
ChangeLog for jsrsasign

wrong encoding in CRLeason in OCSP CertStatus fixed
* Changes from 9.1.8 to 9.1.9 (2020-Sep-08)
  - src/asn1ocsp.js
    - BUGFIX: wrong encoding in CRLeason in OCSP CertStatus fixed
  - test/qunit-do-asn1ocsp.html
    - follow to above update

wrong encoding in byKey of OCSP ResponderID fixed
* Changes from 9.1.7 to 9.1.8 (2020-Sep-08)
  - src/asn1ocsp.js
    - BUGFIX: wrong encoding in byKey of OCSP ResponderID fixed
  - test/qunit-do-asn1ocsp.html
    - follow to above update

nextUpdate encoding bugfix in ocsp SingleResponse
* Changes from 9.1.6 to 9.1.7 (2020-Sep-08)
  - src/asn1ocsp.js
    - BUGFIX: nextUpdate encoding fix in SingleResponse
    - CertStatus document fix
  - test/qunit-do-asn1ocsp.html
    - follow to above update

add OCSP response and request encoder
* Changes from 9.1.5 to 9.1.6 (2020-Sep-05)
  - src/asn1ocsp.js
    - OCSPResponse class added
    - ResponseBytes class added
    - BasicOCSPResponse class added
    - ResponseData class added
    - ResponderID class added
    - SingleResponseList class added
    - SingleResponse class added
    - CertID class updated
      - changed properties to specify 
        isserNameHash, issuerKeyHash and serialNumber
        without backward compatibility
    - CertStatus class added
    - OCSPParser class added
      - only OCSP request parser methods are available
  - src/asn1x509.js
    - OCSPNonce class OCSP extension added
    - OCSPNoCheck class certificate extension added
    - Extensios class supports OCSPNonce and OCSPNoCheck
    - OID clas supports ocspNonce, ocspNoCheck and ocspBasic
  - src/x509.js
    - X509.getExtParam supports OCSPNonce and OCSPNoCheck
    - X509.getExtOCSPNoCheck added
    - X509.getExtOCSPNonce added
  - src/asn1.js
    - ASN1Object class: add tlv parameter support 
  - src/asn1hex.js
    - ASN1HEX.dump: enable to show tagged primitive

ASN1HEX getChildIdx bug for too many children
* Changes from 9.1.4 to 9.1.5 (2020-Aug-29)
  - src/asn1hex.js
    - BUGFIX: ASN1HEX.getChildIdx didn't returns
      proper result when too many child items
      such as over 200 children.
    - add ASN1HEX.getTLVblen method
    - DEPRECATED: getNextSiblingIdx. Please
      use getTLVblen instead.

X509CRL parser revokedCertificate bugfix
* Changes from 9.1.3 to 9.1.4 (2020-Aug-28)
  - src/asn1hex.js
    - get{Idx,V,TLV}byList return value aligned to 
      get{Idx,V,TLV}byListEx.
  - src/x509crl.js
    - BUGFIX: error when nextUpdate exists and 
      no revokedCertificates

missed to export X509CRL in npm package
* Changes from 9.1.2 to 9.1.3 (2020-Aug-28)
  - npm/lib/footer.js
    - export X509CRL
  - NOTE: only npm package released

add private extension support for Cert CRL and CSR
* Changes from 9.1.1 to 9.1.2 (2020-Aug-27)
  - undefined extension regarded as private extesion
    in extension parser X509.getExtParam.
    Thus certificate, CRL and CSR parser will
    not raise error when undefined extension
    is parsed.
  - src/x509.js
    - unknown extension is parsed as
      private extension.
  - test/qunit-do-{x509-param}.html
    - add test case to follow above update

new CRL parser and private extension encoder support
* Changes from 9.1.0 to 9.1.1 (2020-Aug-27)
  - add new X509CRL class for CRL parser
  - add Certificate, CSR and CRL private extension support
  - src/x509crl.js (new)
    - X509CRL class
  - src/x509.js
    - new X509.getExtCRLNumber method for extension parser
    - new X509.getExtCRLReason method for extension parser
    - new X509.getExtParam method for parsing one extension 
      - NOTE: not yet support for private extension
  - src/asn1x509.js
    - Extensions class: add support for private extension
    - PrivateExtension class added
    - OID.name2oid: add support OID (ex. "1.2.3.4") as argument
  - src/asn1csr.js
    - CSRUtil.getParam update to support X509.getExtParamArray and
      not using X509.parseExt
  - src/asn1.js
    - getLengthHexFromValue small update for exception
  - test/qunit-do-{asn1x509,asn1x509-tbscert,x509}.html
    - update to follow above updates
  - test/x509csr.html (new)

new CRL APIs and other updates
* Changes from 9.0.3 to 9.1.0 (2020-Aug-24)
  - CRL constructor update to align Certificate
    class without backward compatibility.
  - BUGFIX: SigningCertificate{,V2} encoding bugifx
  - src/asn1cms.js
    - BUGFIX: SigningCertificate{,V2} encoding have been
      missign SEQUENCE. (#448)
  - src/asn1csr.js
    - CertificationRequestInfo class updated to
      new KJUR.asn1.x509.Extension class.
  - src/asn1x509.js
    - CRL and TBSCertList class constructor have 
      been updated to align Certificate and
      CertificationRequestInfo style in 9.0.0
      without backward compatibility.
      - this update makes more extension and
        entry extension support in the future.
      - CRLEntry class is *deprecated* since
        no more used in updated TBSCertList.
    - new CRLNumber extension class added
    - new CRLReason entry extension class added
    - OID class updated to support 
      cRLNumber and cRLReason oids
    - TBSCertificate.getExtDERSequence method
      was moved to new Extensions class.
    - ASN1HEX.dump updated to support ENUMERATED
  - test/qunit-do-{asn1cms,asn1tsp,asn1x509-tbscert,
    asn1x509} updated to follow above updates.

TimeStampToken ASN.1 encoding error fix
* Changes from 9.0.2 to 9.0.3 (2020-Aug-22)
  - BUGFIX: tsa field of TSTInfo was not encoded properly. (#450)
  - BUGFIX: CMSSignedData version of TimestampToken was not 3. (#448)
  - src/asn1tsp.js
    - TSTInfo tsa field fix
    - TSTUtil.newTimeStampToken method to set
      CMSVersion 3.

PolicyInformation named policy OID bug fix
* Changes from 9.0.1 to 9.0.2 (2020-Aug-22)
  - BUGFIX: KJUR.asn1.tsp.PolicyInformation class constructor
    have not been accepted named policy OID such as "anyPolicy".
    The issue was fixed.
  - src/asn1x509.js
    - PolicyInformation bugfix for above.
  - test/qunit-do-asn1x509.html
    - updated to follow above.

TimeStampToken contentType attribute bug fix
* Changes from 9.0.0 to 9.0.1 (2020-Aug-21)
  - BUGFIX: KJUR.asn1.tsp.TimeStampToken class generates have 
    generated with wrong contentType attribute
    with value "data". (#448)
  - src/asn1tsp.js
    - TimeStampToken class constructor will add
      contentType attribute with "tstinfo" for bugfix. (#448).
  - src/asn1cms.js
    - SignerInfo.setForContentAndHash class constructor
      parameter can have "contentType" property additionaly
      to set "tstinfo" as above.
  - src/asn1x509.js
    - some attribute type oids for CMS signedData are
      added to OID.name2oidList.

Certificate and CSR generator and parser API major updates
* Changes from 8.0.24 to 9.0.0 (2020-Aug-19)
  - Please see migration notes in wiki:
    https://github.com/kjur/jsrsasign/wiki/NOTE-jsrsasign-8.0.x-to-9.0.0-Certificate-and-CSR-API-migration-guide
  - CAUTION: some certificate and CSR APIs are missing
    backward compatibility so you may need to change your code
    to upgrade jsrsasign 9.0.0.
  - src/asn1x509.js
    - JSON argument format of Certificate and all certificate
      extension class were changed without backward compatibility.
      - They can accept JSON objects from ASN.1 parser methods 
        in X509 class as an parameter arguments.
      - Certificate class constructor can automatically 
        generate TBSCertificate and sign by params argument.
        So no need to call sign method or TBSCertificate 
        constructor.
      - JSON argument format are aligned to the same manner
        among all certificate extension class.
      - For CRLDistributionPoints class, JSON argument format
        of DistributionPoint and DistributionPointName
        was changed.
    - Extension.appendByNameToArray method was removed.
    - "array" key was added to X500Name class constructor
      JSON argument.
      - AttributeTypeAndValue constructor argument also
        extended to support {type:"CN",value:"Test",ds:"prn"}
        style JSON object.
    - X509Util.newCertPEM argument format is updated to
      align Certificate class and is *deprecated*.
  - src/x509.js
    - returned JSON object format by all "get*" parser method 
      was changed to accept by related class defined in asn1x509.js
      without backward compatibility.
    - all certificate extension parsing methods are
      changed to have "hExtV" and "critical" as arguments.
    - following methods are added:
      getAlgorithmIdentifierName, getIssuer, getSubject,
      getGeneralNames, getGeneralName, getDistributionPoint,
      getDistributionPointName, getExtAuthorityInfoAccess,
      getPolicyInformation, getPolicyQualifierInfo,
      getUserNotice, getDisplayText, getX500NameRule,
      getX500Name, getRDN, getAttrTypeAndValue, getParam,
      getExtParamArray
    - following methods are *deprecated*:
      getExtSubjectAltName2, getExtAIAInfo, 
      getExtCRLDistributionPointsURI.
    - X509Util.newCertPEM bugfix. 
      Got error when cakey is PKCS#5 plain PEM key string
  - src/asn1csr.js
    - JSON argument format was changed in CertificationRequest, 
      CertificationRequestInfo, CSRUtil.netCSRPEM without
      backward compatibility.
    - CSRUtil.getInfo was renamed to CSRUtil.getParam
    - CSRUtil.netCSRPEM is now *deprecated*
  - src/asn1.js
    - ASN1Util.newObject can also conclude ASN1Object
      as well as JSON parameter.
  - tool/tool_{ca,ca2}.html
    - changed to follow above updates.
  - test/*.html
    - following test pages are updated to follow above:
      qunit-do-{asn1csr,asn1tsp,asn1x509-newcrt,asn1x509,base64x,
      ecdsmod-s,keyutil-getpem,package-jwths,x509-ext,
      x509-key,x509-kid,x509}.html
    - following test pages are added:
      qunit-do-{asn1x509-tbscert,x509-param}.html

fix SigningCertificate v1 v2 attribute ASN.1 encoding
* Changes from 8.0.23 to 8.0.24 (2020-Aug-18)
  - KJUR.asn1.cms.{SigningCertificate,SigningCertificateV2}
    wrong ASN.1 encoding issue was fixed (#448)
  - src/asn1cms.js
    - KJUR.asn1.cms.{SigningCertificate,SigningCertificateV2}
      ASN.1 encoding issue fixed (#448)
    - added KJUR.asn1.cms.IssuerSerial
  - src/base64x.js
    - String.{isPritable,isIA5,isMail} methods added
  - test/qunit-do-asn1{cms,tsp}.html
    - updated for above issue

add CertificatePolicies BMPString and VisibleString support
* Changes from 8.0.22 to 8.0.23 (2020-Aug-06)
  - src/asn1x509.js
    - CertificatePolicies class added
    - update Estension.appendByNameToArray for
      CertificatePolicies
    - PolicyInformation, PolicyQualifierInfo, UserNotice,
      NoticeReference and DisplayText class added
  - src/asn1.js
    - BMPString and VisibleString class added
    - update ASN1Util.newObject for {BMP,Visible}String
  - src/asn1hex.js
    - update ASN1HEX.dump for {BMP,Visible}String
  - test qunit-do-{asn1,asn1-newobj,asn1x509,asn1hex-dump}.html

ASN1HEX and X509 class minior bug fix
* Changes from 8.0.21 to 8.0.22 (2020-Aug-05)
  - src/asn1hex.js
    - dump method update for BitString encapsulated
  - src/x509.js
    - getKeyUsageBin bugfix for such keyCertSign and cRLSign only 
    - fix to stop raising error when X509 constructor called and
      asn1x509 doesn't loaded
    - TODO: getKeyUsageBin still has bug when decipherOnly(8) bit exists
  - test
    - qunit-do-{asn1hex-dump,x509-{ext,key}}.html to follow above updates

Donation program started, more RSA-PSS support and add ASN1HEX.get{Idx,TLV,V}byListEx
* Changes from 8.0.20 to 8.0.21 (2020-Aug-01)
  - *donation program* have been started.
    Please consider donation to sustain this project
    https://github.com/kjur/jsrsasign#donations    
  - RSA-PSS support in AlgorithmIdentifier, Signature, 
    X509 and newCertPEM
  - new method to access ASN.1 decendant object 
    ASN1HEX.get{Idx,TLV,V}byListEx added
    Its tutorial page will be provided by following URL near in future
    https://github.com/kjur/jsrsasign/wiki/Tutorial-for-accessing-deep-inside-of-ASN.1-structure-by-using-new-ASN1HEX.getIdxbyListEx
  - src/x509.js
    - update getSignatureAlgorithmField to support
      RSA-PSS(SHA{,256,384,512}withRSAandMGF1) algorithms
    - update verifySignature to support
      RSA-PSS(SHA{,256,384,512}withRSAandMGF1) algorithms
  - src/crypto.js
    - Signature class
      - SHAwithRSAandMGF1 supported (the same as SHA1withRSAandMGF1)
  - src/asn1hex.js
    - ASN1HEX.getIdxbyList
    - add get{Idx,TLV,V}byListEx for context specific tag
    - add ASN1HEX.isContextTag to check context
      specific tag
    - get{Idx,TLV,V} will be deprecated near in the future version
      Please consider to move get{Idx,TLV,V}byListEx.
  - src/{asn1csr,dsa,rsapem,ecdsa-modified}.js
    - replace to use get{Idx,TLV,V}byListEx
  - test/qunit-do-asn1x509.html
    - add Certificate class test for RSA-PSS
    - add TBSCertificate class test for RSA-PSS
    - add AlgorithmIdentifier class test for
      SHA{,256,384,512}withRSAandMGF1
  - test/qunit-do-crypto-pss.html
    - add Signature class test for 
      SHAwithRSAandMGF1.
  - test/qunit-do-asn1x509-newcrt.html
    - add newCertPEM test for RSA-PSS
  - test/qunit-do-x509.html
    - add getSignatureAlgorithmField test for
      SHA{,256,384,512}withRSAandMGF1
  - sample_node/asn1extract2
    - bug fix for -v(--vonly) option
  - test/qunit-do-asn1hex.html
    - add test for ASN1HEX.isContextTag

add CSR support for subjectAltName
* Changes From 8.0.19 to 8.0.20
  - src/asn1csr.js
    - CSRUtil.getInfo
      - add ext parameter to show subjectAltName property
      - change not to raise error when subject name is empty in CSR
  - src/x509.js
    - X509.parseExt
      - add support for CSR extension request field
  - src/asn1hex.js
    - ASN1HEX.getIdxbyList
      - small update for exception
  - test/
    - qunit-do-{asn1csr, x509}.html to add tests for above.

ECDSA signature validation maleability fix and others
* Changes from 8.0.18 to 8.0.19
  - src/ecdsa-mod.js
    - ECDSA.verifyHex fixed for some types of maleability (#437)
  - src/asn1hex.js
    - ASN1HEX.checkStrictDER added
  - src/asn1x509.js
    - It's founded that OpenSSL's DN representation like
      "/C=US/O=test" is "compat" format. So those methods
      are added and existing method is now deprecated.
      - X500Name.{ldapToOneline, onelineToLdap} are now deprecated.
      - X500Name.{ldapToCompat, compatToLdap} are added.
  - src/x509.js
    - update for compatToLdap and ldapToCompat
  - src/crypto.js
    - document update

RSA decryption and RSA signature validation maleability fix
* Changes from 8.0.17 to 8.0.18
  - ext/rsa2.js
    - CVE-2020-14967 RSADecrypt fixed for zero prepending maleability (#439)
    - RSADecryptOAEP fixed for zero prepending maleability
  - src/rsasign.js
    - verifyWithMessageHash fixed for zero prepending maleability
  - test
    - qunit-do-crypto-cipher.html: some test case added for above    

* Changes from 8.0.16 to 8.0.17
  - src/rsasign.js
    - CVE-2020-14968
      verifyWithMessageHashPSS fixed for prepending zeros maleability (#438)
  - src/asn1x509.js
    - allow alternative algorithms to sign CRLs (#440)
  - src/asn1cms.js
    - improve CMSUtil.newSignedData helper with detached signatures (#441)
  - ext/rsa2.js
    - RSAGenerate fixed for not having requesting key length (#442)
  - sample_node
    - pemtobin was fixed for pemtohex function
  - test
    - qunit-do-rsagenkeylen.html new test code for (#442)
    - qunit-do-rsasign-pss.html add maleability test code (#438)
    - index.html, qunit-do-x509.html link update

extended Authority/SubjectKeyIdentifier support
* Changes from 8.0.15 to 8.0.16 (2020-Mar-29)
  - src/asn1x509.js
    - AuthorityKeyIdentifier class
      - issuerDN ASN.1 encoding bug fixed
      - now keyIdentifier is automatically calculated
        by certificate or key
      - issuer dn and serial number can be set
        by certificate
    - SubjectKeyIdentifier class
      - now keyIdentifier is automatically calculated
        by certificate or key
    - X500Name class
      - certissuer and certsubject parameter is added
        to set value by issuer or subject of certificate.
    - GeneralName class
      - dn parameter support was updated.
  - src/keyutil.js
    - getKeyID method added to calcalate a key identifier 
      for certificate.
  - crypto.js
    - Util.isKey static method added
    - Signature.{sign,verify} method bug fix for ECDSA
    - code refactoring
  - src/asn1csr.js
    - strict mode fix (pull #410)
  - src/jws.js
    - strict mode fix (pull #347)
  - src/jwsjs.js
    - readJWSJS fix (pull #373)
  - sample_node/asn1extract2
    - sample added. more flexible use than asn1extract.
  - test/qunit-do-crypto.html
    - getRandom test fix
  - test/qunit-do-asn1x509-newcrt.html
    - test case expected value fix

SHA384/512withECDSA wrong signature fix and add some curves support
* Changes from 8.0.14 to 8.0.15 (2020-Apr-13)
  - src/ecdsa-modified.js
    - SHA384withECDSA, SHA512withECDSA signature
      wrong validation result issue was fixed (issue #394)
    - secp192k1, secp224r1 curve are now supported
    - test/qunit-do-ecdsamod.html
      testcase added for SHA1/SHA384/SHA512 and 
      secp192k1/secp224r1
  - sample_node command added
    - genkey: keypair generation
    - eckey2hex: show EC PKCS#1/8 private/public key in hex format

