3.12.0 (Supreme 0.6.2)

• Fix COSE signature verification (this is breaking change in indispensable-cosef):
  • Introduce class CoseSignedBytes which holds the bytes as transmitted on the wire
  • Add property wireFormat to CoseSigned to hold those bytes
  • Create new CoseSigned objects by calling CoseSigned.create() instead of using a constructor
  • Prepare COSE signature input by calling CoseSigned.prepare()
  • In CoseSigned, member protectedHeader is now a CoseHeader, not a ByteStringWrapper<CoseHeader>
  • In CoseSigned, member rawSignature (ByteArray) is now signature (CryptoSignature.RawByteEncodable)

3.11.1

• Fix CoseSigned JSON serialization

3.11.0 (Supreme 0.6.0)

• Kotlin 2.1.0
• Bouncy Castle 1.79!! for JVM targets
• Implement members in JsonWebToken and ConfirmationClaim for OpenID4VC High Assurance Interoperability Profile with SD-JWT VC
• Add utility methods to Asn1Integer
  • Additional constructor methods: fromByteArray, fromUnsignedByteArray
  • Additional instance methods: isZero, magnitude, bitLength
  • Additional conversion methods for Java BigInteger and iospin BigInteger
• Refactor CryptoPublicKey.Rsa to use Asn1Integer
  • Fixes JWS/COSE encoding for non-standard exponents (with MSBit 1)
• Add type parameter to CoseSigned for its payload (tagging with tag 24 when necessary)
  • Changes primary constructor visibility to internal to check for ByteStringWrapper as payload type, which shall be rejected
  • Fix serialization with Json
• Do not use DID key identifiers as keyId for CoseKey
• Fix BitSet iterator
• Add cose header typ
• Allow assertTag override also for Asn1Integer (was missing before)
• Sanitized Asn1OctetString inheritors' equality behavior
  • Two Asn1OctetStrings are always equal if their contents are equal
• Make Asn1Integer an Asn1Encodable<String>
• PEM Encoding
  • Introduce PemEncodable interface, derived from Asn1Encodable
  • Introduce PemDecodable interface, derived from Asn1Decodable
• Add Private Key
  • Add Private Key Representation to indispensable
  • Parsing of PEM and DER-encoded private keys in indispensable
  • Introduce SignatureAlgorithm.signerFor(privateKey) in supreme to create signers backed by (previously parsed, or manually constructed) private keys
  • Export of private keys from ephemeral signers (and only ephemeral signers) in combination with a new @SecretExposure annotation in supreme
• Add helpers for smoother iOS interop:
  • ECCurve.iosEncodedPublicKeyLength
  • ECCurve.iosEncodedPrivateKeyLength
  • ECCurve.Companion.fromIosEncodedPublicKeyLength
  • ECCurve.Companion.fromIosEncodedPrivateKeyLength
• Renames (old names are kept with a deprecation warning):
  • getJcaPublicKey() -> toJcaPublicKey()
• Support RSA8192

3.10.1 (Supreme 0.5.1) Hotfix

This release fixes #195

3.10.0 (Supreme 0.5.0)

More cowbell targets!

A new artifact, minor breaking changes and a lot more targets ahead!

The public API remains almost unchanged. Breaking API changes are:

• Some parsing methods migrating from a ByteIterator to kotlinx-io Source
• Move ensureSize from package asn1 to misc
• Change CSR to take an actual CryptoSignature instead of a ByteArray
• Remove Legacy iOS Attestation
• Add type parameter to JwsSigned for its payload
• Add type parameter to JweDecrypted for its payload
• JwsSigned.prepareSignatureInput now returns a raw ByteArray
• Move BitSet from io to asn1 package

The internals have changed substantially, however, and some fixes lead to behavioural changes.
Therefore, be sure to match Signum versions if multiple libraries pull it in as transitive dependency.
Better safe than sorry!
The full list of changes is:

