Pyhanko

======

*Release date:* 2025-03-08


Breaking changes
----------------

* Some outdated algos for encrypting the security handler seed in
a public-key encrypted PDF were dropped to get rid of ``oscrypto``
as a direct dependency of ``pyhanko``. It is still pulled in
via ``pyhanko-certvalidator``, but it is no longer used for
any cryptographic operations (which is significant, because
of compatibility issues on systems that no longer ship OpenSSL 1.1.1)


Dependency changes
------------------

* Relax ``uharfbuzz`` upper bound to ``<0.47.0``.
* Make ``defusedxml`` a regular dependency, remove ``[xmp]`` dependency group.
* Remove ``[extra-pubkey-algs]`` dependency group (see breaking change list)



New features and enhancements
-----------------------------

* Expose ``signature_mechanism`` parameter in PKCS11 API.


.. _release-0.25.3:

======

*Release date:* 2024-11-17

Dependency changes
------------------

* Workflow dependency bumps
* Set ``aiohttp`` upper bound to ``3.12``
* Bump ``pyhanko-certvalidator`` to ``0.26.5``
* Bump ``certomancer`` to ``0.12.3``

Note: these changes make pyHanko compatible with the (unreleased) API change in
`asn1crypto 230 <https://github.com/wbond/asn1crypto/issues/230>`_,
which is nevertheless already being shipped in some distros.


.. _release-0.25.2:

======


*Release date:* 2024-11-11


Dependency changes
------------------

* Bump minimal ``cryptography`` version to ``43.0.3``.
* Update ``uharfbuzz`` upper bound to ``0.42.0``.
* Add Python 3.13 to the package metadata & include it in CI.
* Some test dependencies bumped.

Bugs fixed
----------

* Properly propagate ``strict=False`` in post-signing instructions.


.. _release-0.25.1:

======


*Release date:* 2024-07-18


Bugs fixed
----------

* Align usage of SHAKE256 OIDs with Ed448 with RFC 8419


.. _release-0.25.0:

======


*Release date:* 2024-05-06


New features and enhancements
-----------------------------


Encryption
^^^^^^^^^^

* Implement ISO/TS 32003 and ISO/TS 32004, to support AES-GCM streams and
MAC authentication in encrypted PDF 2.0 documents, respectively.
MACs are turned on by default when creating documents with PDF 2.0-style
encryption.


.. _release-0.24.0:

======


*Release date:* 2024-04-27


Breaking changes
----------------

* Setting & retrieving permission flags for encrypted files now
comes with an ergonomic API that is much less error-prone.
You no longer have to manually convert your permission bits
to their signed integer representation.
See :mod:`pyhanko.pdf_utils.crypt.permissions`.

Dependency changes
------------------

* Upgraded ``xsdata`` (optional) to ``24.4``.


Bugs fixed
----------

* Several issues with copying objects from encrypted documents
(in particular, encrypted documents with signatures) have been fixed.
* Tolerate unpadded empty ciphertext.
* Improve error messages on malformed keys.


.. _release-0.23.2: