* [feature] Support RSA-PSS with **--rsa-pss** command line argument. Requires cryptography 42+. * [feature] sign: support partial field overwrite when **--reset** is not given. * [cleanup] Add full typing to all code. * [cleanup] Drop support for cryptography < 3.1 - stop use of ``default_backend()``.
2.2
---
* [feature] Switch to timezone-aware timestamps with UTC timezone. * [cleanup] Properly initialize EC curves to avoid warning. * [cleanup] Drop SSH+DSA tests due to deprecation warnings. * [cleanup] Drop support for cryptography < 3.0
2.1
---
* [feature] ``autogen`` command to generate key and sign certificate based on config file. * [fix] Proper BrokenPipeError handling. * [cleanup] Drop SSH code, use cryptography API instead. * [cleanup] Drop support for cryptography < 2.8 * [cleanup] Add typing.
2.0
---
* [feature] ``export`` command to change file format. Useful for keys. * [feature] ``export-pub`` command to extract public key from certificate or private key. * [feature] ``list ec-curves`` and ``list name-fields`` commands. * [feature] Support DER output format. * [feature] Support OpenSSH private key format. * [feature] Support LDAP name syntax. * [api] Split code into submodules. API compatibility is not kept.
1.4
---
* [feature] Disallow non-standard key formats unless ``--unsafe`` switch is given. * [feature] Read-write support for PolicyConstraints and CertificatePolicies. * [feature] Read-only support for Certificate Transparency extensions, to allow ``show`` to work.
1.3
---
* [feature] Support all EC curves (``cryptography`` 2.6+) * [feature] Support DSA keys * [fix] Prepare for ed25519 keys, requires ``cryptography`` 2.8+ * [fix] CRL handling fixes * [fix] Do not set path-length by default for CAs. * [fix] Use 20 byte serial number instead 16.