v1.16.2) (2019-12-05)
|
257 |
|
258 |
|
259 | ### Bug Fixes
|
260 |
|
261 | * handle Unencoded Payload (b64:false) with arbitrary buffer payloads ([daabedc](https://github.com/panva/jose/commit/daabedc776617f4fde427b3a5e79d8c176293132)), closes [#57](https://github.com/panva/jose/issues/57)
|
262 |
|
263 |
|
264 |
|
265 | ## [1.16.1](https://github.com/panva/jose/compare/v1.16.0...v1.16.1) (2019-12-05)
|
266 |
|
267 |
|
268 | ### Bug Fixes
|
269 |
|
270 | * allow PBES2 for the correct JWK `use` values ([f0d7194](https://github.com/panva/jose/commit/f0d719416ec9ca041ea88b8a983b5d899a6aa107))
|
271 |
|
272 |
|
273 |
|
274 | # [1.16.0](https://github.com/panva/jose/compare/v1.15.1...v1.16.0) (2019-12-04)
|
275 |
|
276 |
|
277 | ### Features
|
278 |
|
279 | * two official jose plugins/extensions for those living on the edge ([5b27c97](https://github.com/panva/jose/commit/5b27c97ac8836ffa9f3880e009c8db5afbfbaa2c)), closes [#56](https://github.com/panva/jose/issues/56)
|
280 |
|
281 |
|
282 |
|
283 | ## [1.15.1](https://github.com/panva/jose/compare/v1.15.0...v1.15.1) (2019-11-30)
|
284 |
|
285 |
|
286 | ### Bug Fixes
|
287 |
|
288 | * **typescript:** export Key Input types ([0277fcd](https://github.com/panva/jose/commit/0277fcd1896af497e79190212b0719f7e62366c1))
|
289 |
|
290 |
|
291 |
|
292 | # [1.15.0](https://github.com/panva/jose/compare/v1.14.0...v1.15.0) (2019-11-27)
|
293 |
|
294 |
|
295 | ### Bug Fixes
|
296 |
|
297 | * default JWT.sign `kid` option value is false for HMAC signatures ([ce77388](https://github.com/panva/jose/commit/ce7738825403f8cdb8f99cb51c096baf0dfa3af7))
|
298 |
|
299 |
|
300 | ### Features
|
301 |
|
302 | * allow JWK.asKey inputs for sign/verify/encrypt/decrypt operations ([5e1009a](https://github.com/panva/jose/commit/5e1009a63e4bc829009cc46d6295c00f8431024c))
|
303 |
|
304 |
|
305 |
|
306 | # [1.14.0](https://github.com/panva/jose/compare/v1.13.0...v1.14.0) (2019-11-26)
|
307 |
|
308 |
|
309 | ### Features
|
310 |
|
311 | * allow JWKS.KeyStore .all and .get to filter for key curves ([ea60338](https://github.com/panva/jose/commit/ea60338ca6f58f2626992a38da76812477ce4540))
|
312 |
|
313 |
|
314 |
|
315 | # [1.13.0](https://github.com/panva/jose/compare/v1.12.1...v1.13.0) (2019-11-23)
|
316 |
|
317 |
|
318 | ### Features
|
319 |
|
320 | * return the CEK from JWE.decrypt operation with { complete: true } ([c3eb845](https://github.com/panva/jose/commit/c3eb8450b98b2f5ecc127d69afe85a7ae2cc5aaa))
|
321 |
|
322 |
|
323 |
|
324 | ## [1.12.1](https://github.com/panva/jose/compare/v1.12.0...v1.12.1) (2019-11-14)
|
325 |
|
326 |
|
327 |
|
328 | # [1.12.0](https://github.com/panva/jose/compare/v1.11.0...v1.12.0) (2019-11-05)
|
329 |
|
330 |
|
331 | ### Features
|
332 |
|
333 | * add JWS.verify encoding and parsing options ([6bb66d4](https://github.com/panva/jose/commit/6bb66d4f0b4c96f2da8ac5f14fda6bc4f53f2994))
|
334 |
|
335 |
|
336 |
|
337 | # [1.11.0](https://github.com/panva/jose/compare/v1.10.2...v1.11.0) (2019-11-03)
