Tags

v1.4.0.beta.11

v1.4.0.beta.10

v1.3.6

Release v1.3.6: Independent XOR (v9) with parallel KDF and progress improvements

v1.4.0.beta.9

Release v1.4.0.beta.9 - Test infrastructure improvements and cross-version compatibility

- Fixed 6 salt derivation test failures
- Completed Threefish-512/1024 cipher support
- Fixed BLAKE3 buffer sizing for backward compatibility
- Fixed metadata v7 schema compatibility with v1.3.4
- Resolved Scrypt bytearray conversion issues
- Enhanced debug logging for version-aware salt derivation
- Test suite: 1535 tests passing, 0 failures
- Format Version 9 security model validated across all KDF algorithms

v1.3.5

Release v1.3.5 - BLAKE3 Integration & Forward Compatibility

This release delivers critical bugfixes and forward compatibility with v1.4.x:

- Fixed BLAKE3 hash algorithm support with proper 32-byte key handling
- Implemented BLAKE3-aware buffer sizing (64-byte minimum) for deterministic KDF
- Enhanced BLAKE3 detection in both flat (v3) and nested (v4+) hash formats
- Zero-initialization for consistent keyed hashing
- No regression: BLAKE3 was not used in encryption before this bugfix

- Made 'mode' field optional in metadata v7 schema for v1.3.4 compatibility
- Fixed Scrypt bytearray to bytes conversion in salt derivation
- Resolved SecureBytes slice handling in XChaCha20 nonce operations

- Comprehensive build scripts for liboqs and liboqs-python dependencies
- scripts/build_local_deps.sh: Automated dependency building with version verification
- scripts/cleanup_liboqs.sh: Clean removal of locally built dependencies
- Environment variable support for custom installation paths

- Backported Flatpak build and publish jobs from v1.4.x
- Automated Flatpak packaging on release branches
- Separate clean build jobs for testing without cache
- Integration with Flatpak repository for distribution

- Enhanced BLAKE3 operation logging for troubleshooting

- Cross-version compatibility: Files encrypted with v1.3.5 are fully compatible with v1.4.x
- Maintains Format Version 7 secure chained salt derivation (from v1.3.4)

v1.3.5 includes the v1.3.4 critical security fix (CVSSv3 8.1 HIGH):
- Fixed predictable salt derivation vulnerability (CWE-330) in multi-round KDF
- Format Version 7 implements secure chained salt derivation

- Backward: Decrypts files from v1.3.0-1.3.4
- Forward: Compatible with v1.4.x releases
- Test suite: 960 tests passing, 0 failures

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

backup/pre-consolidation-1.3.4

backup/pre-consolidation-1.4.0

v1.4.0.beta.8

v1.3.4

Release v1.3.4 - Critical Security Fix

CVSSv3 8.1 (High): Fixed predictable salt derivation in multi-round KDF
CWE-330: Use of Insufficiently Random Values

This release implements Format Version 7 with secure chained salt derivation,
resolving a vulnerability where multi-round KDF operations used predictable
salts that could be precomputed from plaintext metadata.

Security Fix:
- Implemented secure chained salt derivation for all multi-round operations
- Each round now uses previous round output as salt (unpredictable chain)
- Affects: BLAKE2b, BLAKE3, SHAKE-256, Argon2, Scrypt, Balloon, PBKDF2, HKDF

Backward Compatibility:
- Full support for decrypting Format Versions 3-6
- Files encrypted with v1.3.4 require v1.3.4+ to decrypt

Additional Fixes:
- Fixed pytest-xdist enum serialization issues
- Updated keystore_wrapper.py for Format Version 7 support

Recommendation: Upgrade immediately and re-encrypt files with multi-round KDF.

All tests passing (960+)

v1.4.0.beta.7

Release v1.4.0.beta.7

Remote pepper plugin integration and integrity plugin improvements.

New Features:
- Remote pepper plugin with CLI and Flutter GUI support
- Auto-generate and named pepper modes
- Client-side AES-256-GCM pepper encryption with mTLS transport
- Combined HSM + remote pepper support

Bug Fixes:
- Fix integrity plugin 409 Conflict on re-encryption
- Fix pepper plugin auto-generate logic
- Fix YubiKey notification and integrity verification hang
- HSM plugin loading improvements

Testing:
- Added comprehensive unit tests for integrity plugin
- Verified pepper plugin encryption/decryption flow
- Tested combined pepper + integrity + HSM workflows

v1.4.0.beta.6

Release version 1.4.0 beta 6

- Homepage URL now points to releases/1.4.0 branch
- All project URLs consistently reference releases/1.4.0 branch
- Ready for PyPI deployment with correct metadata

v1.4.0.beta.5

Release version 1.4.0 beta 5

- Updated project URLs to point to GitHub repository
- Documentation and Source Code links reference releases/1.4.0 branch
- PyPI package metadata improvements

v1.4.0.beta.4

Release version 1.4.0 beta 4

- Enhanced liboqs detection with fallback paths
- Interactive build script with shell profile configuration
- Comprehensive INSTALLATION.md with 4 installation methods
- Integrated Flatpak documentation
- Fixed command syntax and Markdown formatting

v1.4.0.beta.2

feat: Complete v1.4.0 GUI implementation with plugin system improvements

This merge brings all feature/v1.4.0-development changes into the release branch,
completing the desktop GUI implementation with enhanced security and usability.

- Refined security policy to allow legitimate file and network operations
- Allowed open() for file I/O (controlled by sandbox allowed_paths)
- Allowed os and socket modules for legitimate operations
- Maintained blocks on dangerous functions (os.system, os.popen, subprocess)
- Removed built-in plugin whitelist for consistent validation
- All plugins now validated through AST analysis, even trusted built-in ones
- Added comprehensive unit tests for policy validation

**Files:**
- openssl_encrypt/modules/plugin_system/plugin_ast_analyzer.py
- openssl_encrypt/unittests/test_plugin_ast_analyzer.py

- Added YubiKey Challenge-Response HSM support to all encryption tabs
- Implemented FIDO2 HSM credential management screen
- Added slot selection and credential management UI
- Integrated HSM operations with CLI service

- Implemented Keyserver network plugin configuration
- Added Remote Pepper plugin with mTLS and 2FA support
- Integrated Integrity plugin with file verification across all tabs
- Added network plugin management in Settings screen

- Added Threefish-512 and Threefish-1024 algorithms
- Added support for file format versions 7 and 8
- Implemented cascade encryption mode with multiple algorithm layers
- Added asymmetric encryption UI with identity management

- Created dedicated Identity Management screen
- Added Ed25519 identity generation and import/export
- Integrated identity selection in encryption workflows
- Added CLI service methods for identity operations

- **Major Refactor:** Extracted EncryptTab and DecryptTab into separate files
- Created reusable CryptoWidgets module for shared components
- Implemented encryption mode selector (Symmetric/Asymmetric/Cascade)
- Added "Key Stretching" top-level section for Hash and KDF configuration
- Moved advanced crypto options out of "Advanced Options" for better visibility
- Streamlined Advanced Options to HSM, Integrity, and Force Overwrite only

- **Removed:** PBKDF2 (no longer supported)
- **Added 5 KDF panels with configuration:**
  * Argon2 - purple "MAX SECURITY" badge
  * Scrypt - orange "BALANCED" badge
  * HKDF - teal "EFFICIENT" badge
  * Balloon - pink "RESEARCH" badge
  * RandomX - purple "CPU-HARD" badge
- Created _buildKDFSlider() helper for consistent parameter controls
- Implemented _buildHashChainSection() and _buildKdfChainSection() helpers
- Added preset buttons for quick KDF configuration

- **Default encryption algorithm:** Changed from fernet to aes-gcm
- **Default hash:** SHA3-512 enabled with 100,000 rounds
- **Default KDF:** Argon2 enabled with secure parameters
- Users now get strong security settings out of the box

