@digitalbazaar/minimal-cipher - npm Package Versions

6.0.0 - 2023-11-05

Changed

• BREAKING: Require node >= 18.
• BREAKING: Use P-256 curve elliptic keys for key agreement instead of X25519 when using the fips-compliant version.
• Use @noble/curves to provide X25519 implementation. This lib is often used in other libs that are combined with this one and it has been through a comprehensive security audit. Additional benefits include speed and tree-shaking capabilities.

5.1.1 - 2022-08-14

Fixed

• Fix chacha bug.

5.1.0 - 2022-07-31

Added

• Use platform-specific native APIs where possible to implement ChaCha20-Poly1305 and XChaCha20-Poly1305.

5.0.0 - 2022-06-06

Changed

• BREAKING: Convert to module (ESM).
• BREAKING: Require Node.js >=14.
• BREAKING: Use globalThis for browser crypto and streams.
• BREAKING: Require Web Crypto API. Older browsers and Node.js 14 users need to install an appropriate polyfill.
• BREAKING: Require Streams API. Older browsers and Node.js <18 users need to install an appropriate polyfill.
• Update dependencies.
• Lint module.

4.0.2 - 2021-09-17

Fixed

• Fix parameters passed to key wrap/unwrapping functions in aeskw.js. The key usage param for the key to be wrapped/unwrapped was inconsistent and not accepted on certain browsers (Firefox). A previous commit conflated the key usage field for the key to be wrapped with the key wrapping key itself and this has been corrected and commented to help avoid future problems.

4.0.1 - 2021-08-18

Fixed

• Pin web-streams-polyfill@3.0.x. This has been done because version 3.1+ of the polyfill have added checks to force the same version of the polyfill to be used across all code that uses the ReadableStream API. This means that the polyfill does not just polyfill an interface such that it is compatible with other libraries; those libraries must all know about each other and use the exact same implementation. Hopefully, this will be fixed in a later version of the polyfill.

4.0.0 - 2021-07-22

Changed

• BREAKING: Upgrade to @digitalbazaar/x25519-verification-key-2020 v2.0, which changes the key serialization format to multicodec (in addition to multibase).

3.0.0 - 2021-04-01

Changed

• BREAKING: Update KEY_TYPE to X25519KeyAgreementKey2020.

2.0.0 - 2021-03-12

Changed

• BREAKING: Changed README instructions to use x25519-key-agreement-key-2019 v4+ key type examples, which itself is based on crypto-ld v4+. See also x25519-key-agreement-key-2019 v4+ Changelog, crypto-ld v4.0 Changelog
• Update @stablelib/chacha20poly1305 and @stablelib/xchacha20poly1305 deps to their latest 1.0 versions. (Should be no breaking changes there.)
• Update web-streams-polyfill to major version v3.0.0 (see its changelog entry). (Should be no changes that affect this lib.)

Purpose and Upgrade Instructions

There no API changes to minimal-cipher itself (aside from the rename of its npm package to @digitalbazaar/minimal-cipher), so upgrading from 1.4.x to 2.0.0 only involves making sure that the keys being used for key agreement are generated using the newer crypto-ld v4 method (see minimal-cipher README for examples).