2017-12-29  Arthur de Jong <arthur@arthurdejong.org>

	* [2651e80] tests/test_write.doctest: Not all XML serialisers
	  write namespaces in same order

	  This ignores the namespace declarations in the generated XML
	  files because not all implementations on all environments write
	  these in the same order.

2017-12-29  Arthur de Jong <arthur@arthurdejong.org>

	* [44b1353] docs/conf.py, setup.cfg, tox.ini: Add Sphinx
	  documentation checks

	  This also slightly tunes the way Sphinx documentation is built.

2017-12-15  Arthur de Jong <arthur@arthurdejong.org>

	* [42be53b] pskc2csv.py, tox.ini: Add support for PyPy

2017-12-15  Arthur de Jong <arthur@arthurdejong.org>

	* [660ed65] setup.py, tox.ini: Add support for Python 3.7

2017-12-15  Arthur de Jong <arthur@arthurdejong.org>

	* [9cd97c9] README, setup.py: Use README as package long description

2017-12-15  Arthur de Jong <arthur@arthurdejong.org>

	* [20bf9c5] docs/encryption.rst, pskc/encryption.py, pskc2csv.py,
	  tests/test_rfc6030.doctest: Add an is_encrypted property

	  This property can be use to see whether the PSKC file needs an
	  additional pre-shared key or passphrase to decrypt any stored
	  information.

2017-12-27  Arthur de Jong <arthur@arthurdejong.org>

	* [c365a70] : Implement XML signature checking

2017-12-17  Arthur de Jong <arthur@arthurdejong.org>

	* [418f3dc] docs/encryption.rst, docs/index.rst, docs/mac.rst,
	  docs/signatures.rst, docs/usage.rst: Add documentation for signed
	  PSKC files

2017-12-23  Arthur de Jong <arthur@arthurdejong.org>

	* [a97ac46] pskc/parser.py, pskc/serialiser.py,
	  pskc/signature.py, pskc/xml.py, setup.py,
	  tests/certificate/README, tests/certificate/ca-certificate.pem,
	  tests/certificate/ca-key.pem, tests/certificate/certificate.pem,
	  tests/certificate/key.pem, tests/certificate/request.pem,
	  tests/certificate/ss-certificate.pem,
	  tests/rfc6030/figure9.pskcxml,
	  tests/test_draft_ietf_keyprov_pskc_02.doctest,
	  tests/test_rfc6030.doctest, tests/test_signature.doctest, tox.ini:
	  Implement signature checking

	  This adds support for creating and verifying embedded XML
	  signatures in PSKC files. This uses the third-party signxml
	  library for actual signing and verification.

	  The signxml library has a dependency on lxml and defusedxml
	  (and a few others) but all parts of python-pskc still work
	  correctly with our without lxml and/or defusedxml and signxml
	  is only required when working with embedded signatures.

	  This modifies the tox configuration to skip the signature
	  checks if singxml is not installed and to only require 100%
	  code coverage if the signature tests are done.

2017-12-15  Arthur de Jong <arthur@arthurdejong.org>

	* [c0bd21f] pskc/xml.py: Move namespace moving to own function

2017-09-22  Arthur de Jong <arthur@arthurdejong.org>

	* [ea503d6] pskc/__init__.py, pskc/parser.py, pskc/signature.py,
	  tests/test_draft_ietf_keyprov_pskc_02.doctest,
	  tests/test_rfc6030.doctest: Implement basic parsing of signature
	  properties

2017-12-23  Arthur de Jong <arthur@arthurdejong.org>

	* [fcc6cdb] pskc2csv.py: Explicitly close output file in pskc2csv

	  This ensures that the file descriptor is closed if we opened
	  the file.  This is not a big problem for the script (because
	  the script exists anyway) but causes problems for the tests.

2017-12-18  Arthur de Jong <arthur@arthurdejong.org>

	* [052f5bc] docs/policy.rst, pskc/parser.py,
	  pskc/policy.py, pskc/serialiser.py, tests/test_misc.doctest,
	  tests/test_write.doctest: Fix typo in pin_max_failed_attempts
	  attribute

	  This makes the old name (pin_max_failed_attemtps) available as
	  a deprecated property.

2017-12-15  Arthur de Jong <arthur@arthurdejong.org>

	* [6f0ca70] pskc/parser.py,
	  tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/non-encrypted.pskcxml,
	  tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml,
	  tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/non-encrypted.pskcxml,
	  tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/password-encrypted.pskcxml,
	  tests/test_draft_hoyer_keyprov_portable_symmetric_key_container.doctest:
	  Add limited support for very old draft PSKC versions

	  This adds basic support for parsing the PSKC files as specified
	  in draft-hoyer-keyprov-portable-symmetric-key-container-00 and
	  draft-hoyer-keyprov-portable-symmetric-key-container-01.

	  It should be able to extract secrets, counters, etc. but not
	  all properties from the PSKC file are supported.

	  It is speculated that this format resembles the "Verisign PSKC
	  format" that some applications produce.

2016-09-19  Arthur de Jong <arthur@arthurdejong.org>

	* [9b85634] tests/multiotp/pskc-hotp-aes.txt,
	  tests/multiotp/pskc-hotp-pbe.txt, tests/multiotp/pskc-totp-aes.txt,
	  tests/multiotp/pskc-totp-pbe.txt,
	  tests/multiotp/tokens_hotp_aes.pskc,
	  tests/multiotp/tokens_hotp_pbe.pskc,
	  tests/multiotp/tokens_ocra_aes.pskc,
	  tests/multiotp/tokens_ocra_pbe.pskc,
	  tests/multiotp/tokens_totp_aes.pskc,
	  tests/multiotp/tokens_totp_pbe.pskc, tests/test_multiotp.doctest:
	  Add test files from multiOTP

	  This adds tests for parsing the files that are shipped as part
	  of the multiOTP test suite.

	  https://www.multiotp.net/

2017-12-15  Arthur de Jong <arthur@arthurdejong.org>

	* [01507af] pskc/key.py, pskc/parser.py, pskc/serialiser.py,
	  tests/misc/partialxml.pskcxml, tests/test_misc.doctest,
	  tests/test_write.doctest: Refactor internal storate of encrypted
	  values

	  This changes the way encrypted values are stored internally before
	  being decrypted. For example, the internal _secret property can now
	  be a decrypted plain value or an EncryptedValue instance instead
	  of always being a DataType, simplifying some things (e.g. all
	  XML encoding/decoding is now done in the corresponding module).

	  This should not change the public API but does have consequences
	  for those who use custom serialisers or parsers.

2017-12-13  Arthur de Jong <arthur@arthurdejong.org>

	* [dcf1919] pskc/crypto/aeskw.py, pskc/encryption.py,
	  tests/encryption/kw-camellia128.pskcxml,
	  tests/encryption/kw-camellia192.pskcxml,
	  tests/encryption/kw-camellia256.pskcxml,
	  tests/test_encryption.doctest: Add support for KW-Camellia suite
	  of algorithms

2017-12-13  Arthur de Jong <arthur@arthurdejong.org>

	* [364e93d] pskc/encryption.py,
	  tests/encryption/camellia128-cbc.pskcxml,
	  tests/encryption/camellia192-cbc.pskcxml,
	  tests/encryption/camellia256-cbc.pskcxml,
	  tests/test_encryption.doctest: Add support for Camellia-CBC
	  suite of algorithms

2017-10-11  Arthur de Jong <arthur@arthurdejong.org>

	* [4c5e046] docs/conf.py, docs/pskc2csv.rst, setup.cfg: Add a
	  manual page for pskc2csv

2017-10-09  Arthur de Jong <arthur@arthurdejong.org>

	* [25cb2fc] setup.cfg: Ignore missing docstring in __init__ in flake

2017-09-30  Arthur de Jong <arthur@arthurdejong.org>

	* [225e569] pskc/crypto/__init__.py, pskc/crypto/aeskw.py,
	  pskc/crypto/tripledeskw.py, pskc/encryption.py,
	  pskc/mac.py, setup.cfg, setup.py, tests/test_crypto.doctest,
	  tests/test_encryption.doctest, tox.ini: Replace pycrypto with
	  cryptography

	  The cryptography library is better supported.

	  This uses the functions from cryptography for AES and Triple
	  DES encryption, replaces the (un)padding functions that were
	  previously implemented in python-pskc with cryptography and uses
	  PBKDF2 implementation from hashlib.

2017-09-30  Arthur de Jong <arthur@arthurdejong.org>

	* [5dff7d4] pskc/encryption.py: Use PBKDF2 from hashlib

	  This uses pbkdf2_hmac() from hashlib for the PBKDF2 calculation.
	  The downside of this is that this function is only available
	  since Python 2.7.8.

2017-09-30  Arthur de Jong <arthur@arthurdejong.org>

	* [2c8a9b7] pskc/crypto/aeskw.py, pskc/crypto/tripledeskw.py,
	  pskc/encryption.py, pskc/mac.py, tests/test_aeskw.doctest,
	  tests/test_write.doctest: Replace use of pycrypto utility functions

	  This uses os.urandom() as a source for random data and replaces
	  other utility functions. This also removes one import for getting
	  the lengths of Tripple DES keys.

2017-09-24  Arthur de Jong <arthur@arthurdejong.org>

	* [d0eddf8] pskc/serialiser.py, pskc/xml.py,
	  tests/test_write.doctest: Implement our own XML formatting

	  This avoids a using xml.dom.minidom to indent the XML tree and
	  keep the attributes ordered alphabetically. This also allows
	  for customisations to the XML formatting.

2017-09-24  Arthur de Jong <arthur@arthurdejong.org>

	* [4ed4e11] tests/test_mac.doctest: Support hashlib from Python 2.7.3

	  Some Python versions don't have the algorithms_available property
	  but do have the algorithms property in hashlib.

2017-09-24  Arthur de Jong <arthur@arthurdejong.org>

	* [b90faeb] pskc/xml.py, setup.py, tox.ini: Use defusedxml if
	  available

	  This uses the defusedxml library if available to defend agains
	  a number of XML-based attacks.

2017-09-23  Arthur de Jong <arthur@arthurdejong.org>

	* [7272e54] pskc/serialiser.py, tests/test_write.doctest: Fix bug
	  in saving PBKDF2 salt on Python3

	  The PBKDF2 salt was saved in the wrong way (b'base64encodeddata'
	  instead of base64encodeddata) when using Python 3. This fixes
	  that problem and tests that saving and loading of a file that
	  uses PBKDF2 key derivation works.

2017-09-23  Arthur de Jong <arthur@arthurdejong.org>

	* [cd33833] pskc2csv.py, setup.cfg, tests/test_pskc2csv.doctest:
	  Add tests for the pskc2csv script

	  This makes minor changes to the pskc2csv script to make it more
	  easily testable.

2017-09-22  Arthur de Jong <arthur@arthurdejong.org>

	* [6028b8e] pskc2csv.py: Support adding custom CSV file headers

	  This allows adding an optional label to the --columns option that
	  can be used to output a label different from the key property
	  name in the CSV file header.

2017-09-20  Arthur de Jong <arthur@arthurdejong.org>

	* [eef681b] pskc2csv.py: Add --secret-encoding option to pskc2csv

	  This option can be used to configure the encoding of the secret
	  in the CSV file (still hex by default).

2017-09-20  Arthur de Jong <arthur@arthurdejong.org>

	* [6f78dd6] pskc/__init__.py, pskc/crypto/aeskw.py,
	  pskc/crypto/tripledeskw.py, pskc/exceptions.py, pskc/mac.py,
	  pskc/parser.py, pskc/policy.py, pskc/serialiser.py, setup.cfg,
	  tox.ini: Run flake8 from tox

	  This also makes a few small code formatting changes to ensure
	  that the flake8 tests pass.

2017-09-11  Arthur de Jong <arthur@arthurdejong.org>

	* [cc3acc2] tox.ini: Simplify Tox configuration

2017-06-10  Arthur de Jong <arthur@arthurdejong.org>

	* [0c00c80] pskc/__init__.py, pskc/encryption.py, pskc/parser.py,
	  pskc/serialiser.py, pskc/xml.py, pskc2csv.py: Various minor code
	  style improvements

2017-06-10  Arthur de Jong <arthur@arthurdejong.org>

	* [510e6a5] pskc/encryption.py, pskc/parser.py: Normalise key
	  derivation algorithms

	  This makes KeyDerivation.algorithm and KeyDerivation.pbkdf2_prf
	  properties automatically normalise assigned values.

2017-06-10  Arthur de Jong <arthur@arthurdejong.org>

	* [d72e6cc] pskc/xml.py: Switch to using non-deprecated method

	  This uses ElementTree.iter() instead of ElementTree.getiterator()
	  for going over all the child elements in the tree because the
	  latter is deprecated.

2017-06-10  Arthur de Jong <arthur@arthurdejong.org>

	* [7b106ff] docs/usage.rst, pskc/key.py, tests/test_yubico.doctest:
	  Provide Key.userid convenience property

	  This provides a read-only userid property on Key objects that uses
	  the key_userid or device_userid value, whichever one is defined.

2017-06-09  Arthur de Jong <arthur@arthurdejong.org>

	* [f0d2991] docs/conf.py, docs/encryption.rst, docs/exceptions.rst,
	  docs/mac.rst: Document supported encryption and MAC algorithms

	  This also includes a few other small documentation improvements.

2017-06-09  Arthur de Jong <arthur@arthurdejong.org>

	* [8b8848d] pskc/encryption.py, pskc/mac.py,
	  tests/test_invalid.doctest, tests/test_mac.doctest: Refactor
	  MAC lookups

	  This switches to using the hashlib.new() function to be able to use
	  all hashes that are available in Python (specifically RIPEMD160).

	  This also adds a number of tests for HMACs using test vectors
	  from RFC 2202, RFC 4231 and RFC 2857.

2017-06-09  Arthur de Jong <arthur@arthurdejong.org>

	* [e10f9c6] pskc/algorithms.py: Handle more algortihm URIs

	  This adds a number of algorithm URIs defined in RFC 6931 and also
	  simplifies the definition of the list of URIs. It also adds more
	  aliases for algorithms.

2017-01-25  Arthur de Jong <arthur@arthurdejong.org>

	* [1fc1a03] README, docs/usage.rst, setup.py: Switch URLs to HTTPS

2017-01-21  Arthur de Jong <arthur@arthurdejong.org>

	* [8de25c2] tests/actividentity/test.pskcxml,
	  tests/test_actividentity.doctest: Correct name of ActivIdentity
	  test file

2017-01-21  Arthur de Jong <arthur@arthurdejong.org>

	* [5889df7] ChangeLog, NEWS, README, docs/conf.py, pskc/__init__.py,
	  pskc2csv.py, setup.py: Get files ready for 0.5 release

2017-01-15  Arthur de Jong <arthur@arthurdejong.org>

	* [29a183d] tests/test_feitian.doctest, tests/test_nagraid.doctest:
	  Split vendor tests

	  Have one doctest file per vendor to make tests a little more
	  manageable.

2017-01-14  Arthur de Jong <arthur@arthurdejong.org>

	* [02eb520] tests/test_yubico.doctest, tests/yubico/example1.pskcxml,
	  tests/yubico/example2.pskcxml, tests/yubico/example3.pskcxml:
	  Add tests for Yubikey files

	  This adds tests from draft-josefsson-keyprov-pskc-yubikey-00.

2017-01-13  Arthur de Jong <arthur@arthurdejong.org>

	* [12dfa64] pskc/parser.py, tests/actividentity/test.pskc,
	  tests/test_actividentity.doctest: Support legacy ActivIdentity
	  files

	  This adds support for parsing ActivIdentity files that conform
	  to a very old version of an Internet Draft. The implementation
	  and test were based on a file provided by Jaap Ruijgrok.

2017-01-11  Arthur de Jong <arthur@arthurdejong.org>

	* [a5e2343] pskc/parser.py,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml:
	  Use original examples from old profiles Internet Draft

	  This updates the tests to use the original examples from
	  draft-hoyer-keyprov-pskc-algorithm-profiles-01 instead of
	  modifying them to fit the RFC 6030 schema (but does include some
	  minor changes to make them valid XML).

	  This adds a few additions to the parser to handle legacy challenge
	  and resposne encoding and a few key policy properties.

	  This also includes a fix for 0b757ec in the handling of the
	  <ChallengeFormat> element under a <Usage> element.

2016-12-21  Arthur de Jong <arthur@arthurdejong.org>

	* [2f7cb1a] tests/rfc6030/figure8.pskcxml,
	  tests/rfc6030/figure9.pskcxml, tests/test_rfc6030.doctest:
	  Add all figures from RFC 6030 to test suite

	  Note that asymmetric encryption and digital signature checking
	  has not yet been implemented so the tests are pretty minimal.
2016-12-21  Arthur de Jong <arthur@arthurdejong.org>

	* [0b757ec] pskc/parser.py, pskc/xml.py,
	  tests/draft-ietf-keyprov-pskc-02/figure2.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure3.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure4.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure5.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure6.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure7.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure8.pskcxml,
	  tests/draft-ietf-keyprov-pskc-02/figure9.pskcxml,
	  tests/test_draft_ietf_keyprov_pskc_02.doctest: Add support for
	  older Internet Draft version

	  This adds support for parsing most examples from
	  draft-ietf-keyprov-pskc-02. That file uses a few other names
	  for elements and attributes of the PSKC file and a few other
	  minor differences.

	  The XML parsing has been changed to allow specifying multiple
	  matches and the find*() functions now return the first found match.

	  While all examples from draft-ietf-keyprov-pskc-02 are tested
	  support for verifying digital signatures and asymmetric keys
	  have not yet been implemented.

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [09076f8] tests/test_encryption.doctest: Fix typo in test

2016-12-20  Arthur de Jong <arthur@arthurdejong.org>

	* [46fa5f1] setup.cfg: Fail tests on missing coverage

2016-12-20  Arthur de Jong <arthur@arthurdejong.org>

	* [047a2a9] pskc/key.py, pskc/mac.py,
	  tests/encryption/mac-over-plaintext.pskcxml,
	  tests/invalid/mac-missing.pskcxml, tests/invalid/mac-value.pskcxml,
	  tests/invalid/missing-encryption-method.pskcxml,
	  tests/test_encryption.doctest, tests/test_invalid.doctest:
	  Allow MAC over plaintext or ciphertext

	  RFC 6030 implies that the MAC should be performed over the
	  ciphertext but some earlier drafts implied that the MAC should
	  be performed on the plaintext. This change accpets the MAC if
	  either the plaintext or ciphertext match.

	  Note that this change allows for a padding oracle attack when
	  CBC encryption modes are used because decryption (and unpadding)
	  needs to be done before MAC checking. However, this module is
	  not expected to be available to users to process arbitrary PSKC
	  files repeatedly.

	  This removes the tests for a missing MAC key (and replaces it for
	  tests of missing EncryptionMethod) because falling back to using
	  the encryption key (implemented in a444f78) in combination with
	  this change means that decryption is performed before MAC checking
	  and is no longer possible to trigger a missing MAC key error.

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [bae7084] pskc/crypto/__init__.py, pskc/encryption.py,
	  tests/test_crypto.doctest: Add sanity checks to unpadding

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [d864bc8] pskc/serialiser.py: Ensure XML file ends with a newline

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [c631628] pskc/xml.py: Adapt coverage pragma annotations

	  This fixes the pragma directives to be be correct independently
	  of whether lxml is installed or not.

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [18d82dc] .gitignore, tox.ini: Add Tox configuration

	  This sets up Tox with various versions of Python and for each
	  version a run with and without lxml.

2016-12-19  Arthur de Jong <arthur@arthurdejong.org>

	* [71058e2] tests/test_write.doctest: Close read files in tests

	  This ensures that the files that are read in the test suite are
	  properly closed to avoid leaking open file descriptors.

2016-12-18  Arthur de Jong <arthur@arthurdejong.org>

	* [f0a0a3b] pskc/parser.py: Support missing or lowercase version
	  attribute

2016-09-26  Arthur de Jong <arthur@arthurdejong.org>

	* [3bf4737] docs/usage.rst: Fix copy-pasto in documentation

	  This accidentally slipped in as part of beafc6b.  2016-09-19
Arthur de Jong <arthur@arthurdejong.org>

	* [02b30a9] pskc/__init__.py, pskc/parser.py, pskc/serialiser.py:
	  Also move outer writing and parsing to modules

2016-09-17  Arthur de Jong <arthur@arthurdejong.org>

	* [b1f8f87] .gitignore, README, pskc/__init__.py: Add writing
	  example to toplevel documentation

2016-09-17  Arthur de Jong <arthur@arthurdejong.org>

	* [e23a467] pskc/key.py: Use custom data descriptors for key
	  properties

	  This uses a custom data descriptor (property) for secret, counter,
	  time_offset, time_interval and time_drift.

2016-09-17  Arthur de Jong <arthur@arthurdejong.org>

	* [beafc6b] docs/usage.rst, pskc/__init__.py, pskc/device.py,
	  pskc/key.py, pskc/parser.py, pskc/policy.py, pskc/serialiser.py,
	  tests/test_misc.doctest, tests/test_write.doctest: Support
	  separate device from key

	  This allows having multiple keys per device while also maintaining
	  the previous API.

	  Note that having multiple keys per device is not allowed by the
	  RFC 6030 schema but is allowed by some older internet drafts.

2016-09-16  Arthur de Jong <arthur@arthurdejong.org>

	* [84bfb8a] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/policy.py, pskc/serialiser.py: Move XML
	  generation to own module

	  Similar to the change for parsing, move the XML serialisation
	  of PSKC data to a single class in a separate module.

2016-09-14  Arthur de Jong <arthur@arthurdejong.org>

	* [426e821] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/parser.py, pskc/policy.py: Move document
	  parsing to own module

	  This moves all the parse() functions to a single class in a
	  dedicated module that can be used for parsing PSKC files. This
	  should make it easier to subclass the parser.

2016-09-14  Arthur de Jong <arthur@arthurdejong.org>

	* [bf34209] tests/invalid/no-mac-method.pskcxml,
	  tests/test_invalid.doctest, tests/test_rfc6030.doctest: Some
	  minor improvements to the tests

2016-09-12  Arthur de Jong <arthur@arthurdejong.org>

	* [600ae68] pskc/encryption.py, pskc/key.py, pskc/xml.py,
	  setup.cfg, tests/invalid/empty-mac-key.pskcxml,
	  tests/invalid/incomplete-derivation.pskcxml,
	  tests/invalid/missing-encryption.pskcxml,
	  tests/misc/SampleFullyQualifiedNS.xml, tests/misc/policy.pskcxml,
	  tests/test_aeskw.doctest, tests/test_encryption.doctest,
	  tests/test_invalid.doctest, tests/test_misc.doctest,
	  tests/test_write.doctest: Improve branch coverage

	  This enables branch coverage testing and adds tests to improve
	  coverage.

