From 0658e30aff3ebdf699405cf7bd0d0867b3076e7d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Jun 2024 09:25:59 +0000
Subject: [PATCH 01/12] Bump org.bouncycastle:bcprov-jdk18on (#50)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index ddc2617..68c01db 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,7 +38,7 @@
2024-04-16T12:32:12Z
- 1.78
+ 1.78.1
5.10.2
From 2ce8ea00482ca8f300fea8795303047f91d92026 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Jun 2024 09:35:34 +0000
Subject: [PATCH 02/12] Bump the maven-build-plugins group across 1 directory
with 9 updates (#52)
---
pom.xml | 18 +++++++++---------
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/pom.xml b/pom.xml
index 68c01db..1714f29 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,7 +48,7 @@
33.1.0-jre
- 9.1.0
+ 9.2.0
@@ -115,7 +115,7 @@
org.apache.maven.plugins
maven-enforcer-plugin
- 3.4.1
+ 3.5.0
enforce-java
@@ -166,7 +166,7 @@
maven-jar-plugin
- 3.3.0
+ 3.4.1
@@ -178,7 +178,7 @@
maven-source-plugin
- 3.3.0
+ 3.3.1
attach-sources
@@ -190,7 +190,7 @@
maven-javadoc-plugin
- 3.6.3
+ 3.7.0
attach-javadocs
@@ -210,7 +210,7 @@
maven-shade-plugin
- 3.5.2
+ 3.6.0
package
@@ -285,7 +285,7 @@
org.jacoco
jacoco-maven-plugin
- 0.8.11
+ 0.8.12
prepare-agent
@@ -311,7 +311,7 @@
maven-gpg-plugin
- 3.2.2
+ 3.2.4
sign-artifacts
@@ -346,7 +346,7 @@
org.sonatype.plugins
nexus-staging-maven-plugin
- 1.6.13
+ 1.7.0
true
ossrh
From 303ee839fec044895f2fae44fac76a454bc91511 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 3 Jun 2024 09:38:24 +0000
Subject: [PATCH 03/12] Bump the java-test-dependencies group with 2 updates
(#51)
---
pom.xml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pom.xml b/pom.xml
index 1714f29..827417a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,10 +42,10 @@
5.10.2
- 5.11.0
+ 5.12.0
1.37
2.2
- 33.1.0-jre
+ 33.2.1-jre
9.2.0
From 9119bc33771101cd7e372faf2b2f6ae20e7515b3 Mon Sep 17 00:00:00 2001
From: Julian Raufelder
Date: Mon, 10 Jun 2024 07:23:47 +0000
Subject: [PATCH 04/12] Hardening the CI in relation to PRs
---
.github/workflows/build.yml | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6a62486..6cbec6f 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,6 +1,8 @@
name: Build
on:
- [push]
+ push:
+ pull_request_target:
+ types: [labeled]
jobs:
build:
name: Build and Test
@@ -68,4 +70,4 @@ jobs:
```
See [README.md](https://github.com/cryptomator/siv-mode/#reproducible-builds) section regarding reproducing this build.
- generate_release_notes: true
\ No newline at end of file
+ generate_release_notes: true
From f37781e4e3a7c0263b1fd76abd631c3c55447ec7 Mon Sep 17 00:00:00 2001
From: Armin Schrenk
Date: Mon, 8 Jul 2024 16:15:26 +0200
Subject: [PATCH 05/12] Update org.owasp:dependency-check-maven from 9.2.0 to
10.0.2 (#56)
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index 827417a..05b06ac 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,7 +48,7 @@
33.2.1-jre
- 9.2.0
+ 10.0.2
From 5529c38b76d44a309ac51c2bfd7bf0ec981dfaa7 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel
Date: Thu, 5 Dec 2024 15:23:09 +0100
Subject: [PATCH 06/12] fix grammar mistake in javadoc
---
src/main/java/org/cryptomator/siv/SivMode.java | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/main/java/org/cryptomator/siv/SivMode.java b/src/main/java/org/cryptomator/siv/SivMode.java
index 9978a31..0f687fa 100644
--- a/src/main/java/org/cryptomator/siv/SivMode.java
+++ b/src/main/java/org/cryptomator/siv/SivMode.java
@@ -103,8 +103,8 @@ interface CtrComputer {
/**
* Convenience method, if you are using the javax.crypto API. This is just a wrapper for {@link #encrypt(byte[], byte[], byte[], byte[]...)}.
