[Cryptography-dev] PyCA cryptography 3.0 released
Paul Kehrer
paul.l.kehrer at gmail.com
Mon Jul 20 18:40:00 EDT 2020
PyCA cryptography 3.0 has been released to PyPI. cryptography includes
both high level recipes and low level interfaces to common
cryptographic algorithms such as symmetric ciphers, asymmetric
algorithms, message digests, X509, key derivation functions, and much
more. We support Python 2.7, Python 3.5+, and PyPy.
Changelog (https://cryptography.io/en/latest/changelog/#v3-0):
* BACKWARDS INCOMPATIBLE: Removed support for passing an Extension
instance to from_issuer_subject_key_identifier(), as per our
deprecation policy.
* BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0
has been removed (2.9.1+ is still supported).
* BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.9, macOS users
must upgrade to 10.10 or newer.
* BACKWARDS INCOMPATIBLE: RSA generate_private_key() no longer accepts
public_exponent values except 65537 and 3 (the latter for legacy
purposes).
* BACKWARDS INCOMPATIBLE: X.509 certificate parsing now enforces that
the version field contains a valid value, rather than deferring this
check until version is accessed.
* Deprecated support for Python 2. At the time there is no time table
for actually dropping support, however we strongly encourage all users
to upgrade their Python, as Python 2 no longer receives support from
the Python core team.
* Added support for OpenSSH serialization format for ec, ed25519, rsa
and dsa private keys: load_ssh_private_key() for loading and OpenSSH
for writing.
* Added support for OpenSSH certificates to load_ssh_public_key().
* Added encrypt_at_time() and decrypt_at_time() to Fernet.
* Added support for the SubjectInformationAccess X.509 extension.
* Added support for parsing SignedCertificateTimestamps in OCSP responses.
* Added support for parsing attributes in certificate signing requests
viaget_attribute_for_oid().
* Added support for encoding attributes in certificate signing
requests via add_attribute().
* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL’s
built-in CSPRNG instead of its own OS random engine because these
versions of OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with
serialize_key_and_certificates().
-Paul Kehrer (reaperhulk)
More information about the Cryptography-dev
mailing list