• Discrete ASN.1 module indispensable-asn1 supporting the following platforms:
  • JVM
  • Android
  • iOS
  • watchOS
  • tvOS
  • JS
  • wasm/JS
  • Linux X64
  • Linux AARCH64
  • MinGw X64
• More targets for indispensable, indispensable-josef, indispensable-cosef
  • JVM
  • Android
  • iOS
  • watchOS
  • tvOS
  • JS
  • wasm/JS
  • Linux X64
  • Linux AARCH64
  • MinGw X64
• KmmResult 1.9.0
• Multibase 1.2.1
• Introduce generic tag assertion to Asn1Element
• Change CSR to take an actual CryptoSignature instead of a ByteArray
• Introduce shorthand to create CSR from TbsCSR
• Introduce shorthand to create certificate from TbsCertificate
• Remove requirement from CSR to have certificate extensions
• Fix CoseSigned equals
• Base OIDs on unsigned varint instead of UInt
• Directly support UUID-based OID creation
• Implement hash-to-curve and hash-to-scalar as per RFC9380
• Rename decodeFromDerHexString to parseFromDerHexString
• Move ensureSize from package asn1 to misc
• Move BitSet from io to asn1 package
• Use kotlinx-io as primary source for parsing
  • Base number encoding/decoding on kotlinx-io
    • Remove parsing from iterator
  • Base ASN.1 encoding and decoding on kotlinx-io
    • Remove single element decoding from Iterator
• Introduce prepareDigestInput() to IosHomebrewAttestation
• Remove Legacy iOS Attestation
• Add type parameter to JwsSigned for its payload
• Add type parameter to JweDecrypted for its payload
• JwsSigned.prepareSignatureInput now returns a raw ByteArray
• Tests that do not depend on BouncyCastle/JCA are now performed for all targets
• Remove Napier dependency

3.9.0 (Supreme 0.4.0)

• Shiny new documentation based on Material for MkDocs
• Move Attestation from Supreme to Indispensable
• Rename parse() to deserialize() in JwsSigned and JweEncrypted to align with COSE
• Rename CryptoPublicKey.Rsa -> CryptoPublicKey.RSA for consistency reasons
• Add HMAC JCA names, properties used in JSON Web Encryption

3.8.2 Hotfix

3.8.2 (Supreme 0.3.2)

• Less destructive Hotfix for for KT-71650
• Re-enables export of Asn1Element.Tag class to ObjC.

3.8.1 (Supreme 0.3.1)

• Hotfix for KT-71650
• Disables export of Asn1Element.Tag class to ObjC. Signum remains usable for KMP projects,
  the Tag class just cannot be directly accessed from Swift and ObjC any more.

3.8.0 (Supreme 0.3.0) Breaking Changes Ahead!

• Completely revamped ASN.1 Tag Handling
  • Properly handle multi-byte tags
  • Introduce a new data structure TLV.Tag with an accompanying TagClass enum and a constructed flag to accurately represent arbitrary tags up to ULong.MAX_VALUE
  • Make all tag parameters ULong to reflect support for multi-byte tags
  • Remove DERTags
  • Revamp implicit tagging (there is still work to be done, but at least it supports CONSTRUCTED ASN.1 elements)
• Refactor Int.Companion.decodeFromDer -> Int.Companion.decodeFromDerValue()
• Refactor Long.Companion.decodeFromDer -> Long.Companion.decodeFromDerValue()
• Introduce ULong.Companion.decodeFromDer which can handle overlong inputs, as long as they start with a valid ULong encoding
• Changed return type of Verifier::verify from KmmResult<Unit> to KmmResult<Success>. Usage is unchanged.
• Add ConfirmationClaim to represent Proof-of-Possesion Key Semantics for JWTs
• Add claims to JsonWebToken to implement Demonstrating Proof of Possession
• Replace JsonWebToken.confirmationKey by JsonWebToken.confirmationClaim, the implementation was wrong
• Introduce ULong.toAsn1VarInt() to encode ULongs into ASN.1 unsigned VarInts (not to be confused with
  multi^2_base'sUVarInt!)
• Introduce decodeAsn1VarULong() and decodeAsn1VarUInt() which can handle overlong inputs, as long as they start with a valid unsigned number encoding.
  • Comes in three ULong flavours:
    • Iterator<Byte>.decodeAsn1VarULong()
    • Iterable<Byte>.decodeAsn1VarULong()
    • ByteArray.decodeAsn1VarULong()
  • and three UInt flavours:
    • Iterator<Byte>.decodeAsn1VarUInt()
    • Iterable<Byte>.decodeAsn1VarUInt()
    • ByteArray.decodeAsn1VarUInt()
• Revamp implicit tagging
• Revamp Asn1Element.parse(), introducing new variants. This yields:
  • Asn1Element.parse() with the same semantics as before
  • Asn1Element.parse() alternative introduced, which takes a ByteIterator instead of a ByteArray
  • Asn1Element.parseAll() introduced, which consumes all bytes and returns a list of all ASN.1 elements (if parsing works)
    • Variant 1 takes a ByteIterator
    • Variant 2 takes a ByteArray
  • Asn1Element.parseFirst() introduced, which tries to only parse a single ASN.1 element from the input and leaves the rest untouched.
    • Variant 1 takes a ByteIterator and returns the element; the ByteIterator is advanced accordingly
    • Variant 2 takes a ByteArray and returns a Pair of (element, remainingBytes)
• More consistent low-level encoding and decoding function names:
  • encodeToAsn1Primitive to produce an Asn1Primitive that can directly be DER-encoded
  • encodeToAsn1ContentBytes to produce the content bytes of a TLV primitive (the V in TLV)
  • decodeToXXX to be invoked on an Asn1Primitive to decode a DER-encoded primitive into the target type
  • decodeFromAsn1ContentBytes to be invoked on the companion of the target type to decode the content bytes of a TLV primitive (the V in TLV)
• Update conventions -> Coroutines 1.9.0
• replace runCatching with catching to be extra-safe

