- Less variable constant time compare
- WebKeySet requires SSL by default
- WebKeySet can allow self signed certs by thumbprint
- Changed TimeoutVerifier to support alternative time source in constuctor.
- Removed unnecessary digest size spec.
- Renamed AesAeadStream to SymmetricAeadStream
- Added Unofficial RSA-PSS signing implementation with appropriate strength digest hash algorithms.
- Made changes to AES-GCM implementation to improve performance when next Bouncy Castle is released.
- Better implementation for handling key hash collisions.
- Added missing test check against version number for future ciphetext formats.
- Removed dependencies on System.Security.Cryptography.
- No longer uses dynamic invocation, more likely to be AOT compile compatible.
- Works when encountering a buggy cpp key hash.
- Works when encountering a buggy java signature.
- Fixed TimeoutSigner compatibilty with other keyczar.
- Keyczar tool updated 'usekey' to produce all keyczar wire formats.
- TimeoutVerifier now has optional call back for current time.
- Fixed bug with constant time compare not really being constant time
- Added support to export PEM formatted Public Keys
- Fixed bug with 'KeyczarTool.exe create' producing python incompatible keysets when --name flag was ommited
- Initial release