|
338 |
|
339 |
|
340 | ### Features
|
341 |
|
342 | * expose crypto.KeyObject instances in supported runtimes ([8ea9683](https://github.com/panva/jose/commit/8ea968312e97ed0f992fab909a20e7993159ec45))
|
343 |
|
344 |
|
345 |
|
346 | ## [1.10.2](https://github.com/panva/jose/compare/v1.10.1...v1.10.2) (2019-10-29)
|
347 |
|
348 |
|
349 | ### Bug Fixes
|
350 |
|
351 | * only use secp256k1 keys for signing/verification ([9588223](https://github.com/panva/jose/commit/95882232d6d409a321b6a8c168f5b78ebbdabf95))
|
352 |
|
353 |
|
354 |
|
355 | ## [1.10.1](https://github.com/panva/jose/compare/v1.10.0...v1.10.1) (2019-10-04)
|
356 |
|
357 |
|
358 | ### Bug Fixes
|
359 |
|
360 | * throw proper error when runtime doesn't support OKP ([0a16efb](https://github.com/panva/jose/commit/0a16efb)), closes [#48](https://github.com/panva/jose/issues/48)
|
361 |
|
362 |
|
363 |
|
364 | # [1.10.0](https://github.com/panva/jose/compare/v1.9.2...v1.10.0) (2019-10-01)
|
365 |
|
366 |
|
367 | ### Features
|
368 |
|
369 | * rename package ([26f4cf2](https://github.com/panva/jose/commit/26f4cf2))
|
370 |
|
371 |
|
372 |
|
373 | ## [1.9.2](https://github.com/panva/jose/compare/v1.9.1...v1.9.2) (2019-09-16)
|
374 |
|
375 |
|
376 | ### Bug Fixes
|
377 |
|
378 | * keystore.toJWKS(true) does not throw on public keys ([81abdfa](https://github.com/panva/jose/commit/81abdfa)), closes [#42](https://github.com/panva/jose/issues/42)
|
379 |
|
380 |
|
381 |
|
382 | ## [1.9.1](https://github.com/panva/jose/compare/v1.9.0...v1.9.1) (2019-09-10)
|
383 |
|
384 |
|
385 |
|
386 | # [1.9.0](https://github.com/panva/jose/compare/v1.8.0...v1.9.0) (2019-08-24)
|
387 |
|
388 |
|
389 | ### Features
|
390 |
|
391 | * allow JWKS.asKeyStore to swallow errors ([78398d3](https://github.com/panva/jose/commit/78398d3))
|
392 |
|
393 |
|
394 |
|
395 | # [1.8.0](https://github.com/panva/jose/compare/v1.7.0...v1.8.0) (2019-08-22)
|
396 |
|
397 |
|
398 | ### Features
|
399 |
|
400 | * added Node.js lts/dubnium support for runtime supported features ([67a8601](https://github.com/panva/jose/commit/67a8601))
|
401 |
|
402 |
|
403 |
|
404 | # [1.7.0](https://github.com/panva/jose/compare/v1.6.1...v1.7.0) (2019-08-20)
|
405 |
|
406 |
|
407 | ### Features
|
408 |
|
409 | * add RSA-OAEP-256 support (when a node version supports it) ([28d7cf8](https://github.com/panva/jose/commit/28d7cf8)), closes [#29](https://github.com/panva/jose/issues/29)
|
410 |
|
411 |
|
412 |
|
413 | ## [1.6.1](https://github.com/panva/jose/compare/v1.6.0...v1.6.1) (2019-07-29)
|
414 |
|
415 |
|
416 | ### Bug Fixes
|
417 |
|
418 | * properly pad calculated RSA primes ([dd121ce](https://github.com/panva/jose/commit/dd121ce))
|
419 |
|
420 |
|
421 |
|
422 | # [1.6.0](https://github.com/panva/jose/compare/v1.5.2...v1.6.0) (2019-07-27)
|
423 |
|
424 |
|
425 | ### Bug Fixes
|
426 |
|
427 | * use the correct ECPrivateKey version when importing EC JWK ([24acd20](https://github.com/panva/jose/commit/24acd20))
|
