v0.11.0

Added

• Storage encryption functionality in irmaclient
• Challenge response user authentication using ECDSA key pair between irma keyshare server and irmaclient
• Support for multiple keyshare servers in irmaclient to improve testability
• Extra configuration options for postgres database connections in irma keyshare server and irma keyshare myirmaserver
• Rate limiting on sending emails to the same email address in a short time period by irma keyshare server and irma keyshare myirmaserver
• Middleware to catch panics in HTTP handlers and return a 500 error instead
• Performance test scripts for irma keyshare server
• MyIRMA webclient service in docker-compose.yml to improve development setup
• CI status check for i386 architecture
• CodeQL static code analysis
• Contact details for support, discussion and responsible disclosure
• VSCode launch configuration

Changed

• BREAKING: irmaclient requires minimum irma keyshare server version 0.11.0 (due to challenge response user authentication).
  irma keyshare server does support older irmaclient versions.
• Updated dependencies
• Phased out unmaintained jasonlvhit/gocron library and migrated to go-co-op/gocron
• Made gocron usage more consistent
• Phased out legacy irmaclient log entry formats
• Consistently specify charset in HTTP responses when the content type is application/json
• Applied the code convention changes of golang 1.19
• Always use the latest version of golang in GitHub status checks
• Improved input validation of email addresses
• Improved testability of revoked credentials
• Use new URL of timestamp server (atumd) in unit tests

Fixed

• Broken retrieval of user from postgres database by irma keyshare server
• Also remove legacy file storage when calling RemoveStorage in irmaclient
• irma keyshare myirmaserver requests login and email attribute options as conjunction instead of as disjunction
• Chained sessions did not work due to bug in irma keyshare server
• Attributes from multiple issuer schemes could not be mixed in chained sessions
• Panics occurred during error handling in irmaclient
• Avoid gocron panics in revocation code during irmaclient startup
• Do not abort irma keyshare tasks run while looping over expired accounts and finding an invalid email address (quick fix)
• Use subject value instead of file path value as email subject in account removed email of irma keyshare myirmaserver
• Requestor JWT authentication did not work at revocation endpoint of irma server
• Concurrency issues in irmaclient.Client.credential() and irma.Configuration.parseKeysFolder()

Security

• Prevent that a user can detect whether a certain email address is registered at irma keyshare server and irma keyshare myirmaserver (vulnerable versions have never been live in production)

Note: On 23-01-2023 we fixed an issue in the irma CLI tool artifacts. This means that the file hashes have changed.

v0.10.0

Added

• irma session now supports static sessions and can start sessions from a session package
• (Requestor) schemes and their contents can now specify their languages, which irma scheme verify takes into account
• Add Apple Silicon builds in releases

Fixed

• Mutex deadlock that could freeze the server when using chained sessions
• Bug that would prevent warnings on 4xx and 5xx responses from showing when not in verbose/debug mode

v0.9.0

Added

• Support for stateless IRMA server using Redis
• Added Dockerfile and docker-compose files for running irma, the unit tests, and/or the services required by the unit tests

Changes

• Improve error messages of IRMA server in case of invalid session requests

Fixed

• Fix panic when an issuance request contains a credential ID consisting of less than three parts
• Ensure session handler callback function, when specified, is also called when session expires
• Several small bugs in MyIRMA backend server

v0.8.0

This release contains several large new features. In particular, the shoulder surf prevention feature brings a number of breaking changes in the API, mainly within the irmaserver package.

Added

• Support for chained IRMA sessions
• A Go rewrite of the keyshare server (see the new irma keyshare commands), succeeding the now deprecated irma_keyshare_server
• Added a function SessionStatus in the irmaserver package returning a channel with status updates of an IRMA session
• Added --api-prefix parameter to the IRMA server for prefixing its API endpoints with a string
• Added --max-session-lifetime parameter to the IRMA server for setting the session expiry (default 5 minutes)
• Shoulder surfing prevention: support for device pairing to prevent shoulder surfing (i.e. make it impossible for someone in close physical proximity to a user to scan the QR code that was meant for the user)
  • Introduced new endpoints used by the frontend to manage device pairing
  • The API of the irmaserver package has two new functions SetFrontendOptions and PairingCompleted
  • A new server status "PAIRING" is introduced

