The following changes are included in the v1.6 (July 2024) release:
- Add support for software key creation by specifying the
CKA_KMS_PROTECTION_LEVELattribute. See the user guide to learn more. - Updated deps:
- glog => v0.7.1
The following changes are included in the v1.5 (May 2024) release:
- Add support for software keys. See the user guide to learn more about the
new
allow_software_keysconfiguration flag.
The following changes are included in the v1.4 (April 2024) release:
- Add support for symmetric AES key creation.
The following changes are included in the v1.3 (November 2023) release:
- Promote HMAC and raw symmetric AES encryption/decryption experimental
features to fully supported. This includes dropping the related experimental
configuration flags (
experimental_allow_mac_keysandexperimental_allow_raw_encryption_keys), please remove them from your config if used. - Add configuration flag to skip fork handlers registration, for applications that don't need the library to work in the child process.
- Add configuration item to provide X.509 certificates that will be exposed by the library when matched with a KMS key.
- Several internal dependencies were updated.
The following changes are included in the v1.2 (April 2023) release:
- Add support for digesting mechanisms that can sign over raw data instead of precomputed digests. See mechanism.cc for the full list.
- Add support for multi-part signing functions (
C_{Sign|Verify}Update, andC_{Sign|Verify}Final). See the user guide for more details about these functions. - Add support for
C_GenerateRandom, see the user guide for more details. - Add experimental support for interoperable AES symmetric encryption
mechanisms, such as
CKM_AES_CTR, and the related functions (eg.C_Encrypt,C_Decrypt, etc). See the user guide for the full list of mechanisms and functions. This feature is currently in private preview and can only be accessed by allowlisted preview customers. If you are interested, please fill out this form. - Add experimental support for HMAC symmetric signing mechanisms, such as
CKM_SHA256_HMAC. Some of these algorithms are in public preview but can be accessed without restrictions. See mechanism.cc for the full list of mechanisms. - Add integrity verification checks for crypto operations performed through the library.
- Support case #1 of
C_Initialize - Several internal dependencies were updated.
The following changes are included in the v1.1 (March 2022) release:
- The value for
CKA_EC_POINTwas corrected. - The configuration option
experimental_generate_certsis now fully supported, and has been renamed togenerate_certs. - Google now supplies a version of the library where the included BoringSSL has been built in FIPS mode.
- The configuration option
experimental_require_fips_modeis now fully supported, and has been renamed torequire_fips_mode. - For
CK_RSA_PKCS_OAEP_PARAMS.source, the value0is treated as meaning "no label" for compatibility purposes. - The library must now be built with Bazel v4.2.1.
- Several internal dependencies were updated.
Initial release of the library.
The following changes are included in the v1.1 (April 2024) release:
- Add support for
RSA_SIGN_PKCS1_4096_SHA256.
Initial GA release of the provider.
Second public preview release of the library. The following changes are included in the v0.9 release:
- Add support for
EC_SIGN_P384_SHA384. - Add a gRPC patch to support Windows default system roots loading.
Initial public preview release of the library.