- **Green "RECOMMENDED" badges:**
  * aes-gcm (for general use)
  * threefish-512
  * ml-kem-768-hybrid (PQC)
- **Gray "LEGACY" badges:**
  * All Kyber algorithms (kyber512/768/1024-hybrid)
  * All legacy SHA hashes (SHA-1, SHA-224, SHA-256, SHA-384, SHA-512)
- **Orange "WARNING" badge:**
  * HQC algorithms with GitHub security advisory link
  * Warning: "Decryption issues in <1.3.0, theoretical flaws exist"
  * Link: https://github.com/open-quantum-safe/liboqs/security/advisories/GHSA-3rxw-4v8q-9gq5

- Updated aes-gcm: "Recommended for general use"
- Updated threefish-512: "Recommended"
- Updated fernet: Removed recommendation language
- Added explicit warnings to HQC algorithms with security advisory

- Separated encryption/decryption logic into dedicated tab files
- Extracted crypto widgets into reusable component library
- Added _isLegacySha() helper for reliable legacy SHA detection
- Improved maintainability with better separation of concerns
- Reduced main.dart from ~7000 lines to manageable size

**New Files:**
- desktop_gui/lib/tabs/encrypt_tab.dart (1111 lines)
- desktop_gui/lib/tabs/decrypt_tab.dart (365 lines)
- desktop_gui/lib/widgets/crypto_widgets.dart (649 lines)
- desktop_gui/lib/fido2_management_screen.dart
- desktop_gui/lib/identity_management_screen.dart

**Modified Files:**
- desktop_gui/lib/main.dart (-6979 lines through extraction)
- desktop_gui/lib/cli_service.dart
- desktop_gui/lib/file_manager.dart
- desktop_gui/lib/settings_screen.dart
- desktop_gui/lib/settings_service.dart
- openssl_encrypt/modules/plugin_system/plugin_ast_analyzer.py
- openssl_encrypt/unittests/test_plugin_ast_analyzer.py

**Statistics:**
- 22 commits merged
- 4 files changed in final GUI refactor
- +2,149 lines added
- -6,979 lines removed (code reorganization)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

v1.4.0-beta.1

**FEATURE COMPLETE BETA RELEASE**

This beta release is feature complete for v1.4.0. Only bugfixes will be added before the stable release.

---

- **FastAPI-based unified server** consolidating all server modules
- JWT-based authentication with refresh token support
- Modular architecture supporting Keyserver, Telemetry, Pepper, and Integrity modules
- PostgreSQL + asyncpg for production-grade database support
- Rate limiting on all endpoints (using slowapi)
- Comprehensive security logging system

- Public key distribution system with PQC algorithm support
- Email-based key lookup and registration
- Self-signature verification for key authenticity
- Certificate pinning support for MITM protection
- Plugin architecture for client integration
- 'register' command for CLI-based key registration

- Anonymous usage statistics collection
- Configurable retention policies (default: 365 days)
- Rate-limited event submission
- JWT-authenticated endpoints
- Client plugin for seamless integration

- Server-side password pepper storage with TOTP 2FA
- mTLS authentication support
- Proxy mode with client certificate validation
- Dead-man switch functionality
- TOTP rate limiting (5 attempts, 15-minute lockout)
- Client plugin for transparent integration

- Cryptographic metadata hash verification
- mTLS authentication support
- Tamper detection for encrypted files
- Client plugin for automatic verification
- Panic mode for secure deletion

- Hardware-backed pepper storage using FIDO2 devices
- WebAuthn PRF (Pseudo-Random Function) extension support
- User verification with PIN/biometrics
- Secure credential management

---

- **Fixed:** Symlink-based path traversal attacks
- **Solution:** Using `os.path.realpath()` to resolve symlinks
- **Impact:** Prevents plugins from accessing files outside whitelist
- **Files:** `plugin_sandbox.py`

- **Fixed:** Regex-based code validation easily bypassed
- **Solution:** Implemented AST-based code analysis
- **Impact:** Detects dangerous patterns via syntax tree analysis
- **Files:** `plugin_ast_analyzer.py` (new), `plugin_manager.py`

