2.2.0 - Dependency and min OS version updates

What's Changed

• Update PotentCodables & build (raises min to macOS 11, iOS 14, tvOS 14, watchOS 7) by @kdubb in #43
• Remove support for md2, md4, md5 by @kdubb in #44
• Update publicKeyValidated to use modern API and support async/await by @kdubb in #45

Full Changelog: 2.1.3...2.2.0

2.1.3 - Fixes SubjectAltNames Varieties

What's Changed

• Fixes to GeneralNames, and dependent types, encoding/decoding by @kdubb in #38

Full Changelog: 2.1.2...2.1.3

2.1.2 - Package Cleanup

What's Changed

• API/Package cleanup by @kdubb in #33
• Ensure package depenedencies are explicit by @kdubb in #35

Full Changelog: 2.1.1...2.1.2

2.1.1 - Bug Fixes for ECDSA Signatures & CSR encoding

This release is a bug fix release.

Changes

• ECDSA signatures are now properly supported in AlgorithmIdentifier and can be used when signing CSRs and Certificates.
• CSR encoding no longer encodes an empty attributes array and instead skips encoding the attributes fields altogether.
• AuthorityKeyIdentifier now asserts that the serial number is non-negative.

2.1.0 - API & Dependency Cleanup

This release has a cleaned up API that removes force try/cast and more formally follows the Swift naming guidelines. Additionally dependencies that were not used directly have been removed from the packed. The code is now linted and both format & lint are enforced via CI.

Changes

• Force tries (aka try!) and force cast (aka as!) have been removed. When possible a Swift Error replaces them or a descriptive fatalError is used when error's could not be thrown.
• SecKeyError has been moved/renamed to SecKey.Error (similar to other types) and now reports OSStatus when available.
• A number of functions/properties that were named with uppercase letters have been deprecated in favor of similar functions with proper names.
• Package dependencies have been cleaned up.

2.0.0 - PotentCodables Update

Updated PotentCodables to the latest version (2.0.0) to bring in ASN.1 parsing fixes. Due to changes in the PotentASN1.AnyTime type, which is used in ShieldX509's API, a major version bump was required.

Breaking Changes

• TBSCertificate.Validity.notBefore & TBSCertificate.Validity.notAfter use the the AnyTime which has changed to use ZonedDate.
• Certificate.Builder.notBefore & Certificate.Builder.notAfter use the the AnyTime which has changed to use ZonedDate.

Modern Crypto APIs and Swift 5.5

This release switches ShieldCrypto to use Apple's modern crypto API's that work on all Apple platforms as well as updates dependencies to allow it to build with Swift 5.5.

Note: All the previous methods are cryptographically compatible with the current ones.

• Methods using older Crypto APIs were replaced with compatible modern ones
• New methods were added that allow using any of the modern API's supported algorithms
• SecKey.generate supports keys generated in a Secure Enclave
• Swift 5.5 support

EC Support

Adds support for EC key generation & sign/verify. Certificate & CSR builders also properly support EC keys as well.

API Enhancements

• Allow public label when calling SecKeyPair.generate(label:)
• Add extKeyUsage helpers to certificate & csr builders
• Support new platform EC types
• Remove code for unsupported minimum platforms

Tests:

• Ensure they cleanup generated keys & certs

Refine extensions

Extension Values

ExtensionValues now use protocols to mark criticality with CriticalExtensionValue & NonCriticalExtensionValue; regular ExtensionValues now require a criticality flag whenever used.

extKeyUsage support in builders

CertificateBuilder and CertificateRequestBuilder now support setting the extKeyUsage extension with extendedKeyUsage methods.