* Changes from 8.0.13 to 8.0.14 (2020-Apr-03)
  - src/asn1x509-1.0.js
    - add SubjectKeyIdentifier class (issue #402)
      - add SubjectKeyIdentifier support in 
        TBSCertificate.appendExtensionByName method
      - test/qunit-do-asn1x509.html
        SubjectKeyIdentifier test added
  - src/base64x.js
    - add multi section support for pemtohex
      such as EC PRIVATE KEY and EC PARAMETRS
    - test/qunit-do-base64x.html 
      pemtohex testcase added
  - src/keyutil.js (pull #415)
    - add support for multi section plain PKCS#5 EC PRIVATE KEY
    - test/qunit-do-keyutil-ec.html
      plain PKCS#5 EC PRIVATE KEY testcase added
  - src/asn1csr-1.0.js
    document fix (pull #356)
  - npm_util/Makefile
    merged (pull #216)
  - src/rsasign-1.2.js
    merged for RegExp (pull #419)
  - src/asn1-1.0.js
    merged for strict fix (pull #389)
  - src/crypto-1.0.js
    document fix in return of decrypt method (issue #383)
  - src/x509-1.1.js
    onelineToLDAP sample added in document (issue #428)

* Changes from 8.0.12 to 8.0.13 (2020-Mar-31)
  - LICENSE.txt
    - fixed wrong description from BSD to MIT License
  - ext/ec.js
    - mitigate Minerva timing attack in ECPointFp.multiply method
　　　https://minerva.crocs.fi.muni.cz/
      https://www.npmjs.com/advisories/1505
  - test/qunit-do-crypto-ecdsa.html
    - testcase fix
  - sample_node/tsr2certs added
    - script to extract certificates from timestamp response or token
  - npm
    - ECPointFp, ECCurveFp and ECFieldElementFp are now exported.

* Changes from 8.0.11 to 8.0.12 (2018-Apr-22)
  - base64x 1.1.13 to 1.1.14
    - function iptohex added
    - fix hextoipv6 for wrong "::" shrinking
  - asn1x509 1.1.5 to 1.1.6
    - KeyUsage class now supports names parameter such as
      ['digitalSignature', 'nonRepudiation'].
    - some refactoring
  - tool/tool_ca2.html added for
    yet another certificate generation tool by.
  - testcase added for above methods/functions
    - qunit-do-base64x.html
    - qunit-do-asn1x509.html

* Changes from 8.0.10 to 8.0.11 (2018-Apr-17)
  - asn1x509 1.1.4 to 1.1.5
    - X500Name.setByString fix for attribute value with slash.
  - testcase added to confirm above fixes.
    - qunit-do-asn1x509.html

* Changes from 8.0.9 to 8.0.10 (2018-Apr-09)
  - IPv6 address support in certificate
  - LICENSE.txt
    - conclude third party licenses.
  - asn1x509 1.1.3 to 1.1.4
    - IPv4/v6 iPAddress support in GeneralName
  - base64x 1.1.2 to 1.1.3
    - ipv6tohex, hextoipv6 and hextoip functions
      added for IPv6 string conversion.
  - x509 1.1.19 to 1.1.20
    - add IPAddress support in getExtSubjectAltName2
  - testcase added for above methods/functions
    - qunit-do-asn1x509.html
    - qunit-do-base64x.html
    - qunit-do-x509-ext.html
  - tool/tool_ca.html
    - use SHA256withRSA and RSA 2048bit key
      by default.
    - add IPAddress support in subjectAltName

* Changes from 8.0.8 to 8.0.9 (2018-Apr-04)
  - critical bug fix for ASN.1 string class.
    When UTF-8 string is set to ASN.1 object,
    string has been garbled.
  - src/asn1 1.0.13 to 1.0.14
    - DERAbstractString.setString fixed for utf8.
  - src/asn1 1.1.2 to 1.1.3
    - following OIDs are added:
      T/title (2.5.4.12)
      description (2.5.4.13)
      organizationIdentifier (2.5.4.97)

* Changes from 8.0.7 to 8.0.8 (2018-Apr-02)
  - src/asn1x509 1.1.1 to 1.1.2
    - GeneralName fix for dn and ldapdn of explicit.
      This have caused wrong GeneralName dn/ldapdn ASN.1
      encoding.
    - CRL.sign fix for init
  - tool/tool_ca.html
    - subjectAltName extension support added.
    - subjectPublicKeyInfo setting fix.
  - test/qunit-do-asn1x509
    - fix for CRL and GeneralName dn/ldapdn test
  - npm/test/t_sig_rsasha1.js added

* Changes from 8.0.6 to 8.0.7 (2018-Mar-25)
  - src/jws 3.3.10 to 3.3.11
    - verify method returns false in case of
      without all of head, payload and signature
      to fix issue #332.
  - src/jwsjs 2.2.0 to 2.2.1
    - readJWSJS fix for wrong initialization as #336
  - src/asn1x509 1.1.0 to 1.1.1
    - add DN uniqueIdentifier(2.5.4.45) and
      description(2.5.4.13) attribute type by PR #335.
  - ext/{rsa,rsa2}
    - OAEP fix by PR #303.

* Changes from 8.0.5 to 8.0.6 (2018-Feb-10)
  - src/x509 1.1.18 to 1.1.19
    - fix getSubjectAltName for IP addr of PR #317
  - test/qunit-do-x509-ext
    - add test getSubjectAltName for DNS and IP
  - src/rsa, rsa2
    - fix for alert function for issue #325
  - src/ecdsa-modified
    - fix asn1SigToConcatSig for issue #315
  - npm/lib
    - jsrsasign-{all,jwths,rsa}-min.js are added
      per requested issue #314, #313

* Changes from 8.0.4 to 8.0.5 (2018-Jan-27)
  - tool/tool_asn1dumper.html
    - #304 pemtohex issue fix
  - tool/tool_roca.html added to check ROCA vulnerablity for public key
  - src/asn1csr 1.0.6 to 1.0.7
    - fix init of fix #308
  - src/jws 3.3.10
    - fix aud verification in vertifyJWT document #318

* Changes from 8.0.3 to 8.0.4 (2017-Sep-15)
  - asn1cms 1.0.4 to 1.0.5
    - add KJUR.asn1.cms.CMSUtil.verifySignedData method to
      verify CMS signed data.
  - crypto 1.2.0 to 1.2.1
    - small refactoring
  - x509 1.1.17 to 1.1.18
    - fix getInfo() to support no extension.
  - add sample_node/cmssign
  - fix sample/sample-ecdsa.html in sig.init.
  - fix sample_node/asn1extract in ASN1HEX method call
  - merge PR #292 for https
  - merge PR #283 to fix document and example
  - merge PR #281 to fix JWK Thumbprint RFC number

* Changes from 8.0.2 to 8.0.3 (2017-Jul-11)
  - jws 3.3.9 to 3.3.10
    - fix JWS.verify fail for #276

* Changes from 8.0.1 to 8.0.2 (2017-Jul-08)
  - jws 3.3.8 to 3.3.9
    - fix for jsrsasign-jwths-min.js
  - sample/sample-rsasign.html fix for #274.
  - test qunit-do-package-rsa.html fix

* Changes from 8.0.0 to 8.0.1 (2017-Ju1-01)
  - x509 1.1.16 to 1.1.17
    - add getExtSubjectAltName2 which supports
      GeneralName type
    - make getExtSubjectAltName deprecated
    - fix getExtCRLDistributionPointsURI() for #269.
      caused error if CDP containts directory name.
      now fixed.
    - getInfo now supports certificatePolicies
  - tool/tool_certview.html
    - SHA1 fingerprint issue fixed for #273

* Changes from 7.2.2 to 8.0.0 (2017-Jun-30)
  - all of deprecated classes, methods and files are
    removed.
    - get smaller all-min.js than before.
    - following files are refactored:
    - asn1hex, asn1x509, crypto, jwsjs, keyutil,
      rsapem, rsasign, x509.
  - npm/lib/footer.js fix for issue #270.

* Changes from 7.2.1 to 7.2.2 (2017-Jun-23)
  - jws 3.3.7 to 3.3.8
    - merge pull request #266
  - x509 1.1.15 to 1.1.16
    - read X.509v3 certificate without any extension
      supported in readCertHex.
  - ext/yahoo.js
    - remove most of codes and keep YAHOO.lang.extend only.
      So all of Yahoo YUI vulnerabilities are removed.

* Changes from 7.2.0 to 7.2.1 (2017-Jun-04)
  - base64x 1.1.11 to 1.1.12
    - function hextopem, pemtohex added
  - asn1hex 1.1.11 to 1.1.12
    - make ASN1HEX.pemToHex deprecated
  - asn1 1.0.12 to 1.0.13
    - make KJUR.asn1.ASN1Util.getPEMStringFromHex deprecated
  - rsapem 1.2.1 to 1.2.2
    - make RSAKey.pemToBase64 deprecated
  - x509 1.1.14 to 1.1.15
    - make X509.pemToBase64 deprecated
  - further refactoring. reducing min.js size by refactoring
    - asn1 1.0.12 to 1.0.13
    - asn1cades 1.0.2 to 1.0.3
    - asn1cms 1.0.3 to 1.0.4
    - asn1csr 1.0.4 to 1.0.5
    - asn1ocsp 1.0.2 to 1.0.3
    - asn1tsp 1.0.2 to 1.0.3
    - asn1x509 1.0.23 to 1.0.24
    - jws 3.3.6 to 3.3.7
    - jwsjs 2.1.0 to 2.1.1
    - keyutil 1.1.1 to 1.1.2
    - pkcs5pkey 1.1.1 to 1.1.2
    - x509 1.1.14 to 1.1.15

* Changes from 7.1.4 to 7.2.0 (2017-May-21)
  - major refactoring before reducing file size
  - major refactoring for ASN1HEX
    - asn1hex 1.1.10 to 1.1.11
      - make most of long method name deprecated and
        provide new short names.
      - DEPRECATED: getHexOf{TLV/V/L}_AtObj
                    getIntOfL}_AtObj
                    get{StartPosOfV/ByteLengthOfL}_AtObj
      - NEW: get{TLV/V/Vlen/Vidx/L/Lblen}
             getChildIdx, getTLVbyList, oidname
    - asn1cades 1.0.1 to 1.0.2
    - asn1csr 1.0.3 to 1.0.4
    - asn1tsp 1.0.1 to 1.0.2
    - ecdsa-modified 1.1.0 to 1.1.1
    - keyutil 1.1.0 to 1.1.1
    - pkcs5key 1.1.0 to 1.1.1
    - rsapem 1.2.0 to 1.2.1
  - major refactoring for X509
    - x509 1.1.13 to 1.1.14
    - make most of static method deprecated and
      new non-static methods are defined.
    - parseExt/getExtInfo method added
  - base64x 1.0.10 to 1.0.11
    - datetozulu added
  - sample/sample*.html tool/tool*.html test/qunit*.html link fixed
  - npm jsrsasign@7.1.4 had wrong reference in navigator.
    So jsrsasign@7.1.4 has been unpublished.
  - ext/rng.js
    - msCrypto fallback for IE11 to prevent error 
      when calling window.crypto. (pull/254)
      Thanks @mike-w-kelly.
  - dsa 2.1.0 to 2.1.1
    - verifyWithMessageHash infinite loop bug
      fix #238. Thanks @nemesv.

* Changes from 7.1.3 to 7.1.4 (2017-May-06)
  - all source codes are moved to src directory
  - x509 1.1.12 to 1.1.13
    - refactoring codes
    - X509v1 certificate support in all methods
    - new methods and properties for X509 class
      - readCertHex
      - getVersion
      - getPublicKey
      - getPublicKeyHex
      - getPublicKeyIdx
      - version property
      - foffset property
    - make following methods and properties deprecated in X509 class
      - readCertPEMWithoutRSAInit
      - getSubjectPublicKeyPosFromCertHex
      - getSubjectPublicKeyInfoPosFromCertHex
      - getPublicKeyInfoPosOfCertHEX
      - getSerialNumberHex static method
      - subjectPublicKeyRSA property
      - subjectPublicKeyRSA_hN property
      - subjectPublicKeyRSA_hE property
  - asn1hex 1.1.9 to 1.1.10
    - refactoring codes
    - new methods
      - getIdxbyList
      - getTLVbyList
    - make following methods deprecated
      - getDecendantIndexByNthList (> getIdxbyList)
  - asn1x509 1.0.22 to 1.0.23
    - serialNumber(2.5.4.5) parameter added OID attribute type
  - base64x 1.1.9 to 1.1.10
    - hextoposhex function added

* Changes from 7.1.2 to 7.1.3 (2017-Apr-15)
  - jsrsasign-latest-all-min.js was moved to
    jsrsasign-all-min.js in master. 
    In gh-page, both are provided for backword
    compatibity. 
  - base64x 1.1.8 to 1.1.9
    - zuluto{date,msec,int} are added
  - jws 3.3.5 to 3.3.6
    - modified IntDate.getZulu to use zulutosec;

* Changes from 7.1.1 to 7.1.2 (2017-Mar-20)
  - CRITICAL BUG FIX: KJUR.asn1.x509.AlgorithmIdentifier
    default was wrong in algorithm parameter field.
    For example "SHA1" AlgorithmIdentifier object
    will be missing algorithm parameter field by
    bug. This issue raised just only in 7.1.1 and
    the issue was fixed.
    - asn1x509 1.0.21 to 1.0.22
      - AlgorithmIdentifier bug fix

* Changes from 7.1.0 to 7.1.1 (2017-Mar-10)
  - CRITICAL BUG FIX: KJUR.asn1.x509.Certificate.sign() and
    KJUR.asn1.x509.X509Util.newCertPEM() have always 
    signed signatures with SHA1withRSA algorithm regardless
    of any specified signature algorithm. This issue was 
    fixed in this release.
  - asn1x509 1.0.19 to 1.0.20
    - Certificate
      - sign() critical bug fix
        sign() was always sign with SHA1withRSA regardless of
        specified any other signature algorithm.
        This fixes #240 and #241 by @helfloryd.
    - AlgorithmIdentifier
      - set algorithm parameter to NULL automatically by default 
        for "*withRSA" algorithm.
      - document update
    - newCertPEM
      - fix document
  - x509 1.1.11 to 1.1.12
    - X509.verifySignature static method added
  - ext/rng.js
    - fix #228 from @dzaman. window.crypto.random fix
  - crypto 1.1.11 to 1.1.12
    - minor document fix

* Changes from 7.0.0 to 7.1.0 (2017-Jan-21)
  - minor update for loading private/public key
    - support added: PKCS#5 DSA/ECC hexacedimal string of private key
  - keyutil 1.0.14 to 1.1.0
    - BUGFIX: KEYUTIL.getKey for PKCS#5 PEM ECC private key 
      was not set curve name properly and now it's fixed.
      (issue #227).
    - make KEYUTIL.getHexFromPEM deprecated
    - move from KEYUTIL.getHexFromPEM to ASN1HEX.pemToHex
  - pkcs5pkey 1.0.7 to 1.1.0
    - make PKCS5PKEY.getHexFromPEM deprecated
    - move from getHexFromPEM to ASN1HEX.pemToHex
  - rsapem 1.1.1 to 1.2.0
    - refactoring codes
    - readPKCS5PubKeyHex added
    - readPKCS8PubKeyHex added
    - readCertPubKeyHex added
  - ecdsa-modified 1.0.5 to 1.1.0
    - readCertPubKeyHex added
  - dsa 2.0.1 to 2.1.0
    - setPrivateHex, setPublicHex added
    - readPKCS5PrvKeyHex added
    - readPKCS8PrvKeyHex added
    - readPKCS8PubKeyHex added
    - readCertPubKeyHex added
  - asn1hex 1.1.8 to 1.1.9
    - ASN1HEX.pemToHex added
    - move from {KEYUTIL,PKCS5PRV}.getHexFromPEM, 
      X509.pemToHex to ASN1HEX.pemToHex
  - x509 1.1.10 to 1.1.11
    - now X509.pemToHex deprecated and is planed to 
      remove in jsrsasign 8.0.0.
  - asn1cades 1.0.0 to 1.0.1
    - move to ASN1HEX.pemToHex
  - asn1cms 1.0.2 to 1.0.3
    - move from KEYUTIL.getHexFromPEM to ASN1HEX.pemToHex
  - asn1csr 1.0.2 to 1.0.3
    - move from KEYUTIL.getHexFromPEM to ASN1HEX.pemToHex

* Changes from 6.2.3 to 7.0.0 (2016-Dec-26)
  - LGPL license for openpgpjs was removed.
  - asn1hex 1.1.7 to 1.1.8
    - ASN1HEX.dump also supports ASN1Object as argument
  - asn1x509
    - API document update
  - pkcs5pkey 1.0.7
    - merge @machinewu's pull request for API doc fix
  - dsa 2.0.0
    - some of my own codes are moved from dsa-modified-1.0.js 
      to dsa-2.0.0 and old openpgpjs codes are re-writed with
      my own codes and all of openpgpjs codes are removed from
      jsrsasign.
  - crypto 1.1.10 to 1.1.11
    - some static random number generator methods are
      added to KJUR.crypto.Util class for new dsa-2.0:
      getRandomHexOfNbytes, getRandomBigIntegerOfNbytes, 
      getRandomHexOfNbits, getRandomBigIntegerOfNbits, 
      getRandomBigIntegerZeroToMax, getRandomBigIntegerMinToMax
  - REMOVED
    - dsa-modified-1.0.js, ext/THIRDPARTY_LICENSE.pgp.txt
  - test/qunit-do-*.html
    - most of test codes are updated.

