3.16.2 / 0.8.3 Supreme-Only Hotfix

• Set minimum iOS version to 15
• Fix Swift compat linker errors (closes #280)

3.6.2 (Supreme 0.8.2) Lower minSDK

• Lower Android minSDK to 21 (5.0 Lollipop) for all modules Except Supreme
• Update AGP to 8.6.1
• Dependency Updates:
  • KmmResult 1.9.2 (for Android SDK 21 compat)

3.6.1 (Supreme 0.8.1) Hotfix

• Generalized, proper COSE to MAC mapping, preventing unexpected behaviour for HS265_24

3.16.0 (Supreme 0.8.0)

Symmetric Encryption and Major Cleanups

• Note: All debug-only kotlinx.serialization for cryptographic datatypes like certificates, public keys, etc. was removed!

  • We support robust ASN.1 encoding and mapping from/to JOSE and COSE datatypes and our ASN.1 structures support pretty printing.
  • -> There is no need for this misleading serialization support for debugging anymore.
  • @Serializable suggests deserialization from JSON, CBOR, etc. works, which was never universally true.
  • Getting native ASN.1 serialization for kotlinx-serialization is now a no-brainer given we support every primitive required.
  • Serializers like X509CertificateBase64UrlSerializer are here to stay because those are universally useful!
  • ObjectIdSerializer was renamed to ObjectIdentifierStringSerializer

• HMAC Support

  • This finally cleans up the RSAorHMAC mess, which is a breaking change
  • Introduce umbrella DataIntegrityAlgorithms, which is the parent of SignatureAlgorithm and MessageAuthenticationCode
  • JwsAlgorithm and CoseAlgorithm are now abstract, having subclasses.
  • JwsAlgorithms and CoseAlgorithms are now available under .Signature and .MAC respectively. There are no toplevel constants of predefined algorithms anymore!

• Symmetric Encryption

  • Supported Algorithms
    • AES
      • GCM
      • CBC-HMAC
      • CBC
      • ECB
      • KW
    • ChaCha-Poly1305
  • Add algorithm mappings to indispensable-josef This is a binary-incompatible change
    • ivLength and encryptionKeyLength now return BitLength instead of Int
    • text is now properly called identifier

• Move HazardousMaterials annotation from supreme to indispensable This is a breaking change

• Move SecretExposure annotation from supreme to indispensable This is a breaking change

• Expose SecureRandom as API dependency in indispensable

• Rename CoseAlgorithm.value -> CoseAlgorithm.coseValue

• Fix COSE key parsing for unordered properties

• Remove code elements deprecated in 3.15.0, related to OID4VCI and HAIP

3.15.2

Parse not-implemented EC curves as null, e.g. in Json Web Keys.

This release does not contain a new Supreme version, as it is unaffected by these changes

3.15.1 (Supreme 0.7.2)

• Fix decoding did:key: key identifiers containing a #
• Fix missing android artefact publishing for Supreme (thanks to @ephemient)
• Kotlin 2.1.20

3.15.0 (Supreme 0.7.1)

• Note: We are deprecating and will soon be removing the debug-only serialization for cryptographic datatypes like certificates, public keys, etc.
  • We support robust ASN.1 encoding and mapping from/to JOSE and COSE datatypes and our ASN.1 structures support pretty printing.
  • -> There is no need for this misleading serialization support for debugging anymore
  • @Serializable suggests deserialization from JSON, CBOR, etc. works, which was never universally true
  • Getting native ASN.1 serialization for kotlinx-serialization is now a no-brainer given we support every primitive required.
  • This note will be prepended to the changelog entries until the @Serialization annotations have been removed.
    • This will happen by Indispensable 4.0.0 / Supreme 1.0.0, if not before then.
• Introduce support for ASN.1 REAL
• Add built-in ASN.1 ENUMERATED support
• Rename ObjectIdentifier.parse -> ObjectIdentifier.decodeFromAsn1ContentBytes in accordance with other similar functions
• Update data classes for Wallet Attestation from OpenID4VC HAIP and OpenID4VCI:
  • Deprecate authenticationLevel (aal) in JsonWebToken, removed from standards
  • Deprecate key_type, user_authentication in ConfirmationClaim, removed from standards
  • Deprecate types WalletAttestationUserAuthentication, WalletAttestationKeyType, removed from standards
  • Add wallet_name, wallet_link, status to JsonWebToken, used in Key Attestation JWT
  • Add KeyAttestationJwt from OpenID4VCI
• Add dedicated Android targets (SDK 30 / JDK 1.8) to all modules
• Fix internal deprecations
• Raise deprecation level to ERROR for deprecated functions:
  • Asn1Element.Companion.parseAll
  • Asn1Element.Companion.parse
  • Asn1Element.Companion.decodeFromDerHexString
  • Asn1Element.asPrimitiveOctetString
  • CryptoPublicKey.fromJcaPublicKey
  • CryptoPublicKey.RSA.fromJcaPublicKey
  • CryptoPublicKey.EC.fromJcaPublicKey
  • CryptoSignature.invoke
  • CryptoPublicKey.RSA(n: ByteArray, e: ByteArray)
  • CryptoPublicKey.EC(curve: ECCurve, x: ByteArray, usePositiveY: Boolean)
  • CryptoPublicKey.EC(curve: ECCurve, x: ByteArray, y: ByteArray)
  • ECCurve.keyLengthBits
  • ECCurve.coordinateLengthBytes
  • ECCurve.signatureLengthBytes

3.14.0 (Supreme 0.7.0)

• Key Agreement Support
  • ECDH
• Certificate Improvements:
  • Parse X.509 certificates in V1 too
  • Change UniqueIDs from BitSet to Asn1BitString, enabling correct encoding of borked bit strings
• Change variance of generic on Asn1Encodable and Asn1Decodable

3.13.0 (Supreme 0.6.4)

• Fix COSE key serialization
• Refactor Asn1Integer to use UByteArray internally instead of a list
• Fix ASN.1 decoding flaw for a very specific length encoding
• Performance optimization: Instantiate fewer KmmResults
• Move PemEncodable/PemDecodable from indispensable to indispensable-asn1 module.
• More comprehensive PEM encoding/decoding support:
  • CryptoPublicKey
    • Note that PKCS1 encoding of RSA keys is not supported as it is discouraged (decoding is supported)
    • ANSI encoding and decoding is also unsupported, because decoding requires context and encoding this way is incomplete
  • X509Certificate
  • CSR (Pkcs10CertificationRequest)
• Change CoseHeader.certificateChain (CBOR element 33 x5chain) from a single byte array to a list of byte arrays, acc. to specification
• Remove CoseHeader.coseKey, which has been an unofficial addition from OID4VCI, but has been removed since

3.12.1 (Supreme 0.6.3)

This is a point release. Version numbers are all incremented to keep components aligned.

New Features:

• Add COSE object creation with detached payload, i.e. setting a null payload in CoseSigned, and clients are responsible to transport the payload separately.

If you don't require this feature, no need to update!