2016-09-11  Arthur de Jong <arthur@arthurdejong.org>

	* [713d106] pskc/encryption.py, tests/test_encryption.doctest:
	  Support specifying PRF in setup_pbkdf2()

	  This also ensures that the PRF URL is normalised.

2016-09-11  Arthur de Jong <arthur@arthurdejong.org>

	* [ff811c9] pskc/encryption.py: Fix bug in passing explicit key
	  to setup_preshared_key()

2016-09-11  Arthur de Jong <arthur@arthurdejong.org>

	* [fa07aa5] docs/encryption.rst, pskc/encryption.py: Clarify
	  encryption.setup_*() documentation

	  This tries to make it clearer that the setup_preshared_key()
	  and setup_pbkdf2() functions are meant to be used when writing
	  out PSKC files.

2016-04-23  Arthur de Jong <arthur@arthurdejong.org>

	* [a444f78] pskc/key.py, pskc/mac.py,
	  tests/encryption/no-mac-key.pskcxml,
	  tests/invalid/mac-missing.pskcxml, tests/test_encryption.doctest,
	  tests/test_invalid.doctest: Fall back to encryption key for MAC

	  This uses the encryption key also as MAC key if no MAC key has
	  been specified in the PSKC file. Earlier versions of the PSKC
	  draft specified this behaviour.

2016-04-23  Arthur de Jong <arthur@arthurdejong.org>

	* [9b76135] pskc/encryption.py,
	  tests/encryption/aes128-cbc-noiv.pskcxml,
	  tests/test_encryption.doctest: Allow global specification of IV

	  In older versions of the PSKC standard it was allowed to
	  have a global initialization vector for CBC based encryption
	  algorithms. It is probably not a good idea to re-use an IV
	  in general.

2016-04-23  Arthur de Jong <arthur@arthurdejong.org>

	* [d53f05b] pskc/encryption.py, pskc/mac.py: Move crypto to functions

	  This makes it much easier to test the encryption, decryption
	  and HMAC processing separate from the PSKC parsing.

2016-04-05  Arthur de Jong <arthur@arthurdejong.org>

	* [5dbfefd] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/policy.py: Remove parse call from constructors

	  This makes the creation if internal instances a litte more
	  consistent.

2016-04-05  Arthur de Jong <arthur@arthurdejong.org>

	* [0d7caf1] pskc/algorithms.py, pskc/encryption.py, pskc/mac.py:
	  Move algorithm uri handling to separate module

2016-03-29  Arthur de Jong <arthur@arthurdejong.org>

	* [22ba9f1] pskc/crypto/__init__.py, pskc/encryption.py: Move
	  padding functions to crypto package

2016-03-28  Arthur de Jong <arthur@arthurdejong.org>

	* [efbe94c] ChangeLog, NEWS, pskc/__init__.py, setup.py: Get files
	  ready for 0.4 release

2016-03-26  Arthur de Jong <arthur@arthurdejong.org>

	* [0c57335] docs/policy.rst: Document may_use() policy function

2016-03-27  Arthur de Jong <arthur@arthurdejong.org>

	* [b4a6c72] : Implement writing encrypted files

	  This adds support for setting up encryption keys and password-based
	  key derivation when writing PSKC files. Also MAC keys are set
	  up when needed.

2016-03-26  Arthur de Jong <arthur@arthurdejong.org>

	* [59aa65b] README, docs/conf.py, docs/encryption.rst, docs/mac.rst,
	  docs/usage.rst, pskc/__init__.py: Document writing encrypted files

2016-03-21  Arthur de Jong <arthur@arthurdejong.org>

	* [5f32528] tests/test_write.doctest: Add encryption error tests

2016-03-21  Arthur de Jong <arthur@arthurdejong.org>

	* [7ede4a1] tests/test_write.doctest: Add tests for writing
	  encrypted PSKC files

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [1ff3237] pskc/encryption.py: Allow configuring a pre-shared key

	  This method allows configuring a pre-shared encryption key and
	  will chose reasonable defaults for needed encryption values
	  (e.g. it will choose an algorithm, generate a new key of the
	  appropriate length if needed, etc.).

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [50414a3] pskc/encryption.py, tests/test_encryption.doctest:
	  Allow configuring PBKDF2 key derivation

	  This factors out the PBKDF2 key derivation to a separate function
	  and introduces a function to configure KeyDerivation instances
	  with PBKDF2.

2016-03-21  Arthur de Jong <arthur@arthurdejong.org>

	* [5ac9d43] pskc/mac.py, tests/test_encryption.doctest: Allow
	  configuring a MAC key

	  This method will set up a MAC key and algorithm as specified or
	  use reasonable defauts.

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [16da531] pskc/key.py, pskc/mac.py: Generate MAC values

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [ca0fa36] pskc/__init__.py, pskc/encryption.py, pskc/mac.py:
	  Write MACMethod

	  This also makes the MAC.algorithm a property similarly as what
	  is done for Encryption (normalise algorithm names) and adds a
	  setter for the MAC.key property.

2016-03-21  Arthur de Jong <arthur@arthurdejong.org>

	* [8fd35ba] pskc/encryption.py, pskc/key.py: Write out encrypted
	  values

	  The Encryption class now has a fields property that lists the
	  fields that should be encrypted when writing the PSKC file.

	  This adds an encrypt_value() function that performs the encryption
	  and various functions to convert the plain value to binary before
	  writing the encrypted XML elements.

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [eba541e] pskc/__init__.py, pskc/encryption.py, pskc/mac.py:
	  Make Encryption and MAC constructors consistent

	  This removes calling parse() from the Encryption and MAC
	  constructors and stores a reference to the PSKC object in both
	  objects so it can be used later on.

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [fe21231] pskc/__init__.py, pskc/encryption.py,
	  tests/test_write.doctest: Write encryption key information

	  This writes information about a pre-shared key or PBKDF2 key
	  derivation in the PSKC file. This also means that writing
	  a decrypted version of a previously encrypted file requires
	  actively removing the encryption.

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [0893640] pskc/encryption.py, tests/test_misc.doctest: Add
	  algorithm_key_lengths property

	  This property on the Encryption object provides a list of key
	  sizes (in bytes) that the configured encryption algorithm supports.

2016-03-22  Arthur de Jong <arthur@arthurdejong.org>

	* [8b5f6c2] pskc/policy.py, tests/test_misc.doctest,
	  tests/test_rfc6030.doctest, tests/test_write.doctest: Also check
	  key expiry in may_use()

2016-03-20  Arthur de Jong <arthur@arthurdejong.org>

	* [dfa57ae] pskc2csv.py: Support reading password or key in pskc2csv

	  This supports reading the encryption password or key from the
	  command line or from a file.

2014-06-28  Arthur de Jong <arthur@arthurdejong.org>

	* [0744222] pskc/xml.py: Copy namespaces to toplevel element

	  Ensure that when writing an XML file all namespace definitions
	  are on the toplevel KeyContainer element instead of scattered
	  throughout the XML document.

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [e8ef157] pskc/__init__.py, tests/test_write.doctest: Support
	  writing to text streams in Python 3

	  This supports writing the XML output to binary streams as well
	  as text streams in Python 3.

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [cadc6d9] pskc/key.py, pskc/mac.py,
	  tests/invalid/missing-encryption.pskcxml,
	  tests/invalid/not-boolean.pskcxml,
	  tests/invalid/not-integer.pskcxml,
	  tests/invalid/not-integer2.pskcxml,
	  tests/invalid/unknown-encryption.pskcxml, tests/test_aeskw.doctest,
	  tests/test_encryption.doctest, tests/test_invalid.doctest,
	  tests/test_misc.doctest, tests/test_rfc6030.doctest,
	  tests/test_tripledeskw.doctest, tests/test_write.doctest:
	  Improve tests and test coverage

	  This adds tests to ensure that incorrect attribute and value
	  types in the PSKC file raise a ValueError exception and extends
	  the tests for invalid encryption options.

