node-forge 0.7.5 → 0.8.2

package/CHANGELOG.md

@@ -1,6 +1,64 @@
 Forge ChangeLog
 ===============
 
+## 0.8.2 - 2019-03-18
+
+### Fixed
+- Fix tag calculation when continuing an AES-GCM block.
+
+### Changed
+- Switch to eslint.
+
+## 0.8.1 - 2019-02-23
+
+### Fixed
+- Fix off-by-1 bug with kem random generation.
+
+## 0.8.0 - 2019-01-31
+
+### Fixed
+- Handle creation of certificates with `notBefore` and `notAfter` dates less
+  than Jan 1, 1950 or greater than or equal to Jan 1, 2050.
+
+### Added
+- Add OID 2.5.4.13 "description".
+- Add OID 2.16.840.1.113730.1.13 "nsComment".
+  - Also handle extension when creating a certificate.
+- `pki.verifyCertificateChain`:
+  - Add `validityCheckDate` option to allow checking the certificate validity
+    period against an arbitrary `Date` or `null` for no check at all. The
+    current date is used by default.
+- `tls.createConnection`:
+  - Add `verifyOptions` option that passes through to
+    `pki.verifyCertificateChain`. Can be used for the above `validityCheckDate`
+    option.
+
+### Changed
+- Support WebCrypto API in web workers.
+- `rsa.generateKeyPair`:
+  - Use `crypto.generateKeyPair`/`crypto.generateKeyPairSync` on Node.js if
+    available (10.12.0+) and not in pure JS mode.
+  - Use JS fallback in `rsa.generateKeyPair` if `prng` option specified since
+    this isn't supported by current native APIs.
+  - Only run key generation comparison tests if keys will be deterministic.
+- PhantomJS is deprecated, now using Headless Chrome with Karma.
+- **Note**: Using Headless Chrome vs PhantomJS may cause newer JS features to
+  slip into releases without proper support for older runtimes and browsers.
+  Please report such issues and they will be addressed.
+- `pki.verifyCertificateChain`:
+  - Signature changed to `(caStore, chain, options)`. Older `(caStore, chain,
+    verify)` signature is still supported. New style is to to pass in a
+    `verify` option.
+
+## 0.7.6 - 2018-08-14
+
+### Added
+- Test on Node.js 10.x.
+- Support for PKCS#7 detached signatures.
+
+### Changed
+- Improve webpack/browser detection.
+
 ## 0.7.5 - 2018-03-30
 
 ### Fixed

package/README.md

@@ -209,8 +209,6 @@ forge you need.
 Testing
 -------
 
-See the [testing README](./tests/README.md) for full details.
-
 ### Prepare to run tests
 
     npm install
@@ -221,10 +219,10 @@ Forge natively runs in a [Node.js][] environment:
 
     npm test
 
-### Running automated tests with PhantomJS
+### Running automated tests with Headless Chrome
 
-Automated testing is done via [Karma][]. By default it will run the tests in a
-headless manner with PhantomJS.
+Automated testing is done via [Karma][]. By default it will run the tests with
+Headless Chrome.
 
     npm run test-karma
 
@@ -241,7 +239,7 @@ By default [webpack][] is used. [Browserify][] can also be used.
 
 You can also specify one or more browsers to use.
 
-    npm run test-karma -- --browsers Chrome,Firefox,Safari,PhantomJS
+    npm run test-karma -- --browsers Chrome,Firefox,Safari,ChromeHeadless
 
 The reporter option and `BUNDLER` environment variable can also be used.
 
@@ -961,14 +959,14 @@ __Examples__
 var rsa = forge.pki.rsa;
 
 // generate an RSA key pair synchronously
-// *NOT RECOMMENDED* -- can be significantly slower than async and will not
-// use native APIs if available.
+// *NOT RECOMMENDED*: Can be significantly slower than async and may block
+// JavaScript execution. Will use native Node.js 10.12.0+ API if possible.
 var keypair = rsa.generateKeyPair({bits: 2048, e: 0x10001});
 
 // generate an RSA key pair asynchronously (uses web workers if available)
 // use workers: -1 to run a fast core estimator to optimize # of workers
-// *RECOMMENDED* - can be significantly faster than sync -- and will use
-// native APIs if available.
+// *RECOMMENDED*: Can be significantly faster than sync. Will use native
+// Node.js 10.12.0+ or WebCrypto API if possible.
 rsa.generateKeyPair({bits: 2048, workers: 2}, function(err, keypair) {
   // keypair.privateKey, keypair.publicKey
 });
@@ -1378,6 +1376,10 @@ p7.addSigner({
 p7.sign();
 var pem = forge.pkcs7.messageToPem(p7);
 
+// PKCS#7 Sign in detached mode.
+// Includes the signature and certificate without the signed data.
+p7.sign({detached: true});
+
 ```
 
 <a name="pkcs8" />
@@ -2035,8 +2037,8 @@ When using this code please keep the following in mind:
 Library Background
 ------------------
 
-* http://digitalbazaar.com/2010/07/20/javascript-tls-1/
-* http://digitalbazaar.com/2010/07/20/javascript-tls-2/
+* https://digitalbazaar.com/2010/07/20/javascript-tls-1/
+* https://digitalbazaar.com/2010/07/20/javascript-tls-2/
 
 Contact
 -------
@@ -2056,40 +2058,40 @@ Financial support is welcome and helps contribute to futher development:
 
 [#forgejs]: https://webchat.freenode.net/?channels=#forgejs
 [0.6.x]: https://github.com/digitalbazaar/forge/tree/0.6.x
-[3DES]: http://en.wikipedia.org/wiki/Triple_DES
-[AES]: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
-[ASN.1]: http://en.wikipedia.org/wiki/ASN.1
+[3DES]: https://en.wikipedia.org/wiki/Triple_DES
+[AES]: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
+[ASN.1]: https://en.wikipedia.org/wiki/ASN.1
 [Bower]: https://bower.io/
 [Browserify]: http://browserify.org/
-[CBC]: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
-[CFB]: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
-[CTR]: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
+[CBC]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
+[CFB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
+[CTR]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
 [CommonJS]: https://en.wikipedia.org/wiki/CommonJS
-[DES]: http://en.wikipedia.org/wiki/Data_Encryption_Standard
-[ECB]: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
-[Fortuna]: http://en.wikipedia.org/wiki/Fortuna_(PRNG)
-[GCM]: http://en.wikipedia.org/wiki/GCM_mode
-[HMAC]: http://en.wikipedia.org/wiki/HMAC
-[JavaScript]: http://en.wikipedia.org/wiki/JavaScript
+[DES]: https://en.wikipedia.org/wiki/Data_Encryption_Standard
+[ECB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
+[Fortuna]: https://en.wikipedia.org/wiki/Fortuna_(PRNG)
+[GCM]: https://en.wikipedia.org/wiki/GCM_mode
+[HMAC]: https://en.wikipedia.org/wiki/HMAC
+[JavaScript]: https://en.wikipedia.org/wiki/JavaScript
 [Karma]: https://karma-runner.github.io/
-[MD5]: http://en.wikipedia.org/wiki/MD5
-[Node.js]: http://nodejs.org/
-[OFB]: http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
-[PKCS#10]: http://en.wikipedia.org/wiki/Certificate_signing_request
-[PKCS#12]: http://en.wikipedia.org/wiki/PKCS_%E2%99%AF12
-[PKCS#5]: http://en.wikipedia.org/wiki/PKCS
-[PKCS#7]: http://en.wikipedia.org/wiki/Cryptographic_Message_Syntax
+[MD5]: https://en.wikipedia.org/wiki/MD5
+[Node.js]: https://nodejs.org/
+[OFB]: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
+[PKCS#10]: https://en.wikipedia.org/wiki/Certificate_signing_request
+[PKCS#12]: https://en.wikipedia.org/wiki/PKCS_%E2%99%AF12
+[PKCS#5]: https://en.wikipedia.org/wiki/PKCS
+[PKCS#7]: https://en.wikipedia.org/wiki/Cryptographic_Message_Syntax
 [PayPal]: https://www.paypal.com/
-[RC2]: http://en.wikipedia.org/wiki/RC2
-[SHA-1]: http://en.wikipedia.org/wiki/SHA-1
-[SHA-256]: http://en.wikipedia.org/wiki/SHA-256
-[SHA-384]: http://en.wikipedia.org/wiki/SHA-384
-[SHA-512]: http://en.wikipedia.org/wiki/SHA-512
+[RC2]: https://en.wikipedia.org/wiki/RC2
+[SHA-1]: https://en.wikipedia.org/wiki/SHA-1
+[SHA-256]: https://en.wikipedia.org/wiki/SHA-256
+[SHA-384]: https://en.wikipedia.org/wiki/SHA-384
+[SHA-512]: https://en.wikipedia.org/wiki/SHA-512
 [Subresource Integrity]: https://www.w3.org/TR/SRI/
-[TLS]: http://en.wikipedia.org/wiki/Transport_Layer_Security
+[TLS]: https://en.wikipedia.org/wiki/Transport_Layer_Security
 [UMD]: https://github.com/umdjs/umd
-[X.509]: http://en.wikipedia.org/wiki/X.509
+[X.509]: https://en.wikipedia.org/wiki/X.509
 [freenode]: https://freenode.net/
 [unpkg]: https://unpkg.com/
 [webpack]: https://webpack.github.io/
-[TweetNaCl]: https://github.com/dchest/tweetnacl-js
+[TweetNaCl.js]: https://github.com/dchest/tweetnacl-js