Cosmian/kms 5.14.0

on GitHub

[5.14.0] - 2025-12-15

🚀 Features

• Sign and SignatureVerify support across CLI, and UI (#522, #606):
  • CLI: Added sign and signature_verify subcommands for RSA and Elliptic Curves (crate/cli/src/actions/kms/.../sign.rs, .../signature_verify.rs).
  • UI: Added React pages for RSA and EC signing and verification (ui/src/RsaSign.tsx, ui/src/RsaVerify.tsx, ui/src/ECSign.tsx, ui/src/ECVerify.tsx), and surfaced object type in Locate.
• Make DB pool max_connections configurable (#632)
• Support sign and verify on CLI/UI + issue 619 (#606)

🚜 Refactor

• Server: Consolidate KMIP operations Sign and SignatureVerify for RSA and Elliptic Curves (crate/server/src/core/operations/sign.rs, signature_verify.rs; routes updated). Supported signature schemes: RSASSA-PSS, ECDSA, EdDSA (Ed25519, Ed448).
• Digest (pre-hashed) mode for signing and verification (#619):
  • Introduced digested=true handling so inputs are treated as final digests (no implicit hashing) across RSA and EC paths (crypto + server).
  • RSA: Added verify support using pre-hashed input, including PKCS#1 v1.5 and RSASSA-PSS flows (crate/crypto/src/crypto/rsa/verify.rs).
  • EC: Added verify support using pre-hashed input (crate/crypto/src/crypto/elliptic_curves/verify.rs).
• Non-FIPS EC deterministic behavior (RFC 6979-like) via RustCrypto P256 implementation in non-FIPS builds.
• RSASSA-PSS: Server respects salt_len when specified (including 0) during Sign.

🧪 Testing

• Added CLI and crypto tests for sign/verify flows, including digested mode

🐛 Bug Fixes

• MySQL schema missing PRIMARY KEY (#628)
• On JWT auth, token was not properly forwarded in requests (#629)
• Support COSMIAN_KMS_CONF env. variable in docker (#630)
• Support AWS ECS Fargate (#634)
• ObjectType Attribute problem (#588)
• (UI) Remove in home page the incorrect HSM comment (#639)
• Support mysql TDE while fixing the KMIP 1.x TTLV deserializer (#631)
• Cli needs snake case (#640)

📚 Documentation

• Rename .github/README.md
• Update installation instructions (#635)

⚙️ Build

• (deps) Bump sigstore/cosign-installer from 3.7.0 to 4.0.0 (#624)
• (deps) Bump crazy-max/ghaction-dump-context from 1 to 2 (#625)
• (deps) Bump actions/setup-node from 4 to 6 (#626)
• (deps) Bump actions/download-artifact from 4 to 6 (#627)
• (deps) Bump actions/download-artifact from 6 to 7 (#637)
• (deps) Bump actions/upload-artifact from 5 to 6 (#638)

⚙️ Miscellaneous Tasks

• Rearrange releases (#636)