File: CHANGELOG.md

package info (click to toggle)
ruby-encryptor 3.0.0-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 200 kB
  • sloc: ruby: 450; makefile: 4
file content (30 lines) | stat: -rw-r--r-- 1,813 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Encryptor #

## 3.0.0 ##

* Fixed: GCM algorithms were not using IV. See https://github.com/attr-encrypted/encryptor/pull/22 for more info (@borama)
    * Data previously encrypted with GCM will not be decryptable by default. See the README for info regarding a workaround.
* Added: New option to enable backwards compatibility to allow decryption of data encrypted with AES-*-GCM algorithms from Encryptor v2.0.0. (@saghaulor)

## 2.0.0 ##

* Added support for MRI 2.1, 2.2, 2.3, and Rubinius. (@saghaulor)
* Added support for Authenticated Encryption Authentiation Data (AEAD) via aes-###-gcm. (@saghaulor)
* Changed the defaults to improve security, aes-256-gcm, IV is required. (@saghaulor)
* Added key and IV minimum length validations. (@saghaulor)
* Added insecure_mode option to allow for backwards compatibility for users who didn't use unique IV. (@saghaulor)
* Deprecated using Encryptor without an IV.
* Added hmac_iterations option to allow for adjusting the number of PKCS5 iterations when deriving a unique key. (@saghaulor)
* Removed support for MRI 1.9.3 and JRuby (until JRuby supports `auth_data=`, https://github.com/jruby/jruby/issues/3376). (@saghaulor)
* Changed tests to use Minitest. (@saghaulor)
* Changed syntax to use Ruby 1.9+ hash syntax. (@saghaulor)
* Salt may be deprecated in a future release, it remains for backwards compatibility. It's better security to have a unique key per record, however, the cost of PKCS5 is too high to force on to users by default. If users want a unique key per record they can implement it in their own way.

## 1.3.0 ##

* Added support for unique key (via salt) and IV. (@danpal & @rcook)

## 1.2.3 ##

* Added support for passing blocks to `encrypt` and `decrypt`. (@shuber)
* Changed raising an exception if key is missing or empty. (@shuber)