pcp/ChangeLog

0.2.1   My crypt+sign implementation were wrong (better:
	defect). It worked but a legal recipient could
	re-encrypt the message and attach the original
	signature, fooling a third party. Now the signature
	is being made of the encrypted recipient list,
	the cleartext content (both hashed together) and
	encrypted afterwards.

	Re-implemented pcp_readz85string() function, it's
	now much more fault tolerant and flexible and
	save against overflows. It is able to catch a
	multitude of z85 encoded inputs, such as multiline
	z85 data, oneline z85 data, including or without
	headers/footers and it considers any single line
	of content which ends with [\r]\n and contains
	a whitespace as comment.

	Added Buffer 'class' internal api to make it easier
	to work with binary data in various, flexible and
	error prone ways. Cribbed from the code in
	openssh/buffer.c.
	
0.2.0	ED25519 and Curve25519 keys are now generated
	separately (previously they were generated from
	one random seed, the curve had been derived from
	the ed key).

	To encrypt the secret keys, we're now using a key
	derived from the user passphrase generated using
	the scrypt() function, incorporated from tarsnap
	via scrypt-1.1.6.

	The "derived pcp key" feature has been dropped.

	Encrypted file format/scheme changed. Previously
	I included the sender's key-id with the encrypted
	cipher as a hash. So, encrypted message do no more
	contain pk material.

	Changed signature scheme completely. Binary signature
	follow the pbp scheme: calculate blake2 hash of the
	content, sign the hash, write out original content,
	add "\nnacl-", add the signature, add the hash.
	Armored signatures are calculated the same way but
	output follows the pgp scheme instead.

	Detached signatures are still supported as before,
	for the user everything with them is as known, but
	the commandline option -f (--sigfile) have to be
	applied. Internally, however, inputs will be read in
	32k blockwise as well. Detached signatures are now
	z85 encoded always.

	Now you can also crypt+sign files with pcp1. Signatures
	of encrypted files are always binary appended as is,
	no offset designator. This leads to a couple of
	problems which need to be solved somehow in the
	future: recipient doesn't know whether to decrypt
	the file or to decrypt and verify it. Also it's unclear
	how to behave if decryption works but the signature
	doesn't verify. Currently pcp1 failes in this case,
	but leaves the decrypted result on disk. Hm...

	The default encryption mode with pcp (and pbp as of
	this writing) is ECB. Each 32k block is encrypted
	independently. While ECB is generally a bad choice,
	the 32k blocksize compensates for it. However, just
	to have to option, if we decide to use CBC instead,
	I already implemented it. It must be enabled at
	compile time with ./configure --enable-cbc. CBC mode
	in PCP uses a blocksize of 1k.

	Added PBP public key import and export compatibility
	(untested against pbp yet), use -b when exporting a
	public key, or when importing one.

0.1.5   Fixed a segmentation fault when using pcp1 -t on a
	public key. I added a double free() there by purpose
	to test segfault catching I added in unittest.pl
	and forgot to remove it. The good news is, that
	I found the double free() immediately thanks to the
	segfault catching of unittest.pl :)

	Fixed use of unencrypted secret keys, added proper
	unittests for this case. Note: a secret key will
	be stored unencrypted if the user doesn't enter
	a password when asked. In addition to the fix I
	added a question if the user is sure about what
	he does.

	Moved config.h to include/pcp/ so it will be
	installed as well. Removed the conditional include
	of config.h in platform.h, that was stupid.

	Added generation of a pkg-config configuration
	in libpcp/libpcp1.pc.in.

	Added -O support to -k. So now you can generate
	a new secret key and export it directly into a
	file. In this case the key will not be stored to
	the vault.

	The -t option now accepts an inputfile (-I) and
	determines what kind of file that might be and
	if it finds out, prints some info about it to
	stdout. Useful if you've got a z85 encoded file
	without headers and comments and don't know what
	it is.

	Moved all uthash (key lists) related code into
	keyhash.c, so nowhere will be used any HASH*
	macros directly.

	Fixed various malloc/free errors. Found them on
	the gcc compilefarm, thanks to the gcc guys
	providing access to it.

	Fixed alternate arc4random*() implementation in
	platform.h, now we just use the random functions
	of libsodium if they're not available.

	Added C++ language binding (bindings/cpp/), look
	at tests/cpptest.cpp for usage examples.

	Fixed problem under big-endian platforms where
	encryption didn't work due a missing sodium_init()
	call. Thanks to Frank Denis. See
	https://github.com/jedisct1/libsodium/issues/100

0.1.4   Changed key format (again), now the main secret
	is the ED25519 secret key, which will be encrypted.
	Everything else will be derived from that. Thanks
	to S.Neives and "CodesInChaos" from the libsodium
	mailinglist for clarifying it and helping me to
	understand it.

0.1.3   Added signature support using ED25519.

	Key format has changed it now contains the ed25519
	public key part as well, required for signing. Key
	version is now 0x2 and vault version 0x2. There's
	no backwards compatibility, since this is still beta.

	Re-organized header files.

	Added support for self encryption using the users
	own key pair for encryption and decryption.

	Backport of issue https://github.com/zeromq/zeromq4-x/issues/29

	Fixed key export, now uses big endianess as well.

	Updated POD documentation.

	Fixed a couple of minor bugs which lead to crashes.

	Options -r and -R exchanged: -R = remove key, -r =
	recipient.

	Added support for derived keys (using -r).

	Added more precautions when writing to the vault,
	we now always use a tmp vault for writing and if that
	works, we copy it back. In case something fails on
	the way, the tmp file will be retained or the original
	vault will not be altered.

0.1.2   Fixed bug in pcp_derivekey() which derives encryption
	keys. it generated collisions due coding error, e.g.
	passphase 'a' resulted in the same encryptionkey as
	passphase 'r'. Now uses SHA256 witout the xor stuff,
	which was the cause for the bug. This also fixes a
	segmentation fault which occured invariably by entering
	an invalid passphrase.

	Added support for derived public keys using the -R
	option, which allows two peers to encrypt messages
	without the need to reveal their primary public keys.
	That way each peer will have another public key of
	the same source.

	Added more unit tests to reflect the above changes.

0.1.1   Changed output format of encrypted keys. now we
        encode it properly with the Z85 encoding and add
        a header and footer to it:

         -----BEGN CURVE25519 SECRET KEY-----
         0q<1MspXp=x>mBZsUJF:2#)o*!.nTKR8SK}0IfuMBmC1a&*?)JD4%$%I5<J2jj%m/k&$?lck
         EIKTfhPnSR8Vvcu9i7Znf/v+ZvU<}K#v@+t#5]i{9FGgJT$Lu*i+<-we&P9+)6LjN=NW(PLYt
         EU]wBzf{UrCgBNSHcGBT
         -----END CURVE25519 SECRET KEY-----

0.0.1   Initial version