Added client configuration message for signing (#277)
Added a new format for the media type that is compatible with OCI registries (#279)
Added events.proto for Ruby package (#264)
Targeted Node16 for Typescript package (#230)

0.3.0

published 0.3.0 • 9 months ago

Changelog

Options for more generic observer time (#179)
BREAKING: VerificationMaterials.contents now has an additional certificate variant, which is preferred in 0.3 bundles with the Sigstore PGI (#191)
Added algorithm registry documentation and updated PublicKeyDetails message (#194, #212)
- Deterministic ECDSA is deprecated
- NIST-P384 and NIST-P521 curves added
- Existing (and underspecified) RSA key types are deprecated. New RSA keytypes are defined that specifies size of public modulus and hash algorithm. RSA now only supports PKCS#1 signature scheme, and PKIX (SubjectPublicKeyInfo) encoding.
- Experimental support for LMS key types.

0.2.1

published 0.2.1 • last year

Changelog

There were no changes in this release.

There were no removals in this release.

published 0.2.0 • last year

Changelog

TransparencyLogEntry.inclusion_proof is now marked as required (was previously optional), while TransparencyLogEntry.inclusion_promise is now marked as optional (was previously required) (#84)
More Rekor messages and message fields have been marked as required (#79)
Ruby bindings: class names have been updated and now live in the Sigstore:: namespace (#87)

Docs: Clarify that TransparencyLogEntry.canonicalized_body is optional (#74)
Docs: Clarify that key IDs are digests over SPKI encodings (#73)
Docs: Clarify that bundled certificate chains must not contain root or intermediate certificates that should be trused out-of-band (#77)
Docs: Clarify TimeRange validity periods (#78)