147 lines
4.8 KiB
Markdown
147 lines
4.8 KiB
Markdown
# Keyfork v0.2.1
|
|
|
|
This release contains an emergency bugfix for Keyfork Shard, which previously
|
|
would not be able to properly verify the length of remote shard QR codes.
|
|
|
|
# Keyfork v0.2.0
|
|
|
|
Some of the changes in this release are based on feedback from audits
|
|
(publications coming soon!). The previous version of Keyfork, in almost every
|
|
configuration, is safe to use. The most significant change in this version
|
|
affects Keyfork Shard, which has an incompatible difference between this
|
|
version and the previous version. Information about shards, such as the length
|
|
of the shard, could be leaked and discovered by an attacker when using the
|
|
Remote Shard recovery mechanism.
|
|
|
|
An additional change is the requirement of hardened indices on the first two
|
|
levels of key derivation. This is due to Keyfork potentially leaking private
|
|
keys when hardened derivation is not used. To be completely honest, I don't
|
|
entirely understand the math behind it.
|
|
|
|
There is no reason to upgrade if Keyfork has been used as-is, as all supported
|
|
provisioners at this point in time require hardened derivation at all steps.
|
|
|
|
### Changes in keyfork:
|
|
|
|
```
|
|
d04989e keyfork-derive-util: make key parsing fallible again, since secp256k1 isn't guaranteed correct
|
|
5d2309e keyfork-prompt: add SecurePinValidator for making new, secure, PINs
|
|
cdf4015 keyfork wizard: use correct derivation path for re-deriving shard decryption keys
|
|
f0e5ae9 keyfork-derive-openpgp: document KEYFORK_OPENPGP_EXPIRE
|
|
289cec3 keyfork wizard: upcast i and index to avoid wrapping add
|
|
9394500 keyfork-shard: generate nonce using hkdf
|
|
```
|
|
|
|
### Changes in keyfork-derive-openpgp:
|
|
|
|
```
|
|
f0e5ae9 keyfork-derive-openpgp: document KEYFORK_OPENPGP_EXPIRE
|
|
9f089e7 keyfork-derive-openpgp: use .first() in place of .get(0)
|
|
```
|
|
|
|
### Changes in keyfork-derive-util:
|
|
|
|
```
|
|
de4e98a keyfork-derive-util: black-box checking all zeroes
|
|
48ccd7c keyfork-derive-util: add note about potential side-channel when verifying keys
|
|
d04989e keyfork-derive-util: make key parsing fallible again, since secp256k1 isn't guaranteed correct
|
|
1de466c keyfork-derive-util: allow zeroable input for non-master-key derivation
|
|
61871a7 keyfork-derive-util: make private and public test keys more visible
|
|
2bca0a1 keyfork-derive-util: make Test{Public,Private}Key public, rename Internal algorithm
|
|
```
|
|
|
|
### Changes in keyfork-entropy:
|
|
|
|
```
|
|
5438f4e keyfork-entropy: downgrade entropy size limit to warning
|
|
```
|
|
|
|
### Changes in keyfork-mnemonic-util:
|
|
|
|
```
|
|
001fc0b remove trailing hitespace :(
|
|
6a265ad keyfork-mnemonic-util: add MnemonicBase::from_nonstandard_bytes
|
|
```
|
|
|
|
### Changes in keyfork-prompt:
|
|
|
|
```
|
|
5d2309e keyfork-prompt: add SecurePinValidator for making new, secure, PINs
|
|
```
|
|
|
|
### Changes in keyfork-qrcode:
|
|
|
|
```
|
|
fa125e7 keyfork-qrcode: prefer Instant over SystemTime for infallible time comparison
|
|
```
|
|
|
|
### Changes in keyfork-shard:
|
|
|
|
```
|
|
d04989e keyfork-derive-util: make key parsing fallible again, since secp256k1 isn't guaranteed correct
|
|
1a036a0 keyfork-shard: clean up documentation for encrypted shard padding
|
|
e068743 keyfork-shard: display error message on duplicate key fingerprints found
|
|
23db509 keyfork-shard: improve wording for counting shardholders
|
|
9461772 keyfork-shard: ignore duplicate certificate entries
|
|
6a265ad keyfork-mnemonic-util: add MnemonicBase::from_nonstandard_bytes
|
|
c0b19e2 keyfork-shard: assert shared secrets are contributory
|
|
0fe5301 keyfork-shard: add in bug messages
|
|
08a66e2 keyfork-shard: base64 encode content instead of base16
|
|
6fa434e keyfork-shard: shorten length and pad inside encrypted block
|
|
9394500 keyfork-shard: generate nonce using hkdf
|
|
194d475 keyfork-shard: validate signatures using shard-specific validation requirements
|
|
```
|
|
|
|
### Changes in keyfork-zbar:
|
|
|
|
```
|
|
0c76869 .cargo/config.toml: add registry configuration :)
|
|
```
|
|
|
|
### Changes in keyforkd:
|
|
|
|
```
|
|
bcfcc87 keyforkd: add warning when loading seed with less than 128 bits
|
|
40551a5 keyforkd: require hardened derivation on two highest indexes
|
|
```
|
|
|
|
### Changes in keyforkd-client:
|
|
|
|
```
|
|
d04989e keyfork-derive-util: make key parsing fallible again, since secp256k1 isn't guaranteed correct
|
|
1de466c keyfork-derive-util: allow zeroable input for non-master-key derivation
|
|
40551a5 keyforkd: require hardened derivation on two highest indexes
|
|
```
|
|
|
|
### Changes in keyforkd-models:
|
|
|
|
```
|
|
40551a5 keyforkd: require hardened derivation on two highest indexes
|
|
```
|
|
|
|
# Keyfork v0.1.0
|
|
|
|
### Tagged releases:
|
|
|
|
* `keyfork-bin 0.1.0`
|
|
* `keyfork-bug 0.1.0`
|
|
* `keyfork-crossterm 0.27.1`
|
|
* `keyfork-derive-key 0.1.0`
|
|
* `keyfork-derive-openpgp 0.1.0`
|
|
* `keyfork-derive-path-data 0.1.0`
|
|
* `keyfork-derive-util 0.1.0`
|
|
* `keyfork-entropy 0.1.0`
|
|
* `keyfork-frame 0.1.0`
|
|
* `keyfork-mnemonic-util 0.2.0`
|
|
* `keyfork-prompt 0.1.0`
|
|
* `keyfork-qrcode 0.1.0`
|
|
* `keyfork-shard 0.1.0`
|
|
* `keyfork-slip10-test-data 0.1.0`
|
|
* `keyfork 0.1.0`
|
|
* `keyfork-zbar-sys 0.1.0`
|
|
* `keyfork-zbar 0.1.0`
|
|
* `keyforkd-client 0.1.0`
|
|
* `keyforkd-models 0.1.0`
|
|
* `keyforkd 0.1.0`
|
|
* `smex 0.1.0`
|