Releases: michelp/pgsodium
v1.3.0: Michelp/fixinitpalloc (#17)
- Fix palloc issue reported by Zahir
- Add zymbit, google, and aws kms example scripts
Pileated Woodpecker
Michelp/zymbit (#16) * zymbit first draft. * aws kms getkey example. * fix bug in aws key generation. * google kms example. * add zymkey getkey script. * add a sleep to suppress anoying connect error on faster computer.
Devil's Lake
pgsodium is an encryption library for postgres that provides modern cryptographic functions based on the libsodium library. This release brings many changes, cleanups and tests, and includes a lot of new functionality.
There are a few breaking changes with 1.1.1, most noticeably, API access is revoked by default, and there are now three layered security roles with access to the API.
The least privileged role can only use secret key API functions by key id, it can never see or use raw bytea keys. The next layer role can see and use keys and keypairs, but not make them, and the highest privilege role can do everything including make and derive keys and keypairs.
Many encryption patterns require only the minimal key id privilege and a column encryption example is provided in the documentation.
1.2.0 also wraps the IETF ChaCha20-Poly1305 construction for Authenticated Encryption with Additional Data (AEAD) in libsodium as the crypto_aead_ietf
API.
pgsodium_derive()
is deprecated and is not called derive_key()
.
Several related fixes were made to the multipart public key signing, and many more tests and error checks have been added.
Going for the 1.1.1
v1.1.1 going for 1.1.1
General 1.0.0 release.
1.0.0 is the first post alpha release of pgsodium, including new detaching signing support by @marcmunro .
If you're upgrading from 0.0.1 alpha, drop the extension first, then create 1.0.0.
General 1.0.0 release.
v1.0.0-alpha add test for example using SET LOCAL
v0.0.1-alpha
Tested with libsodium 1.0.18. New callback hooks zero allocated memory when context is deleted, avoiding leaving secrets in memory.