* Changes from 6.2.2 to 6.2.3 (2016-Nov-29)
  - asn1x509 1.0.18 to 1.0.19
    - GeneralName and GeneralNames class supports dn and ldapdn parameters
    - SubjectAltName and IssuerAltName extension added
    - Extension.appendByNameToArray method added
  - asn1csr 1.0.1 to 1.0.2
    - CertificationRequestInfo.appendExtensionByName method added
    - CertificationRequestInfo extensionRequest encoding critical bugfix
    - CSRUtil.newCSRPEM "ext" parameter for extensionRequest supported
  - sample_node
    - datasing and dataverify script added
  - base64x
    - API document update
  - asn1
    - API document update

* Changes from 6.2.1 to 6.2.2 (2016-Nov-19)
  - x509 1.1.9 to 1.1.10
    - X509 class
      - multi-valued RDN support in hex2dn and hex2rdn method.
      - optional string index argument added to hex2dn and hex2rdn method.
      - hex2attrTypeAndValue static method added
    - API document update
  - asn1x509 1.0.17 to 1.0.18
    - X500Name class
      - LDAP(RFC 2253) name support
      - setByLdapString method added
      - onelineToLDAP static method added
      - ldapToOneline static method added
      - 'ldapstr& constructor parameter is supported
      - more AttributeType name supported in atype2oidList
    - OID static class
      - oid2atype static method added
    - API document update
  - asn1 1.0.11 to 1.0.12
    - refactoring in DERObjectIdentifier
    - API document update

* Changes from 6.2.0 to 6.2.1 (2016-Nov-18)
  - asn1x509 1.0.16 to 1.0.17
    - multi-valued RDN supported in X500Name and RDN class.
      - KJUR.asn1.x509.RDN.parseString() static method added
      - API document update
  - x509 1.1.9 to 1.1.9 (same)
    - X509.readCertPEMWithoutRSAInit fix by @lionello . Thanks.
  - crypto 1.1.10 to 1.1.10
    - API document fix
  - sample_node scripts
    - dataencrypt, datadecrypt and jwsview added

* Changes from 6.1.4 to 6.2.0 (2016-Nov-03)
  - RSAKey
    - CRITICAL BUGFIX: RSA-PSS and RSA-OAEP not working from jsrsasign 5.0.0
      because rstr_sha1 function is missingand. Now it was fixed.
      (oaep_pad, oeap_unpad)
    - API document added.
  - crypto 1.1.9 to 1.1.10
    - KJUR.crypto.Cipher class added to encrypt/decrypt data.
      Currently only RSA, RSAOAEP supported. Other ciphers like
      AES, 3DES will be supported near in the future.
    - KJUR.crypto.MessageDigest class
      - HASHLENGTH, getCanonicalAlgName, getHashLength
  - asn1x509 1.0.15 to 1.0.16
    - AuthorityInfoAccess class added by @lionello 's pull request. Thanks.
  - base64x
    - fix API document
  - npm
    - missing exports of some global string converter were fixed

* Changes from 6.1.3 to 6.1.4 (2016-Oct-16)
  - base64x 1.1.7 to 1.1.8
    - function hextoArrayBuffer and ArrayBuffertohex added
    - some API documents added

* Changes from 6.1.2 to 6.1.3 (2016-Oct-15)
  - asn1csr 1.0.0 to 1.0.1
    - CSRUtil.getInfo method added to parse CSR
  - asn1ocsp
    - OCSPUtil.getOCSPResponseInfo API document added

* Changes from 6.1.1 to 6.1.2 (2016-Oct-08)
  - OCSP Response support
  - asn1hex 1.1.6 to 1.1.7
    - refactoring for static methods
    - encapsulated BitString support
    - more API documents
  - asn1ocsp 1.0.0 to 1.0.1
    - OCSPUtil.getOCSPResponseInfo added
  - merge RegExp fix pull request from @huokko.
    Thank you @huokko.
    (asn1x509, crypto, jws, keyutil, pkcs5pkey)

* Changes from 6.1.0 to 6.1.1 (2016-Sep-25)
  - asn1 1.0.10 to 1.0.11
    - encapsulated ASN.1 structure supported
      in DEROctetString and DERBitString.
    - API document update
  - tool_asn1encoder.html added

* Changes from 6.0.1 to 6.1.0 (2016-Sep-24)
  - asn1ocsp 1.0.0
    - now start to add OCSP protocol support
    - OCSP request ASN.1 classes are added
  - fix API document in x509 and asn1
  - test/qunit-do-{asn1,asn1ocsp}.html added or updated

* Changes from 6.0.0 to 6.0.1 (2016-Sep-12)
  - old jsrsasign.js is used in npm package. now fixed.

* Changes from 5.1.0 to 6.0.0 (2016-Sep-11)
  - As of so much request to remove Node functions
    in nodeutil.js, nodeutil.js have been removed from
    jsrsasign.js package. Then it is moved to
    new "jsrsasign-util" npm package.
    Now "jsrsasign" will be CommonJS, Purescript,
    Webpack and Browserify safe package.
    Some sample Node.js scripts in "sample_node"
    will be updated later.

* Changes from 5.0.15 to 5.1.0 (2016-Sep-07)
  - jwsjs 2.0.15 to 2.1.0
    - refactoring and API document update
    - addSignature, verifyAll, verifyNth method added
    - make addSignatureByHeaderKey, 
      addSignatureByHeaderPayloadKey and verifyWithCerts
      deprecated.
  - sample_*.html
    - review all to work. reference fix. make list in Wiki.
  - index*.html
    - update

* Changes from 5.0.14 to 5.0.15 (2016-Aug-26)
  - pemtojwk and jwktopkcs8 added to sample node scripts
  - asn1 1.0.9 to 1.0.10
    - ASN1Util.getPEMStringFromHex modified not to use
      CryptoJS.
  - test/qunit-do-*.html
    - test case reference fix
  - remove ext/{md5,ripemd160,sha1,sha256,sha512}.js,
    ext/THIRDPARTY_LICENSE.pjhash.txt for
    Paul Johnston's Hash Algorithm JavaScript

* Changes from 5.0.13 to 5.0.14
  - keyutil 1.0.12 to 1.0.13
    - KEYUTIL.getJWKFromKey() method added to get
      RFC 7517 JSON Web Key(JWK) object from RSAKey or
      KJUR.crypto.ECDSA public/private key object.
    - KEYUTIL.generateKeypair() 
      do also setPublicKeyHex for EC private key in
      as aligned to PEM private key
      loading.
    - KEYUTIL.getKey(JWK_EC_PRV)
      made change to set public x y too.
  - ecdsa-modified 1.0.4 to 1.0.5
    - getPublicKeyXYHex() method added
    - getShortNISTPCurveName() method added
  - npm
    - missed to export KJUR.lang now fixed
  - sample_node/genjwk added to generate keypair and save as JWK
  - tool_certview.html
    - loading script fix

* Changes from 5.0.12 to 5.0.13
  - base64x.js
    - KJUR.lang.String class added and its some static
      methods isHex, isInteger, isBase64, isBase64URL and
      isIntegerArray also defined.
    - KJUR.lang added to npm package namespace.
  - tool_string.html added to provide string converter tool.
  - jws.js
    API document updated.
  - CryptoJS codes in code.google.com seem to be removed and
    404 not found so that CryptoJS references in all test
    were moved to local files.
  - CryptoJS codes were moved to ext/cj directory.
  - tool_b64u{enc,dec}.html script URL fix