*
- * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
- * @param macKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
+ * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is split in half. See RFC 5297 Section 2.2
+ * @param macKey SIV mode requires two separate keys. You can use one long key, which is split in half. See RFC 5297 Section 2.2
* @param plaintext Your plaintext, which shall be encrypted.
* @param associatedData Optional associated data, which gets authenticated but not encrypted.
* @return IV + Ciphertext as a concatenated byte array.
@@ -127,8 +127,8 @@ public byte[] encrypt(SecretKey ctrKey, SecretKey macKey, byte[] plaintext, byte
/**
* Encrypts plaintext using SIV mode. A block cipher defined by the constructor is being used.
*
- * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
- * @param macKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
+ * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is split in half. See RFC 5297 Section 2.2
+ * @param macKey SIV mode requires two separate keys. You can use one long key, which is split in half. See RFC 5297 Section 2.2
* @param plaintext Your plaintext, which shall be encrypted.
* @param associatedData Optional associated data, which gets authenticated but not encrypted.
* @return IV + Ciphertext as a concatenated byte array.
@@ -153,8 +153,8 @@ public byte[] encrypt(byte[] ctrKey, byte[] macKey, byte[] plaintext, byte[]...
/**
* Convenience method, if you are using the javax.crypto API. This is just a wrapper for {@link #decrypt(byte[], byte[], byte[], byte[]...)}.
*
- * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
- * @param macKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
+ * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is split in half. See RFC 5297 Section 2.2
+ * @param macKey SIV mode requires two separate keys. You can use one long key, which is split in half. See RFC 5297 Section 2.2
* @param ciphertext Your cipehrtext, which shall be decrypted.
* @param associatedData Optional associated data, which needs to be authenticated during decryption.
* @return Plaintext byte array.
@@ -179,8 +179,8 @@ public byte[] decrypt(SecretKey ctrKey, SecretKey macKey, byte[] ciphertext, byt
/**
* Decrypts ciphertext using SIV mode. A block cipher defined by the constructor is being used.
*
- * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
- * @param macKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
+ * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is split in half. See RFC 5297 Section 2.2
+ * @param macKey SIV mode requires two separate keys. You can use one long key, which is split in half. See RFC 5297 Section 2.2
* @param ciphertext Your ciphertext, which shall be encrypted.
* @param associatedData Optional associated data, which needs to be authenticated during decryption.
* @return Plaintext byte array.
From 59a2551a5d15733e749754781924cacc717b5526 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel
Date: Thu, 5 Dec 2024 15:26:29 +0100
Subject: [PATCH 07/12] convenience method for sole 256, 384, 512 bit key
---
.../java/org/cryptomator/siv/SivMode.java | 57 +++++++++++++++++++
.../java/org/cryptomator/siv/SivModeTest.java | 43 +++++++++++++-
2 files changed, 97 insertions(+), 3 deletions(-)
diff --git a/src/main/java/org/cryptomator/siv/SivMode.java b/src/main/java/org/cryptomator/siv/SivMode.java
index 0f687fa..03d9a49 100644
--- a/src/main/java/org/cryptomator/siv/SivMode.java
+++ b/src/main/java/org/cryptomator/siv/SivMode.java
@@ -100,6 +100,33 @@ interface CtrComputer {
byte[] computeCtr(byte[] input, byte[] key, final byte[] iv);
}
+ /**
+ * Convenience method using a single 256, 384, or 512 bits key. This is just a wrapper for {@link #encrypt(byte[], byte[], byte[], byte[]...)}.
+ * @param key Combined key, which is split in half.
+ * @param plaintext Your plaintext, which shall be encrypted.
+ * @param associatedData Optional associated data, which gets authenticated but not encrypted.
+ * @return IV + Ciphertext as a concatenated byte array.
+ */
+ public byte[] encrypt(SecretKey key, byte[] plaintext, byte[]... associatedData) {
+ final byte[] keyBytes = key.getEncoded();
+ if (keyBytes.length != 64 && keyBytes.length != 48 && keyBytes.length != 32) {
+ throw new IllegalArgumentException("Key length must be 256, 384, or 512 bits.");
+ }
+ final int subkeyLen = keyBytes.length / 2;
+ assert subkeyLen == 32 || subkeyLen == 24 || subkeyLen == 16;
+ final byte[] macKey = new byte[subkeyLen];
+ final byte[] ctrKey = new byte[subkeyLen];
+ try {
+ System.arraycopy(keyBytes, 0, macKey, 0, macKey.length); // K1 = leftmost(K, len(K)/2);
+ System.arraycopy(keyBytes, macKey.length, ctrKey, 0, ctrKey.length); // K2 = rightmost(K, len(K)/2);
+ return encrypt(ctrKey, macKey, plaintext, associatedData);
+ } finally {
+ Arrays.fill(macKey, (byte) 0);
+ Arrays.fill(ctrKey, (byte) 0);
+ Arrays.fill(keyBytes, (byte) 0);
+ }
+ }
+
/**
* Convenience method, if you are using the javax.crypto API. This is just a wrapper for {@link #encrypt(byte[], byte[], byte[], byte[]...)}.
*
@@ -150,6 +177,36 @@ public byte[] encrypt(byte[] ctrKey, byte[] macKey, byte[] plaintext, byte[]...
return result;
}
+ /**
+ * Convenience method using a single 256, 384, or 512 bits key. This is just a wrapper for {@link #decrypt(byte[], byte[], byte[], byte[]...)}.
+ * @param key Combined key, which is split in half.
+ * @param ciphertext Your cipehrtext, which shall be decrypted.
+ * @param associatedData Optional associated data, which gets authenticated but not encrypted.
+ * @return Plaintext byte array.
+ * @throws IllegalArgumentException If keys are invalid.
+ * @throws UnauthenticCiphertextException If the authentication failed, e.g. because ciphertext and/or associatedData are corrupted.
+ * @throws IllegalBlockSizeException If the provided ciphertext is of invalid length.
+ */
+ public byte[] decrypt(SecretKey key, byte[] ciphertext, byte[]... associatedData) throws UnauthenticCiphertextException, IllegalBlockSizeException {
+ final byte[] keyBytes = key.getEncoded();
+ if (keyBytes.length != 64 && keyBytes.length != 48 && keyBytes.length != 32) {
+ throw new IllegalArgumentException("Key length must be 256, 384, or 512 bits.");
+ }
+ final int subkeyLen = keyBytes.length / 2;
+ assert subkeyLen == 32 || subkeyLen == 24 || subkeyLen == 16;
+ final byte[] macKey = new byte[subkeyLen];
+ final byte[] ctrKey = new byte[subkeyLen];
+ try {
+ System.arraycopy(keyBytes, 0, macKey, 0, macKey.length); // K1 = leftmost(K, len(K)/2);
+ System.arraycopy(keyBytes, macKey.length, ctrKey, 0, ctrKey.length); // K2 = rightmost(K, len(K)/2);
+ return decrypt(ctrKey, macKey, ciphertext, associatedData);
+ } finally {
+ Arrays.fill(macKey, (byte) 0);
+ Arrays.fill(ctrKey, (byte) 0);
+ Arrays.fill(keyBytes, (byte) 0);
+ }
+ }
+
/**
* Convenience method, if you are using the javax.crypto API. This is just a wrapper for {@link #decrypt(byte[], byte[], byte[], byte[]...)}.