428 |
|
429 |
|
430 | ### Features
|
431 |
|
432 | * electron v6.x support ([e7ad82c](https://github.com/panva/jose/commit/e7ad82c))
|
433 |
|
434 |
|
435 |
|
436 | ## [1.5.2](https://github.com/panva/jose/compare/v1.5.1...v1.5.2) (2019-07-27)
|
437 |
|
438 |
|
439 | ### Bug Fixes
|
440 |
|
441 | * importing x5c in electron requires the input split ([181fd09](https://github.com/panva/jose/commit/181fd09))
|
442 |
|
443 |
|
444 |
|
445 | ## [1.5.1](https://github.com/panva/jose/compare/v1.5.0...v1.5.1) (2019-07-27)
|
446 |
|
447 |
|
448 | ### Bug Fixes
|
449 |
|
450 | * correctly pad integers when importing RSA JWK ([1dc7f35](https://github.com/panva/jose/commit/1dc7f35))
|
451 |
|
452 |
|
453 |
|
454 | # [1.5.0](https://github.com/panva/jose/compare/v1.4.1...v1.5.0) (2019-07-23)
|
455 |
|
456 |
|
457 | ### Features
|
458 |
|
459 | * validate JWTs according to a JWT profile - ID Token ([6c98b61](https://github.com/panva/jose/commit/6c98b61))
|
460 |
|
461 |
|
462 |
|
463 | ## [1.4.1](https://github.com/panva/jose/compare/v1.4.0...v1.4.1) (2019-07-14)
|
464 |
|
465 |
|
466 | ### Bug Fixes
|
467 |
|
468 | * honour the JWT.sign `jti` option ([36c9ce2](https://github.com/panva/jose/commit/36c9ce2)), closes [#33](https://github.com/panva/jose/issues/33)
|
469 |
|
470 |
|
471 |
|
472 | # [1.4.0](https://github.com/panva/jose/compare/v1.3.0...v1.4.0) (2019-07-08)
|
473 |
|
474 |
|
475 | ### Features
|
476 |
|
477 | * add secp256k1 EC Key curve and ES256K ([211d7af](https://github.com/panva/jose/commit/211d7af))
|
478 |
|
479 |
|
480 |
|
481 | # [1.3.0](https://github.com/panva/jose/compare/v1.0.2...c51dc28) (2019-06-21)
|
482 |
|
483 |
|
484 | ### Features
|
485 |
|
486 | * compute private RSA key p, q, dp, dq, qi when omitted ([6e3d6fd](https://github.com/panva/jose/commit/6e3d6fd)), closes [#26](https://github.com/panva/jose/issues/26)
|
487 | * add support for JWK x5c, x5t and x5t#S256 ([9d46c48](https://github.com/panva/jose/commit/9d46c48))
|
488 | * instances of JWKS.KeyStore are now iterable (e.g. for ... of) ([2eae293](https://github.com/panva/jose/commit/2eae293))
|
489 |
|
490 | ### Bug Fixes
|
491 |
|
492 | * limit calculation of missing RSA private components ([5b53cb0](https://github.com/panva/jose/commit/5b53cb0))
|
493 | * reject rsa keys without all factors and exponents with a specific message ([b0ff436](https://github.com/panva/jose/commit/b0ff436))
|
494 |
|
495 | ### Deprecations
|
496 |
|
497 | - this deprecates the use of `JWK.importKey` in favor of
|
498 | `JWK.asKey`
|
499 | - this deprecates the use of `JWKS.KeyStore.fromJWKS` in favor of
|
500 | `JWKS.asKeyStore`
|
501 |
|
502 | Both `JWK.importKey` and `JWKS.KeyStore.fromJWKS` could have resulted
|
503 | in the process getting blocked when large bitsize RSA private keys
|
504 | were missing their components and could also result in an endless
|
505 | calculation loop when the private key's private exponent was outright
|
506 | invalid or tampered with.
