v0.5.0-rc.4

Added

• Support for parallel sessions (e.g. issuance of missing credentials during a disclosure session) to irmaclient

Fixed

• Several minor bugs in irmaclient

Security

• The IRMA server now keeps issuer private keys in memory as short as possible

v0.5.0-rc.3

Added

• Revocation of previously issued credentials (see documentation)
• Support HTTP/2 in IRMA server and app
• Option --skip-permission-keys-check to IRMA server disabling checking that all required private keys are present in the server configuration
• Various additions to irmaclient for the new IRMA app, among others:
  • Several new fields in irma.CredentialType for specifying e.g. help messages and card colors
  • Added developer mode enabling non-HTTPS connections to IRMA servers for local testing (see below)

Changed

• Use go modules instead of dep for tracking and locking dependencies

Fixed

• Problems with --privkeys option to IRMA server
• irmaserver HTTP handler returns 404 an 405 as JSON error messages as expected
• Consistently use a docopt/git/aptitude like format for usage sections in help of irma subcommands
• Incorrect default value of --url flag to irma session subcommand
• IRMA server no longer allows nonsensical wildcard usage in requestor permissions

Security

• irma command, IRMA server and irmaclient will now enforce HTTPS for outgoing connections more strictly
• Update supported TLS ciphers and curves for IRMA server
• Fixed potential bug allowing MitM attacker to arbitrarily change installed schemes
• Fixed potential DoS attack in IRMA server endpoints (sending it large amounts of data or keeping connections open indefinitely)
• irma issuer keygen now has default keylength 2048
• Added various sanity checks to files and file paths
• Fixed potential scheme downgrade attack when installing/updating schemes in MitM scenarios

v0.5.0-rc.1

Added

• Include clientReturnUrl in session request

Changed

• All (translated) names of issuers and credential types of demo schemes (i.e. irma-demo) must now start with Demo
• irmaclient now uses bbolt for storage
• When the irmaclient receives a credential identical to another older one, the older one is overwritten
• Scheme signing and verification now supports symlinks

Fixed

• Unclear error message when the request's Content-Type HTTP header is not properly set
• Unclear error message when non-optional attributes are missing in issuance request
• Scheme verification now ignores deprecated issuers and keys and ignores missing IssueURL tags in credential types
• irma server no longer crashes at startup if no network interfaces are available
• Various bugs in irma server configuration

v0.4.1

• Fix bug that would prevent downloading of demo private keys of demo schemes on server startup and scheme updating
• irma server now respects the disable_schemes_update option like the irmaserver library (#63)
• rename irma session flag --authmethod to --auth-method for consistency with server Configuration struct
• Other small fixes

v0.4.0

• new irma server feature: static (e.g. printable) QRs that start preconfigured sessions, see documentation
• irma server now returns attribute issuance time to the requestor after the session has finished
• hopefully fix “unknown or expired session” errors that would sometimes occur in the IRMA app in bad network conditions
• combined issuance-disclosure requests with two schemes one of which has a keyshare server now work as expected
• other bugfixes

v0.3.1

• fix missing fields from session result JWT
• use (migrated) timestamp server URL from scheme
• irma server now supports /getproof endpoint in issuance

v0.3.0

• support 'condiscon' session requests
• improve logging
• bug fixes

v0.2.0

fix: another wrong fix of handling non-key files