Release of Cryptographic Library Botan 3.1.0 for NEOPG and GNUPG 2
The cryptographic library Botan 3.1.0 used in the NEOPG project and GNUPG 2 is now available. The library offers a wide range of ready-made primitives used in various cryptographic protocols and algorithms. It supports functionalities such as the TLS protocol, X.509 certificates, AEAD ciphers, TPM, PKCS#11, password hashing, and post-quantum cryptography signatures including Hash signatures and coordination of McEliece-based keys. The library is written in C++ and is distributed under the BSD license.
One of the notable changes in this release includes the addition of support for the sphincs+ algorithm for digital signatures. This algorithm utilizes hash functions that are resistant to quantum computer attacks. Additionally, support for AVX-512 instructions has been added, enabling the implementation of the Chacha and Serpent algorithms using AVX-512.
The implementation of TLS 1.3 now utilizes the Kem (Key Encapsulation Mechanism) interface. Furthermore, users now have the ability to disable specific CPU extensions through environment variables. FFI functions related to Kyber keys have been introduced, and the code has been reformatted using Clang-Format utility.
Other improvements include enhanced settings for PBKDF (Password-Based Key Derivation Function) through the command line interface and support for PSK (Pre-Shared Key) in command line TLS utilities. The PBKDF settings in the Python Module have also been updated. Corrections have been made to ensure compliance with TLS specifications and improve handling of incorrect behavior of hosts. Furthermore, optimization of Base64 encoding and assembly support using CMAKE have been introduced.