3.8.1 (0.3.1 Supreme) Hotfix

3.8.1 (Supreme 0.3.1)

• Hotfix for KT-71650
• Disables export of Asn1Element.Tag class to ObjC. Signum remains usable for KMP projects,
  the Tag class just cannot be directly accessed from Swift and ObjC any more.

3.8.0 (Supreme 0.3.0) Breaking Changes Ahead!

• Completely revamped ASN.1 Tag Handling
  • Properly handle multi-byte tags
  • Introduce a new data structure TLV.Tag with an accompanying TagClass enum and a constructed flag to accurately represent arbitrary tags up to ULong.MAX_VALUE
  • Make all tag parameters ULong to reflect support for multi-byte tags
  • Remove DERTags
  • Revamp implicit tagging (there is still work to be done, but at least it supports CONSTRUCTED ASN.1 elements)
• Refactor Int.Companion.decodeFromDer -> Int.Companion.decodeFromDerValue()
• Refactor Long.Companion.decodeFromDer -> Long.Companion.decodeFromDerValue()
• Introduce ULong.Companion.decodeFromDer which can handle overlong inputs, as long as they start with a valid ULong encoding
• Changed return type of Verifier::verify from KmmResult<Unit> to KmmResult<Success>. Usage is unchanged.
• Add ConfirmationClaim to represent Proof-of-Possesion Key Semantics for JWTs
• Add claims to JsonWebToken to implement Demonstrating Proof of Possession
• Replace JsonWebToken.confirmationKey by JsonWebToken.confirmationClaim, the implementation was wrong
• Introduce ULong.toAsn1VarInt() to encode ULongs into ASN.1 unsigned VarInts (not to be confused with
  multi^2_base'sUVarInt!)
• Introduce decodeAsn1VarULong() and decodeAsn1VarUInt() which can handle overlong inputs, as long as they start with a valid unsigned number encoding.
  • Comes in three ULong flavours:
    • Iterator<Byte>.decodeAsn1VarULong()
    • Iterable<Byte>.decodeAsn1VarULong()
    • ByteArray.decodeAsn1VarULong()
  • and three UInt flavours:
    • Iterator<Byte>.decodeAsn1VarUInt()
    • Iterable<Byte>.decodeAsn1VarUInt()
    • ByteArray.decodeAsn1VarUInt()
• Revamp implicit tagging
• Revamp Asn1Element.parse(), introducing new variants. This yields:
  • Asn1Element.parse() with the same semantics as before
  • Asn1Element.parse() alternative introduced, which takes a ByteIterator instead of a ByteArray
  • Asn1Element.parseAll() introduced, which consumes all bytes and returns a list of all ASN.1 elements (if parsing works)
    • Variant 1 takes a ByteIterator
    • Variant 2 takes a ByteArray
  • Asn1Element.parseFirst() introduced, which tries to only parse a single ASN.1 element from the input and leaves the rest untouched.
    • Variant 1 takes a ByteIterator and returns the element; the ByteIterator is advanced accordingly
    • Variant 2 takes a ByteArray and returns a Pair of (element, remainingBytes)
• More consistent low-level encoding and decoding function names:
  • encodeToAsn1Primitive to produce an Asn1Primitive that can directly be DER-encoded
  • encodeToAsn1ContentBytes to produce the content bytes of a TLV primitive (the V in TLV)
  • decodeToXXX to be invoked on an Asn1Primitive to decode a DER-encoded primitive into the target type
  • decodeFromAsn1ContentBytes to be invoked on the companion of the target type to decode the content bytes of a TLV primitive (the V in TLV)
• Update conventions -> Coroutines 1.9.0
• replace runCatching with catching to be extra-safe

3.8.0 (Supreme 0.3.0)

Breaking Changes Ahead!

