Releases: Nitrokey/trussed-secrets-app
0.11.0 Password Safe and KeepassXC Support
Changelog
0.11.0 (2023-05-30)
Implemented enhancements:
- Add challenge-response support for KeepassXC #61
- Add Password Safe #60
- Extend compiler and clippy lints #39
- Extend Credential structure with Password Safe field #63 (szszszsz)
Closed issues:
- Use released version for trussed-auth #58
- Group attributes in Command::Credential per kind #66
- Add config option for the maximum number of credentials #62
- Finalize renaming to
secrets-app
#47 - Resetting strategy #43
Merged pull requests:
- Match trussed* dependencies to the used in NK3 v1.4.0 #80 (szszszsz)
- Ignore errors on factory reset, and start with the persistent storage #79 (szszszsz)
0.11.0-rc2 (2023-05-30)
Implemented enhancements:
- Reuse compliance #77
Closed issues:
- Migrate bit manipulation to bitflags crate #78
- Resetting strategy #43
- Use cfg switch for no-encryption feature #23
Merged pull requests:
- Replace feature with a config switch for the debug mode #84 (szszszsz)
- Migrate list properties byte to bitflags #82 (szszszsz)
- Add copyright and spdx identifiers #81 (szszszsz)
- Match trussed* dependencies to the used in NK3 v1.4.0 #80 (szszszsz)
- Ignore errors on factory reset, and start with the persistent storage #79 (szszszsz)
0.11.0-rc1 (2023-05-25)
Implemented enhancements:
- Add information about static password to List #68
- Add challenge-response support for KeepassXC #61
- Add Password Safe #60
- Return serial number #50
- Extend compiler and clippy lints #39
- Add challenge-response method for KeepassXC support #64 (szszszsz)
- Extend Credential structure with Password Safe field #63 (szszszsz)
Closed issues:
- Group attributes in Command::Credential per kind #66
- Add config option for the maximum number of credentials #62
- Finalize renaming to
secrets-app
#47
Test report is attached in the previous (rc) release.
0.11.0-rc2
0.11.0-rc2 (2023-05-30)
Implemented enhancements:
- Reuse compliance #77
Closed issues:
- Migrate bit manipulation to bitflags crate #78
- Resetting strategy #43
- Use cfg switch for no-encryption feature #23
Merged pull requests:
- Replace feature with a config switch for the debug mode #84 (szszszsz)
- Migrate list properties byte to bitflags #82 (szszszsz)
- Add copyright and spdx identifiers #81 (szszszsz)
- Match trussed* dependencies to the used in NK3 v1.4.0 #80 (szszszsz)
- Ignore errors on factory reset, and start with the persistent storage #79 (szszszsz)
Attached test report, done with:
- pynitrokey
v0.4.36-59-g47b9861
/ the current head of392-secrets-ui-separate-command
- against USB/IP Simulation
0.11.0-rc2-1-g7d3dbe96
0.11.0-rc1
0.11.0-rc1 (2023-05-25)
Required pynitrokey: unreleased (v0.4.39?).
Implemented enhancements:
- Add information about static password to List #68
- Add challenge-response support for KeepassXC #61
- Add Password Safe #60
- Return serial number #50
- Extend compiler and clippy lints #39
- Add challenge-response method for KeepassXC support #64 (szszszsz)
- Extend Credential structure with Password Safe field #63 (szszszsz)
Closed issues:
0.10.0 PIN-less mode
- Encrypt all credentials, but allow to specify which are being additionally protected with a PIN-based encryption key.
- Implement blinking handlers for Reverse HOTP to signalize success and failure in the Heads measured verification for Nitropads.
- Brute-force protection for Reverse HOTP is added (disabled by default).
Uses unreleased trussed-auth as a dependency.
Backwards compatible - all user data are retained from the previous version.
Required pynitrokey: v0.4.37.
0.9.0: Maintenance release
This maintenance release bumps the trussed-auth dependency.
0.8.0: Encrypt OTP secrets
Keep OTP secrets always encrypted, and import them to the Volatile keystore when needed
Required pynitrokey: v0.4.34.
0.7.0: PIN-based authentication and encryption
- Starting with this release the default method for authentication is PIN based, and challenge-response is disabled, and its implementation is marked for removal.
- PIN-based authentication allows for user data encryption at rest (metadata only; the OTP secrets, which are managed by Trussed).
Required pynitrokey: v0.4.34.
0.6.0: Maintainance
Maintenance release - includes dependency updates and code refactoring.
0.5.0: Encryption and multipacket responses
Improvements:
- Encryption.
- Multipacket responses.
- More error handling and stability corrections.
- Smaller stack pressure.
- Serialize state in CBOR.
- Make default location external.
- Encapsulate internal implementation.
- Handle state writing and deserialization errors.
- Use smaller buffers where possible.
- Decrease write pressure by accessing state RO.
Required for the use with the updated OTP client in pynitrokey (since v0.4.33).