v0.3.0 (unreleased)
- Add
MetamorphicCrypto.Hash— SHA-3 / SHA-2 hashing for public data (key fingerprints, safety numbers, key-transparency-log entries):sha3_512/1(recommended default, Cat-5),sha3_256/1,sha256/1,sha512/1, and the domain-separatedsha3_512_with_context/2— plus!raising variants.- Base64 in, base64 out, matching the rest of the package and the WASM wire format, so a digest computed in Elixir is byte-for-byte identical to one computed in the browser/native (verified by a locked parity vector).
MetamorphicCrypto.sha3_512/1andMetamorphicCrypto.sha3_512_with_context/2added to the top-level convenience facade.
- These digests are for public data only and intentionally add no
zeroize/constant-time ceremony; do not hash secrets with them (use
MetamorphicCrypto.KDF.derive_session_key/2for secret material). - Sync the native crate dependency to
metamorphic-crypto0.4.0, which exposes the public hashing API. No change to existing encryption behavior or wire formats.
v0.2.2 (2026-06-10)
- No functional or API changes; encryption output is unchanged.
- Sync the native crate dependency to
metamorphic-crypto0.3.7, deduping thesha3/keccaktree for a cleaner SBOM. - Supply-chain hardening of the release pipeline: SHA-pinned actions,
build-provenance attestation of each precompiled NIF,
cargo auditgate, grouped Dependabot, and aSECURITY.md. - Packaging: exclude the maintainer-only release task from the published package.
v0.2.1 (2026-05-23)
Add
MetamorphicCrypto.Hybrid.security_level/0type (:cat3 | :cat5)MetamorphicCrypto.Hybrid.generate_keypair/1now accepts an optional security level —generate_keypair(:cat5)for ML-KEM-1024,generate_keypair()for ML-KEM-768 (default, unchanged behavior)MetamorphicCrypto.Hybrid.seal/3andseal_raw/3now accept an optional security level parameterMetamorphicCrypto.Seal.seal_for_user/3andseal_for_user_raw/3now accept a:leveloption (:cat3or:cat5) for choosing the PQ security level when a PQ public key is provided- Existing
generate_keypair_1024/0,seal_1024/2, andseal_raw_1024/2are preserved as convenience aliases - All changes are backwards compatible — no NIF or binary changes required
v0.2.0 (2026-05-13)
- Switch from vendored
metamorphic-cryptoRust source tometamorphic-cryptov0.2.0 on crates.io (no user-facing changes — the public Elixir API is fully backwards compatible) - Add ML-KEM-1024 + X25519 (Cat-5, NIST Category 5, ~AES-256) hybrid encryption:
MetamorphicCrypto.Hybrid.generate_keypair_1024/0— generate Cat-5 keypairMetamorphicCrypto.Hybrid.seal_1024/2— encrypt with Cat-5MetamorphicCrypto.Hybrid.seal_raw_1024/2— encrypt raw bytes with Cat-5
MetamorphicCrypto.Hybrid.open/2now auto-detects Cat-3 (v2) and Cat-5 (v3) ciphertextMetamorphicCrypto.Hybrid.hybrid_ciphertext?/1now detects both v2 and v3 formats
v0.1.2 (2026-05-12)
- Add explicit
targetslist toRustlerPrecompiledconfig- Prevents download attempts for unsupported platforms (e.g.
arm-unknown-linux-gnueabihf) mix rustler_precompiled.download --allnow only fetches the 5 supported targets
- Prevents download attempts for unsupported platforms (e.g.
v0.1.1 (2026-05-12)
- Fix precompiled NIF loading on macOS and Windows
- Binary inside tar archive was named incorrectly (
libmetamorphic_crypto_nif.dylibinstead of the versioned.soname that RustlerPrecompiled expects) - Users without Rust installed would get
nif_not_loadederrors
- Binary inside tar archive was named incorrectly (
v0.1.0 (2026-05-11)
- Initial release
- XSalsa20-Poly1305 symmetric encryption (
MetamorphicCrypto.SecretBox) - X25519 sealed box public-key encryption (
MetamorphicCrypto.BoxSeal) - ML-KEM-768 + X25519 hybrid post-quantum encryption (
MetamorphicCrypto.Hybrid) - Unified seal/unseal with auto-format-detection (
MetamorphicCrypto.Seal) - Argon2id key derivation (
MetamorphicCrypto.KDF) - Key generation utilities (
MetamorphicCrypto.Keys) - Human-readable recovery keys (
MetamorphicCrypto.Recovery) - Precompiled NIF binaries for all major platforms