- **Fixed:** Plugins could import dangerous modules at runtime
- **Solution:** Installed import guards in `sys.meta_path`
- **Impact:** Blocks subprocess, socket, ctypes, etc. at import time
- **Files:** `plugin_sandbox.py`

- **Fixed:** Only `subprocess.Popen` was blocked
- **Solution:** Block `os.system`, `os.popen`, `os.spawn*` family
- **Impact:** Prevents all subprocess execution methods
- **Files:** `plugin_sandbox.py`

- **Fixed:** Capabilities could be modified after registration
- **Solution:** Made capabilities immutable using `frozenset`
- **Impact:** Prevents privilege escalation attacks
- **Files:** `plugin_manager.py`

- **Fixed:** No rate limiting on any endpoints
- **Solution:** Implemented slowapi rate limiter across all routes
- **Limits:**
  - Registration: 10/hour per IP
  - Search: 100/minute per IP
  - CRUD: 60/minute per client
  - Telemetry: 1000/hour per client
  - TOTP: 5/minute (then 15min lockout)
- **Files:** `server.py`, all `routes.py` files

- **Fixed:** 365-day token expiry too long
- **Solution:** Reduced to 1 hour with refresh tokens (7 days)
- **Impact:** Limits exposure window for compromised tokens
- **Files:** `config.py`, `core/auth/token.py`

- **Fixed:** Unlimited TOTP verification attempts
- **Solution:** 5 attempts per 5 minutes, then 15-minute lockout
- **Impact:** Prevents TOTP brute force attacks
- **Files:** `modules/pepper/totp.py`

- **Fixed:** Default trusted entire private networks
- **Solution:** Require explicit IP configuration, reject broad ranges
- **Impact:** Prevents IP spoofing attacks
- **Files:** `config.py`, `core/auth/proxy.py`

- **Fixed:** Security events mixed with app logs, no alerting
- **Solution:** Centralized security logger with structured output
- **Events:** Auth failures, rate limits, TOTP failures, panic events
- **Files:** `core/security_logger.py` (new)

- **Fixed:** No token refresh mechanism
- **Solution:** Sliding expiration refresh tokens
- **Impact:** Better UX with maintained security
- **Files:** `core/auth/token.py`

- **Fixed:** No certificate pinning for keyserver connections
- **Solution:** SHA-256 fingerprint validation
- **Impact:** Prevents MITM attacks on key distribution
- **Files:** `plugins/keyserver/keyserver_plugin.py`

- **Fixed:** Race condition in file/directory creation
- **Solution:** Atomic permission setting using umask
- **Permissions:** 0o700 for directories, 0o600 for files
- **Impact:** Prevents race-condition attacks
- **Files:** `plugin_config.py`

- **Fixed:** Default wildcard (*) CORS origin
- **Solution:** Disabled by default, explicit configuration required
- **Impact:** Prevents unauthorized cross-origin requests
- **Files:** `config.py`, `server.py`

- **Fixed:** No query timeout (DoS vulnerability)
- **Solution:** 30-second timeout at driver and server level
- **Impact:** Prevents resource exhaustion from slow queries
- **Files:** `core/database.py`, `config.py`

---

- **Security tests:** 66+ new tests for Phase 3 fixes
- **Path traversal tests:** Symlink attack validation
- **Import hook tests:** Runtime import blocking
- **AST analyzer tests:** Code pattern detection
- **TOTP rate limiting tests:** Lockout mechanism
- **JWT refresh tests:** Token rotation validation
- **Integration tests:** Complete server module testing

- **1,488 total tests** passing
- **11 new test files** added
- Comprehensive security violation demonstrations

---

- AST-based code validation (replaces regex)
- Import-level module blocking
- Capability-based permission system (immutable)
- Atomic file permission setting (TOCTOU fix)
- Enhanced path validation with symlink resolution

- Unified plugin config directories (`~/.openssl_encrypt/plugins/<plugin_id>/`)
- Secure permission enforcement (0o700/0o600)
- Per-plugin configuration isolation
- Schema validation support