	  This removes some code or adds no cover directives to a few
	  places that have unreachable code or are Python version specific
	  and places doctest directives inside the doctests where needed.

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [b8905e0] pskc/key.py, pskc/xml.py, tests/misc/checkdigits.pskcxml,
	  tests/test_misc.doctest: Support both CheckDigit and CheckDigits

	  RFC 6030 is not clear about whether the attribute of
	  ChallengeFormat and ResponseFormat should be the singular
	  CheckDigit or the plural CheckDigits. This ensures that both
	  forms are accepted.

2016-03-19  Arthur de Jong <arthur@arthurdejong.org>

	* [7915c55] pskc/policy.py, tests/misc/policy.pskcxml,
	  tests/test_misc.doctest: Implement policy checking

	  This checks for unknown policy elements in the PSKC file and
	  will cause the key usage policy check to fail.

2016-03-18  Arthur de Jong <arthur@arthurdejong.org>

	* [1687fd6] tests/feitian/20120919-test001-4282.xml,
	  tests/feitian/file1.pskcxml, tests/nagraid/file1.pskcxml,
	  tests/test_vendors.doctest: Add a few tests for vendor files

	  Some vendor-specific files were lifted from the LinOTP test suite
	  and another Feitian file was found in the oath-toolkit repository.

2016-01-31  Arthur de Jong <arthur@arthurdejong.org>

	* [aae8a18] pskc/key.py, tests/misc/integers.pskcxml,
	  tests/test_misc.doctest: Support various integer representations

	  This extends support for handling various encoding methods for
	  integer values in PSKC files. For encrypted files the decrypted
	  value is first tried to be evaluated as an ASCII representation
	  of the number and after that big-endian decoded.

	  For plaintext values first ASCII decoding is tried after which
	  base64 decoding is tried which tries the same encodings as for
	  decrypted values.

	  There should be no possibility for any base64 encoded value
	  (either of an ASCII value or a big-endian value) to be interpreted
	  as an ASCII value for any 32-bit integer.

	  There is a possibility that a big-endian encoded integer could
	  be incorrectly interpreted as an ASCII value but this is only
	  the case for 110 numbers when only considering 6-digit numbers.

2016-01-24  Arthur de Jong <arthur@arthurdejong.org>

	* [c86aaea] README, pskc/__init__.py,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml,
	  tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml,
	  tests/encryption/aes128-cbc.pskcxml,
	  tests/encryption/aes192-cbc.pskcxml,
	  tests/encryption/aes256-cbc.pskcxml,
	  tests/encryption/kw-aes128.pskcxml,
	  tests/encryption/kw-aes192.pskcxml,
	  tests/encryption/kw-aes256.pskcxml,
	  tests/encryption/kw-tripledes.pskcxml,
	  tests/encryption/tripledes-cbc.pskcxml,
	  tests/invalid/encryption.pskcxml,
	  tests/invalid/mac-algorithm.pskcxml,
	  tests/invalid/mac-value.pskcxml,
	  tests/invalid/no-mac-method.pskcxml, tests/invalid/notxml.pskcxml,
	  tests/invalid/wrongelement.pskcxml,
	  tests/invalid/wrongversion.pskcxml,
	  tests/misc/SampleFullyQualifiedNS.xml,
	  tests/misc/odd-namespace.pskcxml, tests/rfc6030/figure10.pskcxml,
	  tests/rfc6030/figure2.pskcxml, tests/rfc6030/figure3.pskcxml,
	  tests/rfc6030/figure4.pskcxml, tests/rfc6030/figure5.pskcxml,
	  tests/rfc6030/figure6.pskcxml, tests/rfc6030/figure7.pskcxml,
	  tests/test_draft_keyprov.doctest, tests/test_encryption.doctest,
	  tests/test_invalid.doctest, tests/test_misc.doctest,
	  tests/test_rfc6030.doctest, tests/test_write.doctest: Re-organise
	  test files

	  This puts the test PSKC files in subdirectories so they can be
	  organised more cleanly.

2016-01-23  Arthur de Jong <arthur@arthurdejong.org>

	* [1904dc2] tests/test_misc.doctest: Add test for incorrect key
	  derivation

	  If no key derivation algorithm has been specified in the PSKC
	  file an exception should be raised when attempting to perform
	  key derivation.

2016-01-24  Arthur de Jong <arthur@arthurdejong.org>

	* [91f66f4] pskc/encryption.py, pskc/key.py, pskc/mac.py: Refactor
	  out EncryptedValue and ValueMAC

	  This removes the EncryptedValue and ValueMAC classes and instead
	  moves the XML parsing of these values to the DataType class. This
	  will make it easier to support different parsing schemes.

	  This also includes a small consistency improvement in the
	  subclasses of DataType.

2016-01-23  Arthur de Jong <arthur@arthurdejong.org>

	* [9b13d3b] pskc/encryption.py, tests/test_misc.doctest: Normalise
	  algorithm names

	  This transforms the algorithm URIs that are set to known values
	  when parsing or setting the algorithm.

2016-01-22  Arthur de Jong <arthur@arthurdejong.org>

	* [b6eab47] docs/encryption.rst, pskc/encryption.py,
	  tests/test_encryption.doctest, tests/test_misc.doctest: Add
	  encryption algorithm property

	  Either determine the encryption algorithm from the PSKC file
	  or from the explicitly set value. This also adds support for
	  setting the encryption key name.

2016-01-22  Arthur de Jong <arthur@arthurdejong.org>

	* [b5f7de5] pskc/key.py, tests/test_write.doctest: Fix a problem
	  when writing previously encrypted file

	  This fixes a problem with writing a PSKC file that is based on
	  a read file that was encrypted.

2016-01-22  Arthur de Jong <arthur@arthurdejong.org>

	* [107a836] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/policy.py, pskc/xml.py: Strip XML namespaces
	  before parsing

	  This simplifies calls to the find() family of functions and
	  allows parsing PSKC files that have slightly different namespace
	  URLs. This is especially common when parsing old draft versions
	  of the specification.

	  This also removes passing multiple patterns to the find()
	  functions that was introduced in 68b20e2.

2015-12-28  Arthur de Jong <arthur@arthurdejong.org>

	* [a86ff8a] README, docs/encryption.rst: Update some documentation

	  This adds a development notes section to the README and changes
	  the wording on the encryption page.

2015-12-01  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [0ff4154] docs/encryption.rst: Fix typo in the documentation

2015-12-01  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [3473903] pskc2csv.py: Support Python 3

2015-11-30  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [a82a60b] pskc/key.py: Make value conversion methods static private

	  - the conversions do not call self: they are static - the
	  conversions are not to be used out of the class: make private

2015-11-30  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [e711a30] pskc/key.py: Provide abstract methods to clarify API

2015-11-30  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [1577687] pskc/encryption.py: Fix typo in variable name

2015-11-30  Mathias Laurin <Mathias.Laurin+github.com@gmail.com>

	* [3aa2a6f] tests/test_invalid.doctest: Fix doctest:
	  IGNORE_EXCEPTION_DETAL

2015-10-07  Arthur de Jong <arthur@arthurdejong.org>

	* [c155d15] ChangeLog, MANIFEST.in, NEWS, pskc/__init__.py,
	  setup.py: Get files ready for 0.3 release

2015-10-07  Arthur de Jong <arthur@arthurdejong.org>

	* [cf0c9e6] README, docs/conf.py, docs/encryption.rst,
	  docs/exceptions.rst, docs/mac.rst, docs/policy.rst, docs/usage.rst,
	  pskc/__init__.py: Update documentation

	  This updates the documentation with the new features (writing PSKC
	  files) as well as many editorial improvements, some rewording
	  and a few typo fixes. Some things were moved around a little in
	  order to be more easily readable and easier to find.

