File size: 2,248 Bytes
5641073
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# node-http-signature changelog

## not yet released

(nothing yet)

## 1.3.6

* Update jsprim due to vulnerability in json-schema (#123)

## 1.3.5

* Add keyPassphrase option to signer (#115)
* Add support for created and expires values (#110)

## 1.3.4

* Fix breakage in v1.3.3 with the setting of the "algorithm" field in the
  Authorization header (#102)

## 1.3.3

**Bad release. Use 1.3.4.**

* Add support for an opaque param in the Authorization header (#101)
* Add support for adding the keyId and algorithm params into the signing string (#100)

## 1.3.2

* Allow Buffers to be used for verifyHMAC (#98)

## 1.3.1

* Fix node 0.10 usage (#90)

## 1.3.0

**Known issue:** This release broken http-signature with node 0.10.

* Bump dependency `sshpk`
* Add `Signature` header support (#83)

## 1.2.0

* Bump dependency `assert-plus`
* Add ability to pass a custom header name
* Replaced dependency `node-uuid` with `uuid`

## 1.1.1

* Version of dependency `assert-plus` updated: old version was missing
  some license information
* Corrected examples in `http_signing.md`, added auto-tests to
  automatically validate these examples

## 1.1.0

* Bump version of `sshpk` dependency, remove peerDependency on it since
  it now supports exchanging objects between multiple versions of itself
  where possible

## 1.0.2

* Bump min version of `jsprim` dependency, to include fixes for using
  http-signature with `browserify`

## 1.0.1

* Bump minimum version of `sshpk` dependency, to include fixes for
  whitespace tolerance in key parsing.

## 1.0.0

* First semver release.
* #36: Ensure verifySignature does not leak useful timing information
* #42: Bring the library up to the latest version of the spec (including the
       request-target changes)
* Support for ECDSA keys and signatures.
* Now uses `sshpk` for key parsing, validation and conversion.
* Fixes for #21, #47, #39 and compatibility with node 0.8

## 0.11.0

* Split up HMAC and Signature verification to avoid vulnerabilities where a
  key intended for use with one can be validated against the other method
  instead.

## 0.10.2

* Updated versions of most dependencies.
* Utility functions exported for PEM => SSH-RSA conversion.
* Improvements to tests and examples.