Changes

• During scheme parsing, folders found in the scheme folder not present in the assets (when configured) are removed
• Shoulder surfing prevention:
  • The server.SessionPackage struct now contains a new struct FrontendRequest of type *irma.FrontendSessionRequest, containing the following:
    • A boolean PairingRecommended (named pairingHint when being marshalled to JSON) that is set to true when pairing is recommended for that session, as indication to the frontend
    • An Authorization token used by the frontend to set pairing options
    • Fields called MinProtocolVersion and MaxProtocolVersion indicating the frontend protocol version range supported by the IRMA server.
  • The return values of the StartSession function from the API of the irmaserver package have changed as follows:
    • The type of the second return parameter, the requestor token, has changed from string to irma.RequestorToken
    • A new return parameter (type *irma.FrontendSessionRequest) has been added containing the frontend pairing settings (corresponding to the FrontendRequest field in the server.SessionPackage mentioned above)
  • The token parameter, as used by most functions in the API of the irmaserver package, now has the type irma.RequestorToken
  • The server.Status type has been moved to irma.ServerStatus; the related constants are also moved, e.g. from server.StatusInitialized to irma.ServerStatusInitialized

Fixed

• Bug causing IRMA server startup to fail when revocation is enabled
• Bug causing sessions to fail when revocation is enabled and the issuer has multiple revocation-enabled keys
• Incorrectly cased SQL column name used in revocation data lookup
• Bug causing issuance time in revocation records being floored to credential validity epoch boundaries
• Fixed bug when loading private key of issuer if another issuer with a similar name exists

v0.7.0

Fixed

• Bug causing scheme updating to fail if OS temp dir is on other file system than the schemes
• Prevent session result JWTs from being expired immediately if no expiry is specified is set in the session request; instead in that case they expire after two minutes
• When POSTing session result to the callbackUrl specified in session request, set Content-Type to application/json for JSON messages
• Fixed panic during scheme downloading on Windows
• Correctly decode randomblind attributes when verifying disclosures/signatures

Added

• Add request URL to log entry when IRMA server encounters an error (404 or otherwise) during HTTP request handling
• Add flag --allow-unsigned-callbacks to IRMA server to allow callbackUrl in session requests when no JWT private key is installed
• Add flag --augment-client-return-url to IRMA server to enable augmenting client return URL with server session token as query parameter (needs to be additionally enabled in session requests)
• Add new irma issuer keyprove and irma issuer keyverify commands to generate and verify zero-knowledge proofs of correct generation of issuer private/public keypairs

Changed

• Clarify warning and suppress stacktrace in IRMA server log entry in case /statusevents is hit while SSE is disabled
• Force Unix (LF) line endings in schemes during scheme signing for consistency
• Moved revocation commands from irma issuer revocation to just irma issuer

v0.6.1

Changed

• Change endpoint to which IRMA server admin email address is sent and include IRMA server version number

Fixed

• Bug that could cause schemes on disk to enter an inconsistent state, causing IRMA server to refuse to startup
• Nil deref during IRMA server startup in case local IP address failed to be determined
• Bug causing requestor scheme updating to fail

v0.6.0

Added

• Support for "randomblind" attributes (if enabled in the scheme), for e.g. election use cases: attributes containing large random numbers issued in such a way that 1) the issuer does not learn their value while still providing a valid signature over the credential containing the attributes, and 2) the attribute value will be unequal to all previously issued randomblind attributes with overwhelming probability. Once issued, these attributes can be disclosed normally (i.e., only the issuance protocol is different for these attributes).
• Initial support (currently limited to issuing sessions) in irmaclient for "pretty verifier names": human-readable and translatable requestor names to show in the IRMA app during a session to identify the requestor, instead of just a hostname, defined in a new scheme type called "requestor schemes" (e.g. https://github.com/privacybydesign/pbdf-requestors)

Changed

• Renamed and refactored several (mostly internal) functions dealing with installing, parsing and updating schemes, to support both scheme types (normal schemes as well as requestor schemes)
• irmaclient now includes suggestions for non-singletons in the disclosure candidates during sessions, like it does for singletons not in the user's wallet

Fixed

• Bug that would cause the IRMA server to log required values of attributes to be disclosed, when logging the session request
• Bug in irmaclient leading to the wrong error message in case of bad internet connection

Internal

Internal release needed for rolling out requestor schemes.

Not intended for public use.

v0.5.0

Fixed

• Bug in scheme update mechanism leading to UNKNOWN_PUBLIC_KEY errors when new public keys have been added to the scheme
• Several bugfixes in irmaclient

v0.5.0-rc.5

Added

• Support disabling scheme auto-updating in irma session
• Support revocation in irma session and irma request

Fixed

• Fixed bug in server configuration defaults when enabling production mode through config file
• Fixed bug that would kill server-sent events (SSE) connections after several seconds
• Fixed invalidation of local copy of index if local scheme is newer than the remote one
• Ignore absence of FAQ fields and category in credentialtypes during irma scheme verify

Security

• Abort issuance or disclosure in server and client in case of expired public keys