2015-10-06  Arthur de Jong <arthur@arthurdejong.org>

	* [671b6e2] pskc/__init__.py, pskc/crypto/aeskw.py,
	  pskc/crypto/tripledeskw.py, pskc/encryption.py, pskc/key.py,
	  pskc/policy.py, pskc/xml.py, setup.py, tests/test_aeskw.doctest,
	  tests/test_draft_keyprov.doctest, tests/test_encryption.doctest,
	  tests/test_invalid.doctest, tests/test_misc.doctest,
	  tests/test_rfc6030.doctest, tests/test_tripledeskw.doctest,
	  tests/test_write.doctest: Support Python 3

	  This enables support for Python 3 together with Python 2 support
	  with a single codebase.

	  On Python 3 key data is passed around as bytestrings which makes
	  the doctests a little harder to maintain across Python versions.

2015-10-06  Arthur de Jong <arthur@arthurdejong.org>

	* [68b20e2] pskc/encryption.py, pskc/xml.py,
	  tests/SampleFullyQualifiedNS.xml, tests/test_misc.doctest:
	  Fix issue with namespaced PBKDF2 parameters

	  The find() utility functions now allow specifying multiple paths
	  to be searched where the first match is returned.

	  This allows handling PSKC files where the PBKDF2 salt, iteration
	  count, key length and PRF elements are prefixed with the xenc11
	  namespace.

	  A test including such a PSKC file has been included.

	  Thanks to Eric Plet for reporting this.

2014-10-12  Arthur de Jong <arthur@arthurdejong.org>

	* [ebe46f2] pskc2csv.py: Provide a sample pskc2csv script

	  This is a simple command-line utility that reads a PSKC file
	  and outputs information on keys as CSV.

2014-06-30  Arthur de Jong <arthur@arthurdejong.org>

	* [1363564] pskc/crypto/__init__.py, pskc/crypto/aeskw.py,
	  pskc/crypto/tripledeskw.py, pskc/encryption.py,
	  tests/test_aeskw.doctest, tests/test_tripledeskw.doctest: Move
	  encryption functions in pskc.crypto package

	  This moves the encryption functions under the pskc.crypto package
	  to more clearly separate it from the other code. Ideally this
	  should be replaced by third-party library code.

2014-06-30  Arthur de Jong <arthur@arthurdejong.org>

	* [e468ebe] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/policy.py, pskc/xml.py: Rename pskc.parse
	  to pskc.xml

	  This renames the parse module to xml to better reflect the
	  purpose of the module and it's functions.

	  This also introduces a parse() function that wraps etree.parse().

2014-06-28  Arthur de Jong <arthur@arthurdejong.org>

	* [480e2d0] : Support writing unencrypted PSKC files

2014-06-27  Arthur de Jong <arthur@arthurdejong.org>

	* [37dc64a] tests/test_write.doctest: Add test for writing PSKC files

	  This makes a simple doctest that checks the writing of the XML
	  representation of the PSKC data.

2014-06-27  Arthur de Jong <arthur@arthurdejong.org>

	* [865a755] pskc/__init__.py, pskc/parse.py: Add function for
	  writing XML

	  This provides a function for pretty-printing the generated
	  XML document.

2014-06-27  Arthur de Jong <arthur@arthurdejong.org>

	* [61a192f] pskc/__init__.py, pskc/key.py, pskc/policy.py: Construct
	  XML document with basic PKSC information

	  This introduces make_xml() functions to build an XML document
	  that contains the basic PSKC information and keys. This currently
	  only supports writing unencrypted PSKC files.

2014-06-27  Arthur de Jong <arthur@arthurdejong.org>

	* [69aec9f] pskc/parse.py: Introduce mk_elem() to create elements

	  This introduces the mk_elem() function that can be used to create
	  ElementTree elements for building XML documents. This function
	  transparetly handles namespaces, translation of values into
	  XML etc.

2014-06-27  Arthur de Jong <arthur@arthurdejong.org>

	* [7591271] pskc/key.py: Simplify DataType value handling

	  Only store the native value of the property, not the text
	  representation. This also results in the BinaryDataType and
	  IntegerDataType subclasses only needing from_text() and from_bin()
	  functions.

2014-06-19  Arthur de Jong <arthur@arthurdejong.org>

	* [09eb6b3] ChangeLog, NEWS, docs/changes.rst, docs/index.rst,
	  docs/usage.rst, pskc/__init__.py, setup.py: Get files ready for
	  0.2 release

2014-06-19  Arthur de Jong <arthur@arthurdejong.org>

	* [62c9af4] pskc/__init__.py: Only catch normal exceptions

2014-06-18  Arthur de Jong <arthur@arthurdejong.org>

	* [deb57d7] pskc/__init__.py: Remove unused import

2014-06-17  Arthur de Jong <arthur@arthurdejong.org>

	* [178ef1c] pskc/encryption.py: PEP8 fix

2014-06-17  Arthur de Jong <arthur@arthurdejong.org>

	* [7435552] pskc/exceptions.py: Remove __str__ from exception

	  The message property has been deprecated as of Python 2.6 and
	  printing the first argument is the default.

2014-06-16  Arthur de Jong <arthur@arthurdejong.org>

	* [f084735] README, docs/encryption.rst, docs/exceptions.rst,
	  docs/index.rst, docs/mac.rst, docs/policy.rst, docs/usage.rst:
	  Update documentation

	  This updates the documentation with the current API, adding
	  information on exceptions raised, HMAC algorithms supported and
	  changes to the MAC checking.

	  This also includes some editorial changes to some of the text and
	  making references shorter by not including the full package path.

2014-06-15  Arthur de Jong <arthur@arthurdejong.org>

	* [d84e761] pskc/parse.py: Simplify finding ElementTree
	  implementation

	  These are the only ElementTree implementations that have been
	  tested to provide the needed functionality (mostly namespaces).

2014-06-15  Arthur de Jong <arthur@arthurdejong.org>

	* [50b429d] pskc/key.py, pskc/parse.py, pskc/policy.py: Refactor
	  out some functions to parse

	  This introduces the getint() and getbool() functions in parse
	  to avoid some code duplication.

2014-06-15  Arthur de Jong <arthur@arthurdejong.org>

	* [9a16ce4] pskc/key.py, tests/test_misc.doctest: Add support for
	  setting secret

	  This supports setters for the secret, counter, time_offset,
	  time_interval and time_drift properties. Setting these values
	  stores the values unencrypted internally.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [1b9ee9f] pskc/encryption.py: Support PBKDF2 PRF argument

	  Support specifying a pseudorandom function for PBKDF2 key
	  derivation. It currently supports any HMAC that the MAC checking
	  also supports.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [79b9a7d] pskc/mac.py: Provide a get_hmac() function

	  Refactor the functionality to find an HMAC function into a
	  separate function.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [1417d4a] tests/invalid-mac-algorithm.pskcxml,
	  tests/invalid-mac-value.pskcxml,
	  tests/invalid-no-mac-method.pskcxml, tests/test_invalid.doctest:
	  Add tests for missing or invalid MAC

	  This tests for incomplete, unknown or invalid MACs in PSKC files.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [9d8aae0] pskc/key.py, pskc/mac.py: Raise exception when MAC
	  validation fails

	  This changes the way the check() function works to raise an
	  exception when the MAC is not correct. The MAC is also now always
	  checked before attempting decryption.

