github smallstep/certificates v0.23.0-rc.1
Step CA v0.23.0-rc.1 (22-09-13)

latest releases: v0.28.0, v0.27.5, v0.27.4...
pre-release2 years ago

Official Release Artifacts

Linux

OSX Darwin

Windows

For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.

Don't see the artifact you need? Open an issue here.

Signatures and Checksums

step-ca uses sigstore/cosign for signing and verifying release artifacts.

Below is an example using cosign to verify a release artifact:

cosign verify-blob \
  -key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
  -signature ~/Downloads/step-ca_darwin_0.23.0-rc.1_amd64.tar.gz.sig
  ~/Downloads/step-ca_darwin_0.23.0-rc.1_amd64.tar.gz

The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.

Changelog

  • df97512 Upgrade linkedca and add entry to changelog
  • 666f695 Merge pull request #1048 from smallstep/attest-platform
  • bb0210e Fix typo in linkedca variable
  • 1e098ae Fixes ACMEAttestationFormat comment
  • 6640713 Add methods to convert attestation formats
  • 0f65179 Reject not enabled attestation formats
  • 53ad3a9 Add go workspaces files to gitignore
  • ba42aaf Add attestationFormat property in the ACME provisioner
  • b2119e9 Merge pull request #977 from smallstep/device-attestation
  • fd4e96d Rename method to IsChallengeEnabled
  • c77b4ff Fix linter errors
  • 59c5219 Use a type for acme challenges
  • a89bea7 Format comment
  • 5df9434 Fix old comment, device-attest-01 uses the acme payload
  • c5d3714 Fix acme error map
  • 08815c5 Reneame attestation statement error
  • 3cd72ac Remove debug statements
  • 55318ef Merge pull request #1043 from unreality/oidc-missing-email
  • 1b68a9f Merge pull request #1045 from smallstep/deprecation-notice
  • bc61b23 Add deprecation notices to step-x-init binaries
  • b89f210 remove fail-email test and add ok-empty-email test
  • a2749ca Merge branch 'master' into device-attestation
  • 7a03c43 allow missing Email claim in OIDC tokens, use subject when its missing
  • e75e7e7 Fix linter warnings
  • 54d9209 Validate proof of possession signature
  • 45af68b Upgrade go.step.sm/crypto
  • 59b7603 Use a clientAuth only cert for device-attest-01
  • 6db631d Upgrade go.step.sm/crypto@attest
  • ca412e7 Return error on attestation validation
  • ab5f916 Define ErrorBadAttestationStatement
  • 735c9d4 Add support for yubikey attestation
  • ebce40e Add new method ACMEClient.ValidateWithPayload
  • f1c63bc Fix challenge mapping
  • 2a44972 Run go mod tidy
  • df96b12 Add AuthorizeChallenge unit tests
  • bca311b Add acme property to enable challenges
  • ae8d4d8 Fix unit test
  • 693dc39 Merge branch 'master' into device-attestation
  • b1e9d5e Revert "Run on plaintext HTTP to support Cloud Run"
  • 2f7cb92 Use go.step.sm/crypto to set the permanent identifier
  • 21427d5 Replace instead of prepend provisioner extension
  • 2ab1e66 Fix nonce validation
  • e02a190 Merge branch 'master' into device-attestation
  • 66356cf Add attestation certificate validation for Apple devices
  • 9b9c555 Add changelog template
  • 1d10491 Update README.md
  • 274f6cc iOS 16 beta 2 support
  • 7e1b0be iOS 16 beta 1 support
  • 77c6d10 Verify key authorization is contained within the TPM quote extraData field
  • e1ec31c Implement TPM attestation statement verification
  • 2ac8b69 Add ACME permanent-identifier identifier type
  • aacd6f4 Add device-attest-01 challenge type
  • 09b9673 Run on plaintext HTTP to support Cloud Run
  • 860baeb Verbose debug logging

Thanks!

Those were the changes on v0.23.0-rc.1!

Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.

Don't miss a new certificates release

NewReleases is sending notifications on new releases.