*
diff --git a/src/test/java/org/cryptomator/siv/SivModeTest.java b/src/test/java/org/cryptomator/siv/SivModeTest.java
index 824259b..7002df3 100644
--- a/src/test/java/org/cryptomator/siv/SivModeTest.java
+++ b/src/test/java/org/cryptomator/siv/SivModeTest.java
@@ -18,6 +18,8 @@
import org.junit.jupiter.api.DynamicTest;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.TestFactory;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.ValueSource;
import org.mockito.Mockito;
import javax.crypto.IllegalBlockSizeException;
@@ -66,6 +68,17 @@ public void testEncryptWithInvalidKey2() {
});
}
+ @Test
+ public void testEncryptWithInvalidKey3() {
+ SecretKey key = Mockito.mock(SecretKey.class);
+ Mockito.when(key.getEncoded()).thenReturn(new byte[13]);
+
+ SivMode sivMode = new SivMode();
+ Assertions.assertThrows(IllegalArgumentException.class, () -> {
+ sivMode.encrypt(key, new byte[10]);
+ });
+ }
+
@Test
public void testInvalidCipher1() {
BlockCipherFactory factory = () -> null;
@@ -111,6 +124,17 @@ public void testDecryptWithInvalidKey2() {
});
}
+ @Test
+ public void testDecryptWithInvalidKey3() {
+ SecretKey key = Mockito.mock(SecretKey.class);
+ Mockito.when(key.getEncoded()).thenReturn(new byte[13]);
+
+ SivMode sivMode = new SivMode();
+ Assertions.assertThrows(IllegalArgumentException.class, () -> {
+ sivMode.decrypt(key, new byte[10]);
+ });
+ }
+
@Test
public void testDecryptWithInvalidBlockSize() {
final byte[] dummyKey = new byte[16];
@@ -437,9 +461,10 @@ public void testNonceBasedAuthenticatedEncryption() {
Assertions.assertArrayEquals(expected, result);
}
- @Test
- public void testEncryptionAndDecryptionUsingJavaxCryptoApi() throws UnauthenticCiphertextException, IllegalBlockSizeException {
- final byte[] dummyKey = new byte[16];
+ @ParameterizedTest
+ @ValueSource(ints = {16, 24, 32})
+ public void testEncryptionAndDecryptionUsingJavaxCryptoApi(int keylen) throws UnauthenticCiphertextException, IllegalBlockSizeException {
+ final byte[] dummyKey = new byte[keylen];
final SecretKey ctrKey = new SecretKeySpec(dummyKey, "AES");
final SecretKey macKey = new SecretKeySpec(dummyKey, "AES");
final SivMode sivMode = new SivMode();
@@ -449,6 +474,18 @@ public void testEncryptionAndDecryptionUsingJavaxCryptoApi() throws UnauthenticC
Assertions.assertArrayEquals(cleartext, decrypted);
}
+ @ParameterizedTest
+ @ValueSource(ints = {32, 48, 64})
+ public void testEncryptionAndDecryptionUsingSingleJavaxCryptoApi(int keylen) throws UnauthenticCiphertextException, IllegalBlockSizeException {
+ final byte[] dummyKey = new byte[keylen];
+ final SecretKey key = new SecretKeySpec(dummyKey, "AES");
+ final SivMode sivMode = new SivMode();
+ final byte[] cleartext = "hello world".getBytes();
+ final byte[] ciphertext = sivMode.encrypt(key, cleartext);
+ final byte[] decrypted = sivMode.decrypt(key, ciphertext);
+ Assertions.assertArrayEquals(cleartext, decrypted);
+ }
+
@Test
public void testShiftLeft() {
final byte[] output = new byte[4];
From e046d5951e2ca1e101f98709dac0b77394f713a1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Dec 2024 15:43:59 +0000
Subject: [PATCH 08/12] Bump the java-test-dependencies group across 1
directory with 4 updates (#58)
---
pom.xml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/pom.xml b/pom.xml
index 05b06ac..74042bf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -41,11 +41,11 @@
1.78.1
- 5.10.2
- 5.12.0
+ 5.11.0
+ 5.13.0
1.37
- 2.2
- 33.2.1-jre
+ 3.0
+ 33.3.0-jre
10.0.2
From 540397c21e3f5b19447d484b343d6143828e0fea Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Dec 2024 15:50:27 +0000
Subject: [PATCH 09/12] Bump the maven-build-plugins group across 1 directory
with 6 updates (#60)
---
pom.xml | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/pom.xml b/pom.xml
index 74042bf..f9e6b7a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,7 +48,7 @@
33.3.0-jre
- 10.0.2
+ 11.1.1
@@ -110,7 +110,7 @@
org.codehaus.mojo