	  This also renames the internal DataType.value property to a
	  get_value() method for clarity.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [699ecf8] pskc/encryption.py: Handle missing MAC algorithm properly

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [01e102b] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml,
	  tests/aes256-cbc.pskcxml, tests/test_encryption.doctest,
	  tests/tripledes-cbc.pskcxml: Add MAC tests to all CBC encrypted
	  keys

	  This adds hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512
	  tests for values that are encrypted using CBC block cypher modes.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [59e790e] pskc/mac.py: Automatically support all MACs in hashlib

	  This uses the name of the hash to automatically get the correct
	  hash object from Python's hashlib.

2014-06-14  Arthur de Jong <arthur@arthurdejong.org>

	* [566e447] pskc/__init__.py, pskc/parse.py, setup.py: Support
	  various ElementTree implementations

	  When using a recent enough lxml, even Python 2.6 should work
	  now. The most important requirement is that the findall()
	  function supports the namespaces argument.

	  This also now catches all exceptions when parsing the PSKC file
	  fails and wraps it in ParseError because various implementations
	  raise different exceptions, even between versions (Python 2.6's
	  ElementTree raises ExpatError, lxml raises XMLSyntaxError).

2014-06-13  Arthur de Jong <arthur@arthurdejong.org>

	* [5d60ee2] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/parse.py, pskc/policy.py: Have parse module
	  provide find() functions

	  This changes the parse module functions to better match the
	  ElementTree API and extends it with findint(), findtime()
	  and findbin().

	  It also passes the namespaces to all calls that require it
	  without duplicating this throughout the normal code.

2014-06-11  Arthur de Jong <arthur@west.nl>

	* [6a34c01] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
	  pskc/mac.py, pskc/policy.py: Use get() instead of attrib.get()
	  (shorter)

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [4d92b93] pskc/encryption.py, tests/kw-tripledes.pskcxml,
	  tests/test_encryption.doctest: Support kw-tripledes decryption

	  This adds support for key unwrapping using the RFC 3217 Triple
	  DES key wrap algorithm if the PSKC file uses this.

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [fd71f01] pskc/tripledeskw.py, tests/test_tripledeskw.doctest:
	  Implement RFC 3217 Triple DES key wrapping

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [f639318] tests/test_minimal.doctest, tests/test_misc.doctest:
	  Merge test_minimal into test_misc

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [1e7f861] tests/draft-keyprov-actividentity-3des.pskcxml,
	  tests/test_draft_keyprov.doctest: Add an ActivIdentity-3DES test

	  The test is taken from
	  draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
	  the schema as described in RFC 6030.

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [b7cb928] tests/draft-keyprov-securid-aes-counter.pskcxml,
	  tests/test_draft_keyprov.doctest: Add an SecurID-AES-Counter test

	  The test is taken from
	  draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to be
	  valid XML and to fit the schema as described in RFC 6030.

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [427319f] tests/draft-keyprov-totp.pskcxml,
	  tests/test_draft_keyprov.doctest: Add an TOTP test

	  The test is taken from
	  draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
	  the schema as described in RFC 6030.

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [ba49d09] tests/draft-keyprov-ocra.pskcxml,
	  tests/test_draft_keyprov.doctest: Add an OCRA test

	  The test is taken from
	  draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
	  the schema as described in RFC 6030.

2014-05-31  Arthur de Jong <arthur@arthurdejong.org>

	* [0a66ede] tests/odd-namespace.pskcxml, tests/test_misc.doctest:
	  Add a test for an odd namespace

2014-05-30  Arthur de Jong <arthur@arthurdejong.org>

	* [287afa7] pskc/encryption.py, tests/kw-aes128.pskcxml,
	  tests/kw-aes192.pskcxml, tests/kw-aes256.pskcxml,
	  tests/test_encryption.doctest: Support kw-aes128, kw-aes192
	  and kw-aes256

	  This adds support for key unwrapping using the RFC 3394 or RFC
	  5649 algorithm if the PSKC file uses this.

2014-05-30  Arthur de Jong <arthur@arthurdejong.org>

	* [99ba287] pskc/aeskw.py, tests/test_aeskw.doctest: Implement
	  padding as specified in RFC 5649

	  This adds a pad argument with which padding can be forced or
	  disabled.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [ebf8945] pskc/aeskw.py, tests/test_aeskw.doctest: Allow speciying
	  an initial value for key wrapping

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [5720fe5] pskc/aeskw.py, pskc/exceptions.py,
	  tests/test_aeskw.doctest: Provide an RFC 3394 AES key wrapping
	  algorithm

	  This also introduces an EncryptionError exception.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [7164d89] README, docs/usage.rst, pskc/__init__.py,
	  tests/rfc6030-figure10.pskcxml, tests/rfc6030-figure2.pskcxml,
	  tests/rfc6030-figure3.pskcxml, tests/rfc6030-figure4.pskcxml,
	  tests/rfc6030-figure5.pskcxml, tests/rfc6030-figure6.pskcxml,
	  tests/rfc6030-figure7.pskcxml, tests/test_rfc6030.doctest:
	  Always put a space between RFC and number

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [ccebb69] pskc/encryption.py, tests/test_encryption.doctest,
	  tests/tripledes-cbc.pskcxml: Support Tripple DES decryption

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [a11f31f] tests/test_invalid.doctest: Add tests for key derivation
	  problems

	  This tests for unknown or missing algorithms and unknown
	  derivation parameters.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [0738c94] pskc/encryption.py, pskc/exceptions.py: Raise exception
	  when key derivation fails

	  This also renames the internal function that implements the
	  derivation.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [76ef42b] pskc/encryption.py, pskc/exceptions.py,
	  tests/invalid-encryption.pskcxml, tests/test_invalid.doctest:
	  Add test for missing key encryption algorithm

	  This also introduces a toplevel PSKCError exception that all
	  exceptions have as parent.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [7f26dc6] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml,
	  tests/aes256-cbc.pskcxml, tests/test_encryption.doctest: Add
	  test for all AES-CBC encryption schemes

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [28f2c1c] pskc/encryption.py: Support more AES-CBC encryption
	  schemes

	  This also moves the crypto imports to the places where they are
	  used to avoid a depenency on pycrypto if no encryption is used.

2014-05-29  Arthur de Jong <arthur@arthurdejong.org>

	* [678b127] tests/test_minimal.doctest: Add test for missing
	  secret value

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [bef2f7d] pskc/__init__.py, pskc/key.py,
	  tests/test_minimal.doctest: Add a function for adding a new key

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [46f5749] pskc/__init__.py: Consistency improvement

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [83f5a4b] pskc/__init__.py, tests/test_minimal.doctest: Support
	  creating an empty PSKC instance

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [820c83c] pskc/encryption.py, pskc/mac.py: Be more lenient in
	  accepting algorithms

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [02bde47] pskc/key.py: Code simplification

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [b62fec8] pskc/encryption.py, pskc/exceptions.py,
	  tests/invalid-encryption.pskcxml, tests/test_invalid.doctest,
	  tests/test_rfc6030.doctest: Raise an exception if decryption fails

2014-05-25  Arthur de Jong <arthur@arthurdejong.org>

	* [7bc2e6b] pskc/encryption.py: Make decryption code better readable

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [714f387] setup.cfg, tests/invalid-notxml.pskcxml,
	  tests/invalid-wrongelement.pskcxml,
	  tests/invalid-wrongversion.pskcxml, tests/test_invalid.doctest:
	  Add tests for invalid PSKC files

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [803d24c] pskc/__init__.py, pskc/exceptions.py: Raise exceptions
	  on some parsing problems

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [8c37e26] setup.py: Fix install_requires

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [8e1729e] ChangeLog, MANIFEST.in, NEWS: Get files ready for
	  0.1 release

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [15ca643] README, pskc/__init__.py, tests/rfc6030-figure10.pskcxml,
	  tests/rfc6030-figure2.pskcxml, tests/rfc6030-figure3.pskcxml,
	  tests/rfc6030-figure4.pskcxml, tests/rfc6030-figure5.pskcxml,
	  tests/rfc6030-figure6.pskcxml, tests/rfc6030-figure7.pskcxml,
	  tests/test_rfc6030.doctest: Use pskcxml as file name extension

	  This is the extension that is suggested in RFC6030.