|
507 |
|
508 | The new methods still allow to import private RSA keys with these
|
509 | optimization key parameters missing but it is disabled by default and one
|
510 | should choose to enable it when working with keys from trusted sources
|
511 |
|
512 | It is recommended not to use `jose` versions with this feature in
|
513 | its original on-by-default form - v1.1.0 and v1.2.0
|
514 |
|
515 |
|
516 |
|
517 | ## [1.0.2](https://github.com/panva/jose/compare/v1.0.1...v1.0.2) (2019-05-13)
|
518 |
|
519 |
|
520 | ### Bug Fixes
|
521 |
|
522 | * add missing keystore.toJWKS() .d.ts definition ([c7a8606](https://github.com/panva/jose/commit/c7a8606)), closes [#25](https://github.com/panva/jose/issues/25)
|
523 |
|
524 |
|
525 |
|
526 | ## [1.0.1](https://github.com/panva/jose/compare/v1.0.0...v1.0.1) (2019-04-27)
|
527 |
|
528 |
|
529 | ### Bug Fixes
|
530 |
|
531 | * oct key ts "k" type fix ([0750d2c](https://github.com/panva/jose/commit/0750d2c))
|
532 |
|
533 |
|
534 |
|
535 | <a name="1.0.0"></a>
|
536 | # [1.0.0](https://github.com/panva/jose/compare/v0.12.0...v1.0.0) (2019-04-23)
|
537 |
|
538 |
|
539 | ### Bug Fixes
|
540 |
|
541 | * fail to import invalid PEM formatted strings and buffers ([857dc2b](https://github.com/panva/jose/commit/857dc2b))
|
542 |
|
543 |
|
544 | ### Features
|
545 |
|
546 | * add JWK key_ops support, fix .algorithms() op returns ([23b874c](https://github.com/panva/jose/commit/23b874c))
|
547 | * add key.toPEM() export function with optional encryption ([1159b0d](https://github.com/panva/jose/commit/1159b0d))
|
548 | * add OKP Key and EdDSA sign/verify support ([2dbd3ed](https://github.com/panva/jose/commit/2dbd3ed)), closes [#12](https://github.com/panva/jose/issues/12)
|
549 |
|
550 |
|
551 | ### BREAKING CHANGES
|
552 |
|
553 | * key.algorithms(op) un+wrapKey was split into correct
|
554 | wrapKey/unwrapKey/deriveKey returns
|
555 | * keystore.all and keystore.get `operation` option was
|
556 | removed, `key_ops: string[]` supersedes it
|
557 | * Node.js minimal version is now v12.0.0 due to its
|
558 | added EdDSA support (crypto.sign, crypto.verify and eddsa key objects)
|
559 |
|
560 |
|
561 |
|
562 | <a name="0.12.0"></a>
|
563 | # [0.12.0](https://github.com/panva/jose/compare/v0.11.5...v0.12.0) (2019-04-07)
|
564 |
|
565 |
|
566 | ### Reverts
|
567 |
|
568 | * add EC P-256K JWK and ES256K sign/verify support ([e21fea1](https://github.com/panva/jose/commit/e21fea1))
|
569 |
|
570 |
|
571 | ### BREAKING CHANGES
|
572 |
|
573 | * removing ES256K alg and EC P-256K crv support until the
|
574 | IETF WG decides on what the final names will be.
