NEWS

PKI 0.1-14 (2024-06-15)

fixed PKI.sign.tar() and PKI.verify.tar() mist-detecting tar-balls with xz (lzma) compression. Also the detection no longer fails in UTF-8 locales on systems where R attempts to interpret the magic bytes as UTF-8. (#29)
added PKI.genpass() for random password generation

add PKI.info() which returns information about the underlying engine.
add support for OpenSSL >= 3.0.0 (#26) Thanks to Steve Langasek for analysis and patch.
PKI.sign.tar() avoids the use of strings for compression detection as it can fail in some locales. (#27)
added support for PKGCONFIG which defaults to pkg-config and will be used to auto-detect compiler flags if they are not provided in PKG_* or OPENSSL_INCLUDES. This behavior can be disabled by explicitly setting PKGCONFIG to an empty string.

add default= and partial= arguments to PKI.verifyCA()
add PKI.get.cert.info() and informative print() method for certificates.
fix PKI.verify.tar to support certificates stored directly instead of wrapped inside ASN1 bit string.

add support for explicit setting of initialization vectors (iv) in PKI.encrypt() and PKI.decrypt() for ciphers that support it. (see #16)
add PKI.random() for generating cryptographically strong random bytes which can be used for keys, IVs, seeds etc.
adapt to API changes in OpenSSL 1.1 (see also PR#18)

fixed crash when loading private keys introduced by PR#1 in (unreleased) 0.1-2 and bring back the ability to directly read "DER"-encoded private RSA keys.
fix detection of PKCS#8 encrypted private keys in PEM format

add "DER" format option to PKI.load.cert()
allow key in PKI.verify to be a certificate (which will be passed to PKI.pubkey() internally)
add experimental signing/verification of tar files using PKI.sign.tar() and PKI.verify.tar()
add support for symmetric ciphers like AES in PKI.encrypt()/PKI.decrypt()
add support for retrieving the subject of a certificate via PKI.get.subject() [PR#2, thanks to Matt Jones]
add support for PKCS#8 private key format (RFC 5208) and sign/verify/digest using SHA256. [PR#1, thanks to Siddhartha Bagaria]
bugfix: key length was incorrectly checked when using symmetric ciphers so too short keys were accepted.
bugfix: if the last block was filled during encryption, the necessary additional padding block was not generated. (#8)
bugfix: some functions did not call PKI initialization. One manifestation was that error messages were cryptic until any X.509 function was called. (#9)

added PKI.load.key() and PKI.save.key() functions to load/save keys from/to PEM and DER formats IMPORTANT API NOTE: PKI.load.key() replaces the (unexported) function PKI.load.privkey() in the previous PKI version.
added support for OpenSSH public key format (as used in .ssh/authorized_keys files) as well as pure PKCS#1 and SSH2 PEMs
make PEM parsing more robust to support headers
added ASN.1 tools to parse and synthesize ASN.1 formatted objects - mostly for use in key format conversions
added as.BIGNUMint() for ASN.1 BIGNUM integer format conversion
added PKI.mkRSApubkey() to create RSA public keys from modulus and exponent alone
added raw2hex() function to convert raw hashes into string format