v0.9.3

A source distribution and wheels for common platforms have been published to PyPI.

Bugs fixed:

• When determining the capabilities on an object, fall back to fetching flags one by one if fetching them all at once doesn't work. This mitigates issues with some tokens that don't handle errors on multi-attribute fetches in a compliant way.

v0.9.2

A source distribution and wheels for common platforms have been published to PyPI.

Release notes:

• Fix publishing of Python 3.14 wheels.

v0.9.1

A source distribution and wheels for common platforms have been published to PyPI.

Release notes:

• Add Python 3.14 to the CI matrix and release workflows.
• Expand ATTRIBUTE_TYPES for GOSTR support.
• Expose CK_SESSION_HANDLE as readonly

v0.9.0

A source distribution and wheels for common platforms have been published to PyPI.

Summary of changes

• Internal restructuring to allow loading (and unloading) multiple PKCS#11 libraries
• Better operation & cancellation management for search, encryption/decryption and signing/verification.
• Allow batch operations for search and attribute fetching.
• Support user-supplied attribute mappings via the AttributeMapper class, in a forward-compatible manner.
• Enable AES-GCM and AES-CTR in tokens that support these primitives.
• Map CKR_PIN_LEN_RANGE error code.
• Defensively decode the empty string as False for boolean attributes.
• Correct X.509 EC public-key extraction logic.
• Test with multiple token implementations in CI (SoftHSMv2 and opencryptoki for now).

There should not be any API-breaking changes in the public API, except for users extending the shim classes in the types module (e.g. for use in test mocks).

v0.8.1

A source distribution and wheels for common platforms have been published to PyPI.

v0.8.0

A source distribution and wheels for common platforms have been published to PyPI.

v0.7.0

Changes in this release

• Release the GIL during PKCS#11 calls, so that the asyncio ThreadExecutor can be used on slow PKCS#11 calls.
• Add flag to use protected authentication path for login
• Add method to reinitialize PCKS#11 for broken implementations
• Fix decoding of EC private keys in util

v0.6.0

Changes in this release

• Finally includes Windows support
• Function pointers are retrieved from C_GetFunctionList, rather than directly
• Compatibility fixes

v0.5.0

Changes in this release:

• Switch to the updated 2016 version of PKCS#11 v2.4
• Use the new values for AES_KEY_WRAP and AES_KEY_WRAP_PAD (#15).
• Add additional new mechanisms from most recent specification

API Breaking Changes

• AES_KEY_WRAP is now the default mechanism for wrapping AES keys, replacing ECB.

GPG Signature

This tag is signed with GPG key 1172 FC7B 4B57 5575 0C65 F9A5 44B8 0C28 0F80 807C.

v0.4.0

Changes in this release:

• Port the utilities from pyasn1 to asn1crypto which is faster and more widely used, with more up to date structures, also includes features such as PEM detecting and armoring/unarmoring that a lot of people need.

API breaking changes:

• EC named curves are now strings either as a common name (e.g. secp256r1) or OIDs. This is a break from previously when they were pyasn1 constants. This change should be easier for everyone involved.

GPG Signature

This tag is signed with GPG key 1172 FC7B 4B57 5575 0C65 F9A5 44B8 0C28 0F80 807C.