|
575 |
|
576 |
|
577 |
|
578 | <a name="0.11.5"></a>
|
579 | ## [0.11.5](https://github.com/panva/jose/compare/v0.11.4...v0.11.5) (2019-04-04)
|
580 |
|
581 |
|
582 | ### Features
|
583 |
|
584 | * add key.secret<boolean> and key.type<string> for completeness ([2dd7053](https://github.com/panva/jose/commit/2dd7053))
|
585 | * add key.thumbprint always returning the JWK Thumbprint (RFC7638) ([65db7e0](https://github.com/panva/jose/commit/65db7e0))
|
586 |
|
587 |
|
588 |
|
589 | <a name="0.11.4"></a>
|
590 | ## [0.11.4](https://github.com/panva/jose/compare/v0.11.3...v0.11.4) (2019-03-28)
|
591 |
|
592 |
|
593 | ### Bug Fixes
|
594 |
|
595 | * properly restrict EC curves in generate(Sync) ([764b863](https://github.com/panva/jose/commit/764b863))
|
596 | * remove unintended exposure of private material via enumerables ([946d9df](https://github.com/panva/jose/commit/946d9df))
|
597 |
|
598 |
|
599 |
|
600 | <a name="0.11.3"></a>
|
601 | ## [0.11.3](https://github.com/panva/jose/compare/v0.11.2...v0.11.3) (2019-03-27)
|
602 |
|
603 |
|
604 | ### Bug Fixes
|
605 |
|
606 | * throw on unsupported EC curves ([cfa4222](https://github.com/panva/jose/commit/cfa4222))
|
607 |
|
608 |
|
609 | ### Features
|
610 |
|
611 | * add EC P-256K JWK and ES256K sign/verify support ([2e33e1c](https://github.com/panva/jose/commit/2e33e1c))
|
612 |
|
613 |
|
614 |
|
615 | <a name="0.11.2"></a>
|
616 | ## [0.11.2](https://github.com/panva/jose/compare/v0.11.1...v0.11.2) (2019-03-19)
|
617 |
|
618 |
|
619 | ### Bug Fixes
|
620 |
|
621 | * internal symbol method is now really a symbol ([925d47c](https://github.com/panva/jose/commit/925d47c))
|
622 | * key.toJWK() fixed on windows ([57f1692](https://github.com/panva/jose/commit/57f1692)), closes [#17](https://github.com/panva/jose/issues/17)
|
623 |
|
624 |
|
625 | ## [0.11.1](https://github.com/panva/jose/compare/v0.11.0...v0.11.1) (2019-03-17)
|
626 |
|
627 |
|
628 | ### Bug Fixes
|
629 |
|
630 | * restrict RS key algorithms by the key's bit size ([9af295b](https://github.com/panva/jose/commit/9af295b))
|
631 |
|
632 |
|
633 | # [0.11.0](https://github.com/panva/jose/compare/v0.10.0...v0.11.0) (2019-03-16)
|
634 |
|
635 |
|
636 | ### Bug Fixes
|
637 |
|
638 | * all JWA defined RSA operations require key of 2048 or more ([cc70c5d](https://github.com/panva/jose/commit/cc70c5d))
|
639 | * use correct salt length for RSASSA-PSS ([e936d54](https://github.com/panva/jose/commit/e936d54))
|
640 |
|
641 |
|
642 | ### BREAKING CHANGES
|
643 |
|
644 | * all [JWA](https://tools.ietf.org/html/rfc7518) defined
|
645 | RSA based operations require key size of 2048 bits or more.
|
646 |
|
647 |
|
648 |
|
649 | # [0.10.0](https://github.com/panva/jose/compare/v0.9.2...v0.10.0) (2019-03-12)
|
650 |
|
651 |
|
652 | ### Bug Fixes
|
653 |
|
654 | * do not list "dir" under wrap/unwrapKey operations ([17b37d3](https://github.com/panva/jose/commit/17b37d3))
|
655 |
|
656 |
|
657 | ### Features
|
658 |
|
659 | * keystore .all and .get operation option ([d349ba9](https://github.com/panva/jose/commit/d349ba9))
|
660 |
|
661 |
|
662 | ### BREAKING CHANGES
|
663 |
|
664 | * "dir" is no longer returned as wrap/unwrapKey key