• Completely revamped ASN.1 Tag Handling
  • Properly handle multi-byte tags
  • Introduce a new data structure TLV.Tag with an accompanying TagClass enum and a constructed flag to accurately represent arbitrary tags up to ULong.MAX_VALUE
  • Make all tag parameters ULong to reflect support for multi-byte tags
  • Remove DERTags
  • Revamp implicit tagging (there is still work to be done, but at least it supports CONSTRUCTED ASN.1 elements)
• Refactor Int.Companion.decodeFromDer -> Int.Companion.decodeFromDerValue()
• Refactor Long.Companion.decodeFromDer -> Long.Companion.decodeFromDerValue()
• Introduce ULong.Companion.decodeFromDer which can handle overlong inputs, as long as they start with a valid ULong encoding
• Changed return type of Verifier::verify from KmmResult<Unit> to KmmResult<Success>. Usage is unchanged.
• Add ConfirmationClaim to represent Proof-of-Possesion Key Semantics for JWTs
• Add claims to JsonWebToken to implement Demonstrating Proof of Possession
• Replace JsonWebToken.confirmationKey by JsonWebToken.confirmationClaim, the implementation was wrong
• Introduce ULong.toAsn1VarInt() to encode ULongs into ASN.1 unsigned VarInts (not to be confused with
  multi^2_base'sUVarInt!)
• Introduce decodeAsn1VarULong() and decodeAsn1VarUInt() which can handle overlong inputs, as long as they start with a valid unsigned number encoding.
  • Comes in three ULong flavours:
    • Iterator<Byte>.decodeAsn1VarULong()
    • Iterable<Byte>.decodeAsn1VarULong()
    • ByteArray.decodeAsn1VarULong()
  • and three UInt flavours:
    • Iterator<Byte>.decodeAsn1VarUInt()
    • Iterable<Byte>.decodeAsn1VarUInt()
    • ByteArray.decodeAsn1VarUInt()
• Revamp implicit tagging
• Revamp Asn1Element.parse(), introducing new variants. This yields:
  • Asn1Element.parse() with the same semantics as before
  • Asn1Element.parse() alternative introduced, which takes a ByteIterator instead of a ByteArray
  • Asn1Element.parseAll() introduced, which consumes all bytes and returns a list of all ASN.1 elements (if parsing works)
    • Variant 1 takes a ByteIterator
    • Variant 2 takes a ByteArray
  • Asn1Element.parseFirst() introduced, which tries to only parse a single ASN.1 element from the input and leaves the rest untouched.
    • Variant 1 takes a ByteIterator and returns the element; the ByteIterator is advanced accordingly
    • Variant 2 takes a ByteArray and returns a Pair of (element, remainingBytes)
• More consistent low-level encoding and decoding function names:
  • encodeToAsn1Primitive to produce an Asn1Primitive that can directly be DER-encoded
  • encodeToAsn1ContentBytes to produce the content bytes of a TLV primitive (the V in TLV)
  • decodeToXXX to be invoked on an Asn1Primitive to decode a DER-encoded primitive into the target type
  • decodeFromAsn1ContentBytes to be invoked on the companion of the target type to decode the content bytes of a TLV primitive (the V in TLV)
• Update conventions -> Coroutines 1.0.9
• replace runCatching with catching to be extra-safe

Closed Issues:

• #116
• #117
• #121
• #125

3.7.0 (Supreme 0.2.0)

• Remove Swift verifier logic to obtain a general speed-up
• Implement supreme signing capabilities
• Introduce Attestation Data Structure
• Dependency Updates:
  • Kotlin 2.0.20
  • kotlinx.serialization 1.7.2 stable (bye, bye unofficial snapshot dependency!)
  • kotlinx-datetime 0.6.1