- Proper security model for plugin file access
- Support for subdirectories and supporting files
- Whitelist-based access control
- Inference of code directory from actual file location

---

- Comprehensive plugin security documentation
- Server module integration guides
- mTLS authentication setup guides
- Client plugin usage documentation
- Security violation demonstrations
- Release notes and changelogs

- Documentation moved to `openssl_encrypt/docs/`
- Unified documentation format
- Extensive code examples

---

- Fixed cryptography import for certificate encoding
- Increased keyserver fingerprint column size to 100
- Implemented abstract methods for KeyserverPlugin
- Added explicit Hippocratic-3.0 license references
- Fixed relative imports in plugins

- Fixed permission recovery for existing directories
- Support for custom config directories in FIDO2 plugin
- Fixed import resolution for package-based plugins
- Enhanced plugin whitelist handling

- Fixed datetime mocking in TOTP tests
- Fixed import hooks test API usage
- Removed hardcoded defaults from test scripts

---

- `slowapi` - Rate limiting middleware
- `asyncpg` - Async PostgreSQL driver
- `fastapi` - Modern web framework
- `sqlalchemy[asyncio]` - Async ORM
- `cryptography` - Certificate handling
- `pyjwt` - JWT token support
- `pyotp` - TOTP implementation

---

1. **JWT Tokens:** Existing tokens will expire after 1 hour (was 365 days)
2. **CORS:** Default changed from `*` to disabled - must configure explicitly
3. **Plugin Configs:** Directory structure unified under `~/.openssl_encrypt/plugins/`
4. **Server:** Unified server replaces separate module servers

1. Set `CORS_ORIGINS` if using web clients
2. Configure `TRUSTED_PROXY_IPS` for reverse proxy setups
3. Update JWT refresh token handling in clients
4. Configure database connection pool settings

1. Generate new JWT secrets (32+ characters)
2. Configure certificate pinning for keyserver
3. Set up security log monitoring
4. Review and configure rate limits
5. Enable TOTP for pepper module

---

- **191 commits** since v1.3.3
- **32 files changed** in final security merge
- **+5,479 lines added, -191 lines removed**
- **15 security vulnerabilities fixed**
- **66+ new security tests**
- **5 major modules added**
- **1,488 total tests passing**

---

This release represents a comprehensive security audit and remediation effort, with extensive testing and validation.

**Security Fixes:** All 15 critical and high-priority vulnerabilities identified in the security audit have been addressed with comprehensive test coverage.

**Feature Development:** The unified server architecture provides a robust foundation for secure multi-module operation with production-grade authentication and authorization.

---

- **Beta 1:** 2026-01-03 (Feature Complete)
- **RC 1:** TBD (After beta testing)
- **Stable:** TBD (After RC validation)

**Note:** This beta is feature complete. Only bugfixes will be added before the stable release.

---

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

v1.4.0-alpha.6

Release v1.4.0-alpha.6

This alpha release adds keyserver CLI functionality, comprehensive server integration tests, and critical database fixes.

- Added `openssl-encrypt keyserver register` command for obtaining API tokens
- Supports server URL override via --server flag
- Automatic token storage in plugin configuration
- User-friendly output with client ID and expiration details

- **CRITICAL**: Increased keyserver fingerprint column size from 64 to 100 characters
  - SHA-256 fingerprints with colons are 95 characters (e.g., 3a:4b:5c:...)
  - Previous 64-char limit caused upload failures
  - Affects both ks_keys.fingerprint and ks_access_log.key_fingerprint columns
- Migration scripts provided (SQL and Python) for existing deployments

- Implemented missing abstract methods in KeyserverPlugin (get_description, execute)
- Fixed incorrect import in keyserver CLI handler
- Resolved plugin instantiation errors

- Removed hardcoded server URL fallbacks from test scripts
- All test scripts now require proper configuration (CLI > env > config file)
- Consistent fail-secure behavior across all server tests

Added comprehensive test scripts for all server components:

1. **test_keyserver_complete.py** (301 lines)
   - Identity creation and bundle generation
   - Public key upload with signature verification
   - Search by email, fingerprint, and name
   - Cache functionality verification
   - Tests: 10/10 operations

2. **test_telemetry_complete.py** (386 lines)
   - JWT-based client registration
   - Batch event submission (encrypt/decrypt operations)
   - Public statistics aggregation
   - Success rate verification
   - Tests: 4/4 operations

3. **test_pepper_complete.py** (363 lines)
   - mTLS authentication with client certificates
   - Client profile management
   - Pepper CRUD operations (create, list, get, update, delete)
   - Tests: 6/6 operations

4. **test_integrity_complete.py** (406 lines)
   - mTLS authentication with client certificates
   - Metadata hash storage and verification
   - Hash CRUD operations
   - Verification count tracking
   - Tests: 7/7 operations

- Added migrations directory with README documentation
- SQL migration script: 001_increase_fingerprint_size.sql
- Python migration tool: 001_increase_fingerprint_size.py
- Idempotent migration design with verification steps

All test scripts use plugin configuration files:
- Keyserver: ~/.openssl_encrypt/plugins/keyserver/config.json
- Telemetry: ~/.openssl_encrypt/plugins/telemetry/config.json
- Pepper: ~/.openssl_encrypt/plugins/pepper/pepper.json
- Integrity: ~/.openssl_encrypt/plugins/integrity/integrity.json

- Nginx configured with `ssl_verify_client optional`
- Location-specific mTLS enforcement for pepper/integrity endpoints
- Public access for keyserver/telemetry endpoints
- Verified working with test suite

- 11 files changed, 1743 insertions(+), 3 deletions(-)
- 7 new files added (4 test scripts, 3 migration files)

If upgrading from previous alpha versions, run database migration:
```bash
python3 openssl_encrypt_server/migrations/001_increase_fingerprint_size.py
```

```bash
python3 scripts/test_keyserver_complete.py

python3 scripts/test_telemetry_complete.py --server https://your-server.com

python3 scripts/test_pepper_complete.py

python3 scripts/test_integrity_complete.py
```

None

---

Full changelog: v1.4.0-alpha.5...v1.4.0-alpha.6

v1.4.0-alpha.5

Release v1.4.0-alpha.5

- Integrity client plugin with mTLS authentication
- Raw certificate support for proxy mTLS (computes SHA-256 from Nginx cert)
- Test scripts load config from ~/.openssl_encrypt/plugins/
- Enhanced Nginx configuration examples for mTLS
- Both pepper and integrity plugins fully operational

🤖 Generated with Claude Code

v1.4.0-alpha.4

v1.4.0-alpha.3

Release v1.4.0-alpha.3: Unified Server with JWT Authentication

This alpha release introduces the unified server architecture with modular
design and JWT-based authentication.

Key Features:
- Unified FastAPI server combining keyserver and telemetry
- JWT authentication with module-specific token isolation
- Async PostgreSQL with SQLAlchemy
- Docker Compose deployment with PQC support
- Updated client libraries for JWT authentication
- Comprehensive test suite

Components:
- openssl_encrypt_server/: Production-ready unified server
- Keyserver module with PQC signature verification
- Telemetry module with privacy-first design
- Core auth infrastructure with TokenAuth base class

Security Enhancements:
- Token isolation via JWT issuer claims
- Server-generated client IDs (no tracking)
- TLS certificate validation enforced
- Secure token storage with 0600 permissions

This release lays the foundation for v1.4.0 with future modules
(Pepper, Integrity) planned for subsequent alpha releases.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

v1.4.0-alpha.2

Release v1.4.0-alpha.2

- Updated README with comprehensive v1.4.0 feature summary
- Cascade Encryption documentation
- Threefish Post-Quantum Ciphers
- Post-Quantum Keyserver infrastructure
- Privacy-Preserving Telemetry
- Identity-Based Asymmetric Encryption
- Algorithm Registry System
- HSM Integration improvements
- Security enhancements and SECURITY.md policy
- Performance and testing improvements