|
665 | operation
|
666 |
|
667 |
|
668 |
|
669 | ## [0.9.2](https://github.com/panva/jose/compare/v0.9.1...v0.9.2) (2019-03-05)
|
670 |
|
671 |
|
672 | ### Bug Fixes
|
673 |
|
674 | * "dir" is only available on keys with correct lengths ([6854860](https://github.com/panva/jose/commit/6854860))
|
675 | * do not 'in' operator when importing keys as string ([be3f4e4](https://github.com/panva/jose/commit/be3f4e4))
|
676 |
|
677 |
|
678 |
|
679 | ## [0.9.1](https://github.com/panva/jose/compare/v0.9.0...v0.9.1) (2019-03-02)
|
680 |
|
681 |
|
682 | ### Bug Fixes
|
683 |
|
684 | * only import RSA, EC and oct successfully ([e5e02fc](https://github.com/panva/jose/commit/e5e02fc))
|
685 |
|
686 |
|
687 | # 0.9.0 (2019-03-02)
|
688 |
|
689 | Initial release
|
690 |
|
691 | ### Implemented Features
|
692 |
|
693 | - JSON Web Signature (JWS) - [RFC7515][spec-jws]
|
694 | - JSON Web Encryption (JWE) - [RFC7516][spec-jwe]
|
695 | - JSON Web Key (JWK) - [RFC7517][spec-jwk]
|
696 | - JSON Web Algorithms (JWA) - [RFC7518][spec-jwa]
|
697 | - JSON Web Token (JWT) - [RFC7519][spec-jwt]
|
698 | - JSON Web Key (JWK) Thumbprint - [RFC7638][spec-thumbprint]
|
699 | - JWS Unencoded Payload Option - [RFC7797][spec-b64]
|
700 |
|
701 | | JWK Key Types | Supported ||
|
702 | | -- | -- | -- |
|
703 | | RSA | ✓ | RSA |
|
704 | | Elliptic Curve | ✓ | EC |
|
705 | | Octet sequence | ✓ | oct |
|
706 |
|
707 | | Serialization | JWS Sign | JWS Verify | JWE Encrypt | JWE Decrypt |
|
708 | | -- | -- | -- | -- | -- |
|
709 | | Compact | ✓ | ✓ | ✓ | ✓ |
|
710 | | General JSON | ✓ | ✓ | ✓ | ✓ |
|
711 | | Flattened JSON | ✓ | ✓ | ✓ | ✓ |
|
712 |
|
713 | | JWS Algorithms | Supported ||
|
714 | | -- | -- | -- |
|
715 | | RSASSA-PKCS1-v1_5 | ✓ | RS256, RS384, RS512 |
|
716 | | RSASSA-PSS | ✓ | PS256, PS384, PS512 |
|
717 | | ECDSA | ✓ | ES256, ES384, ES512 |
|
718 | | HMAC with SHA-2 | ✓ | HS256, HS384, HS512 |
|
719 |
|
720 | | JWE Key Management Algorithms | Supported ||
|
721 | | -- | -- | -- |
|
722 | | AES | ✓ | A128KW, A192KW, A256KW |
|
723 | | AES GCM | ✓ | A128GCMKW, A192GCMKW, A256GCMKW |
|
724 | | Direct Key Agreement | ✓ | dir |
|
725 | | RSAES OAEP | ✓<sup>*</sup> | RSA-OAEP <sub>(<sup>*</sup>RSA-OAEP-256 is not supported due to its lack of support in Node.js)</sub> |
|
726 | | RSAES-PKCS1-v1_5 | ✓ | RSA1_5 |
|
727 | | PBES2 | ✓ | PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW |
|
728 | | ECDH-ES | ✓ | ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW |
|
729 |
|
730 | | JWE Content Encryption Algorithms | Supported ||
|
731 | | -- | -- | -- |
|
732 | | AES GCM | ✓ | A128GCM, A192GCM, A256GCM |
|
733 | | AES_CBC_HMAC_SHA2 | ✓ | A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 |
|
734 |
|
735 | [spec-b64]: https://tools.ietf.org/html/rfc7797
|
736 | [spec-jwa]: https://tools.ietf.org/html/rfc7518
|
737 | [spec-jwe]: https://tools.ietf.org/html/rfc7516
|
738 | [spec-jwk]: https://tools.ietf.org/html/rfc7517
|
739 | [spec-jws]: https://tools.ietf.org/html/rfc7515
|
740 | [spec-jwt]: https://tools.ietf.org/html/rfc7519
|
741 | [spec-thumbprint]: https://tools.ietf.org/html/rfc7638
|