2014-05-23  Arthur de Jong <arthur@arthurdejong.org>

	* [44c7d2e] docs/policy.rst, docs/usage.rst: Improve IANA links

2014-05-20  Arthur de Jong <arthur@arthurdejong.org>

	* [cda1c5f] tests/test_rfc6030.doctest: Improve test

	  This tests that, before the PSKC ecnryption is key available,
	  the secret from the key cannot be extracted.

2014-05-19  Arthur de Jong <arthur@arthurdejong.org>

	* [e96c746] docs/_templates/autosummary/module.rst, docs/conf.py,
	  docs/encryption.rst, docs/index.rst, docs/mac.rst, docs/policy.rst,
	  docs/usage.rst: Provide Sphinx documentation

2014-05-18  Arthur de Jong <arthur@arthurdejong.org>

	* [edf4d24] pskc/policy.py: Add missing policy constant

2014-05-18  Arthur de Jong <arthur@arthurdejong.org>

	* [92a994d] pskc/key.py: Fix attribute name in docstring

2014-04-20  Arthur de Jong <arthur@arthurdejong.org>

	* [cc9bbb5] README: Update README

2014-05-17  Arthur de Jong <arthur@arthurdejong.org>

	* [d0a7814] .gitignore, setup.py: Fix dateutil dependency

	  This also ignores downloaded .egg files.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [e0159ba] pskc/parse.py: Fix module description

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [ba17976] pskc/__init__.py, pskc/parse.py: Move PSKC class to
	  toplevel module

	  This also splits the parsing to a parse() function for consistency.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [64e207d] pskc/key.py, tests/test_rfc6030.doctest: Provide
	  pskc.key docstrings

	  This documents most of the information that is available per
	  key and adds a few other minor cosmetic changes.

	  This also re-organises the key properties to be in a slightly more
	  logical order and renames the userid key property to key_userid
	  to more clearly distinguish it from device_userid.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [6becc61] pskc/parse.py: Provide pskc.parse docstrings

	  This documents most of the API of the parsing functions and the
	  PSKC class.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [1d42fbc] pskc/policy.py: Complete pskc.policy docstrings

	  Also contains small consistency improvement.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [b07d709] pskc/mac.py: Provide pskc.mac docstrings

	  This also hides two properties that are not part of the public API.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [285860e] pskc/encryption.py: Provide pskc.encryption docstrings

	  This documents classes in the pskc.encryption module.

2014-04-19  Arthur de Jong <arthur@arthurdejong.org>

	* [8c9e03d] pskc/key.py, pskc/mac.py, pskc/parse.py, pskc/policy.py:
	  Move Key class to separate module

	  This also allows re-organising the imports a bit.

2014-04-16  Arthur de Jong <arthur@arthurdejong.org>

	* [c883d48] MANIFEST.in, pskc/__init__.py, setup.cfg, setup.py:
	  Add initial setup script

2014-04-14  Arthur de Jong <arthur@arthurdejong.org>

	* [3df6849] COPYING: Include a license file (LGPL)

2014-04-13  Arthur de Jong <arthur@arthurdejong.org>

	* [f08cdb5] tests/rfc6030-figure10.pskc, tests/test_rfc6030.doctest:
	  Add bulk provisioning test from Figure 10

2014-04-13  Arthur de Jong <arthur@arthurdejong.org>

	* [41828cd] pskc/parse.py: Use slightly clearer names

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [5ab731c] tests/rfc6030-figure7.pskc, tests/test_rfc6030.doctest:
	  Add test for Figure 7 from RFC6030

	  This tests encrypted key derivation using PBKDF2 and a pre-shared
	  passphrase.

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [a3fd598] pskc/encryption.py: Implement PBKDF2 key derivation

	  This supports deriving the key from a passphrase and information
	  present in the DerivedKey and PBKDF2-params XML elements.

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [2ff470f] pskc/encryption.py: Add id attribute from EncryptionKey

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [460f335] tests/rfc6030-figure6.pskc, tests/test_rfc6030.doctest:
	  Add test for Figure 6 from RFC6030

	  This test key encryption with a pre-shared key and MAC checks.

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [a926ddb] pskc/mac.py, pskc/parse.py: Implement MAC checking

	  This implements message message authentication code checking
	  for the encrypted values if MACMethod and ValueMAC are present.

2014-04-12  Arthur de Jong <arthur@arthurdejong.org>

	* [e53e865] pskc/encryption.py, pskc/parse.py: Support decrypting
	  with a pre-shared key

	  This adds an encryption module that provides wrappers for
	  handling decryption.

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [3fe0919] pskc/parse.py: Refactor DataType value handling

	  This ensures that DataType values are retrieved dynamically
	  instead of at the time the PSKC file was parsed in order to make
	  decryption work.

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [591bb5d] pskc/policy.py: Document key and pin usage values

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [b952b93] tests/rfc6030-figure5.pskc, tests/test_rfc6030.doctest:
	  Add test for Figure 5 from RFC6030

	  This test extraction of key policy information and cross-key
	  references.

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [e939a96] pskc/parse.py, pskc/policy.py: Implement key policy
	  parsing

	  This parses key policy from PSKC files and provides a few utility
	  methods to help with policy validation.

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [8c9ac8c] pskc/parse.py: Support parsing date and integer values

2014-04-11  Arthur de Jong <arthur@arthurdejong.org>

	* [6446f7d] tests/rfc6030-figure4.pskc, tests/test_rfc6030.doctest:
	  Add test for Figure 4 from RFC6030

	  This tests for key profile and key reference properties that
	  can be used to reference external keys.

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [e72369f] tests/rfc6030-figure3.pskc, tests/test_rfc6030.doctest:
	  Add test for Figure 3 from RFC6030

	  This tests Figure 3 from RFC6030 with a very basic plain text
	  secret key and some supplementary data.

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [2c111a8] pskc/parse.py: Get more data from KeyPackage

	  This gets most simple string values from the KeyPackage as well
	  as some integer and boolean values.

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [96b4b54] tests/rfc6030-figure2.pskc, tests/test-rfc6030.doctest:
	  Add test for example from RFC6030

	  This tests Figure 2 from RFC6030 with a very basic plain text
	  secret key.

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [d662cf2] pskc/parse.py: Support getting plaintext key

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [550630d] tests/test_minimal.doctest: Minimal test

	  This adds a doctest for the absolute minimum PSKC file that does
	  not contain any useful information.

2014-04-07  Arthur de Jong <arthur@arthurdejong.org>

	* [bf8e7f6] pskc/__init__.py, pskc/parse.py: Basic implementation
	  of PSKC class

	  This class is used for handling PSKC files. It will parse the
	  file and store relevant properties for easy access. The Key
	  class corresponds to a single key defined in the PSKC file.

	  This is a very minimal implementation that only provides some
	  meta-data from the file and keys (work in progress).

2014-04-04  Arthur de Jong <arthur@arthurdejong.org>

	* [9803dfc] README: Provide an initial README

2014-04-02  Arthur de Jong <arthur@arthurdejong.org>

	* [c912bb4] .gitignore, pskc/__init__.py: Initial project layout
