github Foxboron/age-plugin-tpm v1.0.0
on GitHub

10 hours ago

age-tpm-plugin v1.0.0

This marks the first stable release of age-plugin-tpm.

Couple of reasons for this

  • The plugin framework in age upstream means we no longer rely on a home brewed parser.
  • The encryption scheme from age for this plugin is standardized (more below).
  • People rely on this tool for important things, so cementing this with a stable release seems appropriate.

New Features

p256tag is now the recipient type

The previous encryption scheme in this plugin was a scavenged bits of encryption
code from the main age project with sprinkled bits of TPM.

With the v1.3.0 release of age we have a standardized p256tag recipient
type that is based on a bit more modern encryption scheme. Still backed by a TPM
for key storage.

The specification can be found with the C2SP project.

age-plugin-tpm will now by default create the new tag recipients. The
internal encryption scheme tpm-ecc is now replaced with the standardized
p256tag scheme, and users of tpm recipients should migrate to newer
tag recipients. This can be done by piping your identity through a newer
version of the plugin with age-plugin-tpm -y.

age-plugin-tpm will continue to act on older recipient types, but encrypt with
the newer encryption scheme. When we encounter files encrypted with the old
scheme, or we see old recipient files, we will issue a warning that they should
be updated.

Support for persistent Storage Root Keys (SRK)

Previous versions of age-plugin-tpm would fail to operate on TPMs where access
has been locked down due to a owner password being set. With this release
age-plugin-tpm will probe the TPM for a persistent SRK to derive a key from
instead of making an ephemeral one.

This is not a security issue, so there is no need to re-create new identities.
This is mostly just a feature/convenience thing.

The internal version on the key has been bumped.

Thanks to @Popax21

Pinentry support has been remove

Pinentry depends on gnupg things. Gnupg is bad. We don't do gnupg around these parts.

We now request PIN through age.

Bug fixes

There has been no bug fixes this release. Amazing.

Generated changelog

What's Changed

New Contributors

Full Changelog: v0.3.0...v1.0.0-rc1

Check out latest releases or
releases around Foxboron/age-plugin-tpm v1.0.0

Don't miss a new age-plugin-tpm release

NewReleases is sending notifications on new releases.

Get notifications