versions-maven-plugin
- 2.16.2
+ 2.18.0
org.apache.maven.plugins
@@ -162,11 +162,11 @@
org.apache.maven.plugins
maven-surefire-plugin
- 3.2.5
+ 3.5.2
maven-jar-plugin
- 3.4.1
+ 3.4.2
@@ -190,7 +190,7 @@
maven-javadoc-plugin
- 3.7.0
+ 3.11.1
attach-javadocs
@@ -311,7 +311,7 @@
maven-gpg-plugin
- 3.2.4
+ 3.2.7
sign-artifacts
From 7fd5875d2448e7427fc78c08134ffc7b3af0f489 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel
Date: Thu, 5 Dec 2024 16:54:10 +0100
Subject: [PATCH 10/12] use BC signer for `maven-gpg-plugin`
---
.github/workflows/publish-central.yml | 5 ++---
.github/workflows/publish-github.yml | 3 +--
pom.xml | 6 ++----
3 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
index f50ba28..159255d 100644
--- a/.github/workflows/publish-central.yml
+++ b/.github/workflows/publish-central.yml
@@ -21,8 +21,6 @@ jobs:
server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
server-username: MAVEN_USERNAME # env variable for username in deploy
server-password: MAVEN_PASSWORD # env variable for token in deploy
- gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
- gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
- name: Verify project version = ${{ github.event.inputs.tag }}
run: |
PROJECT_VERSION=$(./mvnw help:evaluate "-Dexpression=project.version" -q -DforceStdout)
@@ -32,4 +30,5 @@ jobs:
env:
MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
- MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
\ No newline at end of file
+ MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+ MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml
index 1e513bb..1bb7ca7 100644
--- a/.github/workflows/publish-github.yml
+++ b/.github/workflows/publish-github.yml
@@ -13,8 +13,6 @@ jobs:
java-version: 21
distribution: 'zulu'
cache: 'maven'
- gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
- gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
- name: Verify project version = ${{ github.event.release.tag_name }}
run: |
PROJECT_VERSION=$(./mvnw help:evaluate "-Dexpression=project.version" -q -DforceStdout)
@@ -24,6 +22,7 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+ MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
env:
diff --git a/pom.xml b/pom.xml
index f9e6b7a..95110f0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -320,10 +320,8 @@
sign
-
- --pinentry-mode
- loopback
-
+ bc
+ 58117AFA1F85B3EEC154677D615D449FE6E6A235
From 8e5ec19e9326a12fb6d1991f58012667992d70dc Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel
Date: Thu, 5 Dec 2024 17:01:40 +0100
Subject: [PATCH 11/12] add a changelog
---
CHANGELOG.md | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
create mode 100644 CHANGELOG.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..ac30597
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,17 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased](https://github.com/cryptomator/siv-mode/compare/1.5.2...HEAD)
+
+### Added
+
+- This CHANGELOG file
+- `encrypt(SecretKey key, byte[] plaintext, byte[]... associatedData)` and `decrypt(SecretKey key, byte[] ciphertext, byte[]... associatedData)` using a single 256, 384, or 512 bit key
+
+### Changed
+
+- use `maven-gpg-plugin`'s bc-based signer
From a9f31ab8c0a6457eca7b8461bf44aaf053022744 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel
Date: Thu, 5 Dec 2024 17:24:58 +0100
Subject: [PATCH 12/12] prepare 1.6.0
---
CHANGELOG.md | 2 +-
pom.xml | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index ac30597..acd660b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-## [Unreleased](https://github.com/cryptomator/siv-mode/compare/1.5.2...HEAD)
+## [1.6.0](https://github.com/cryptomator/siv-mode/compare/1.5.2...1.6.0)
### Added
diff --git a/pom.xml b/pom.xml
index 95110f0..43172d6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,7 +3,7 @@
4.0.0
org.cryptomator
siv-mode
- 1.6.0-SNAPSHOT
+ 1.6.0
SIV Mode
RFC 5297 SIV mode: deterministic authenticated encryption