Skip to content

Releases: Nitrokey/trussed-secrets-app

0.11.0 Password Safe and KeepassXC Support

30 May 15:54
0.11.0
7d3dbe9
Compare
Choose a tag to compare

Changelog

0.11.0 (2023-05-30)

Full Changelog

Implemented enhancements:

  • Add challenge-response support for KeepassXC #61
  • Add Password Safe #60
  • Extend compiler and clippy lints #39
  • Extend Credential structure with Password Safe field #63 (szszszsz)

Closed issues:

  • Use released version for trussed-auth #58
  • Group attributes in Command::Credential per kind #66
  • Add config option for the maximum number of credentials #62
  • Finalize renaming to secrets-app #47
  • Resetting strategy #43

Merged pull requests:

  • Match trussed* dependencies to the used in NK3 v1.4.0 #80 (szszszsz)
  • Ignore errors on factory reset, and start with the persistent storage #79 (szszszsz)

0.11.0-rc2 (2023-05-30)

Full Changelog

Implemented enhancements:

  • Reuse compliance #77

Closed issues:

  • Migrate bit manipulation to bitflags crate #78
  • Resetting strategy #43
  • Use cfg switch for no-encryption feature #23

Merged pull requests:

  • Replace feature with a config switch for the debug mode #84 (szszszsz)
  • Migrate list properties byte to bitflags #82 (szszszsz)
  • Add copyright and spdx identifiers #81 (szszszsz)
  • Match trussed* dependencies to the used in NK3 v1.4.0 #80 (szszszsz)
  • Ignore errors on factory reset, and start with the persistent storage #79 (szszszsz)

0.11.0-rc1 (2023-05-25)

Full Changelog

Implemented enhancements:

  • Add information about static password to List #68
  • Add challenge-response support for KeepassXC #61
  • Add Password Safe #60
  • Return serial number #50
  • Extend compiler and clippy lints #39
  • Add challenge-response method for KeepassXC support #64 (szszszsz)
  • Extend Credential structure with Password Safe field #63 (szszszsz)

Closed issues:

  • Group attributes in Command::Credential per kind #66
  • Add config option for the maximum number of credentials #62
  • Finalize renaming to secrets-app #47

Test report is attached in the previous (rc) release.

0.11.0-rc2

30 May 14:39
0.11.0-rc2
265a0f0
Compare
Choose a tag to compare
0.11.0-rc2 Pre-release
Pre-release

0.11.0-rc2 (2023-05-30)

Full Changelog

Implemented enhancements:

  • Reuse compliance #77

Closed issues:

  • Migrate bit manipulation to bitflags crate #78
  • Resetting strategy #43
  • Use cfg switch for no-encryption feature #23

Merged pull requests:

  • Replace feature with a config switch for the debug mode #84 (szszszsz)
  • Migrate list properties byte to bitflags #82 (szszszsz)
  • Add copyright and spdx identifiers #81 (szszszsz)
  • Match trussed* dependencies to the used in NK3 v1.4.0 #80 (szszszsz)
  • Ignore errors on factory reset, and start with the persistent storage #79 (szszszsz)

Attached test report, done with:

  • pynitrokey v0.4.36-59-g47b9861 / the current head of 392-secrets-ui-separate-command
  • against USB/IP Simulation 0.11.0-rc2-1-g7d3dbe96

0.11.0-rc1

25 May 16:21
0.11.0-rc1
8c4453f
Compare
Choose a tag to compare
0.11.0-rc1 Pre-release
Pre-release

0.11.0-rc1 (2023-05-25)

Full Changelog

Required pynitrokey: unreleased (v0.4.39?).

Implemented enhancements:

  • Add information about static password to List #68
  • Add challenge-response support for KeepassXC #61
  • Add Password Safe #60
  • Return serial number #50
  • Extend compiler and clippy lints #39
  • Add challenge-response method for KeepassXC support #64 (szszszsz)
  • Extend Credential structure with Password Safe field #63 (szszszsz)

Closed issues:

  • Group attributes in Command::Credential per kind #66
  • Add config option for the maximum number of credentials #62
  • Finalize renaming to secrets-app #47

0.10.0 PIN-less mode

26 Apr 10:58
0.10.0
a424326
Compare
Choose a tag to compare
  1. Encrypt all credentials, but allow to specify which are being additionally protected with a PIN-based encryption key.
  2. Implement blinking handlers for Reverse HOTP to signalize success and failure in the Heads measured verification for Nitropads.
  3. Brute-force protection for Reverse HOTP is added (disabled by default).

Uses unreleased trussed-auth as a dependency.
Backwards compatible - all user data are retained from the previous version.

Required pynitrokey: v0.4.37.

0.9.0: Maintenance release

05 Apr 14:41
0.9.0
e3906bc
Compare
Choose a tag to compare

This maintenance release bumps the trussed-auth dependency.

0.8.0: Encrypt OTP secrets

08 Mar 17:21
0.8.0
1578918
Compare
Choose a tag to compare

Keep OTP secrets always encrypted, and import them to the Volatile keystore when needed

Required pynitrokey: v0.4.34.

0.7.0: PIN-based authentication and encryption

03 Mar 12:35
0.7.0
b6ee783
Compare
Choose a tag to compare
  1. Starting with this release the default method for authentication is PIN based, and challenge-response is disabled, and its implementation is marked for removal.
  2. PIN-based authentication allows for user data encryption at rest (metadata only; the OTP secrets, which are managed by Trussed).

Required pynitrokey: v0.4.34.

0.6.0: Maintainance

24 Feb 16:03
0.6.0
cae0d08
Compare
Choose a tag to compare

Maintenance release - includes dependency updates and code refactoring.

0.5.0: Encryption and multipacket responses

03 Feb 11:18
0.5.0
34ed817
Compare
Choose a tag to compare

Improvements:

  • Encryption.
  • Multipacket responses.
  • More error handling and stability corrections.
  • Smaller stack pressure.
  • Serialize state in CBOR.
  • Make default location external.
  • Encapsulate internal implementation.
  • Handle state writing and deserialization errors.
  • Use smaller buffers where possible.
  • Decrease write pressure by accessing state RO.

Required for the use with the updated OTP client in pynitrokey (since v0.4.33).

0.4.0: Better error handling and UP checks

06 Dec 20:58
0.4.0
6dc00d3
Compare
Choose a tag to compare

Improvements:

  • Protocol change - return errors #3
  • Fuzzing extension #15
  • Stability fixes for the problems found during fuzzing #15
  • UP checks for important operations #9

Details: #15

Required for the use with the updated OTP client in pynitrokey (since v0.4.32).