* Changes from 5.0.11 to 5.0.12
  - jws between 3.3.3 to 3.3.4
    - support grace period for verifyJWT method.
      This is to allow time difference between 
      JWT generator and verifier.
  - asn1hex
    - API document update

* Changes from 5.0.10 to 5.0.11
  - X509v1 certificate support in KEYUTIL.getKey and
    X509.getPublicKeyInfoPropOfCertPEM
  - sample_node/showcert added
  - x509.js 1.1.8 to 1.1.9
    - X509.DN_ATTRHEX added to show EV cert DN
    - X509v1 certificate support in X509.getPublicKeyInfoPropOfCertPEM.
      This makes KEYUTIL.getKey support X509v1 certificate.
  - test/qunit-do-x509-getinfo.html
    - test case added for EV cert DN
  - tool_{jwt,jwtveri}.html
    - fix typo. Thanks @ParkinT.
  - ext/{rsa,rsa2}.js
    - allow hash func to be passed to OAEP. Thanks @davedoesdev.
  - asn1x509.js 1.0.13 to 1.0.14
    - add 'SN' (i.e. SurName) support in distinguished name.
      Thanks @kurtsson.

* Changes from 5.0.9 to 5.0.10
  - sample_node/jwtverify bugfix
  - x509 1.1.7 to 1.1.8
    - following methods are added:
      - getInfo()
      - getExtSubjectKeyIdentifier()
      - getExtAuthorityKeyIdentifier()
      - getExtExtKeyUsageName()
      - getExtSubjectAltName()
      - getExtCRLDistributionPointsURI()

* Changes from 5.0.8 to 5.0.9 (2016-Apr-19)
  - ext/rng.js
    - use window.crypto.getRandomValues for SecureRandom
      if available. (ToDo also for Node.js)

* Changes from 5.0.7 to 5.0.8 (2016-Apr-14)
  - LICENSE.txt small update for years of copyright.
  - ext/x64-core*.js was missed and added
  - x509 1.1.6 to 1.1.7
    - X509.{getHexOfTLV_V3ExtValue,getHexOfV_V3ExtValue} 
      are chageed to return null instead of '' if there 
      is no extension specified by name or oid.
    - X509.getBasicConstraints added
    - X509.getSignatureAlgorithmName added
    - X509.getSignatureValueHex added
    - API document update
  - each *.min.js files are moved to min/ folder.
  - clean up old *-all-min.js

* Changes from 5.0.6 to 5.0.7 (2016-Mar-05)
  - tool_csr.html fix for subject parameter.
  - jsrsasign-latest-all-min wrong order in concatination.
    This raise wrong PKCS#5/8 encrypted PEM private key 
    generation in KEYUTIL.getPEM().
  - sample_node/asn1extract added

* Changes from 5.0.5 to 5.0.6 (2016-Feb-28)
  - bower.json name space fix
  - crypto-1.0 1.0.4 to 1.0.5
    - file removed
  - crypto-1.1 1.1.7 to 1.1.8
    - remove unnecessary evals for strict mode.

* Changes from 5.0.4 to 5.0.5
  - node sample 'jwssign', 'jwtverify', 'asn1dump'
    and 'pemtobin'  added.
  - base64x 1.1.5 to 1.1.6
    - license URL small fix
  - asn1 1.0.8 to 1.0.9
    - DERGeneralizedTime withMillis fix
    - DERGeneralizedTime and DERUTCTime refactoring
  - jws 3.3.2 to 3.3.3
    - JWS.parse method added
    - IntDate.getZulu UTCTime(YY) support added
  - jsrsasign-x.x.x-all-min.js move to lib directory from this version
  - jsrsasign-{1.2,1.2.1,1.3,1.3.1,2.0.0}.tgz are removed
    since they can get from github release/tags.

* Changes from 5.0.2 to 5.0.4 (2015-Nov-23)
  - jwtverify, asn1dump and pemtobin sample Node script in 
    sample_node directory. 
    There is a bower release but not in npm.

* Changes from 5.0.1 to 5.0.2 (2015-Nov-11)
  - jws 3.3.1 to 3.3.2
    - RFC 7638 getJWKthumbprint method added
  - base64x 1.1.5 to 1.1.6
    - function intarystrtohex added
  - nodeutil 1.0.0 newly added
    - utils for file I/O in Node.js
  - npm
    - add reference to intarystrtohex and CryptoJS

* Changes from 5.0.0 to 5.0.1 (2015-Oct-17)
  - keyutil 1.0.10 to 1.0.11
    - add support for bare RSA NED hexadecimal key in KEYUTIL.getKey

* Changes from 4.9.2 to 5.0.0 (2015-Oct-14)
  - *NOTICE* release 4.10.0 declined since API semver violation
  - some JWS HS* and Crypto Mac signature issue was fixed.
  - crypto 1.1.6 to 1.1.7
    - add support for various password providing method
      such as base64, base64url, hexadecimal or utf8 string
      for Mac.
  - jws 3.2.4 to 3.3.0
    - add support for various password providing method
      such as base64, base64url, hexadecimal or utf8 string
      for HS* JWS signing and validation
    - remove some old fashoned functions and methods
      which marked as "deprecated". Followings are removed:
      - JWS.generateJWSByP1PrvKey
      - JWS.generateJWSByKey
      - JWS.generateJWSByNED
      - JWS.verifyJWSByPemX509Cert
    - JWS.sign can handle header and payload
      JSON object not JSON string.
    - JWS.verify bugfix in 4.10.0 which only 
      accepts hexacedimal string key for HS*.
  - keyutil 1.0.10 to 1.0.11
    - add support for RSA private key without
      P/Q/DP/DQ/COEFF of JWK

* Changes from 4.9.1 to 4.9.2 (2015-Oct-02)
  - latest asn1x509 1.0.13 was missed in the latest-min.js and
    it was fixed.

* Changes from 4.9.0 to 4.9.1
  - asn1x509 1.0.12 t 1.0.13
    - setByObject method added to X500Name class
    - {C: "US", O: "test"} representation now can be used
      in newCertPEM method in X509Util class.

* Changes from 4.8.6 to 4.9.0 (2013-Sep-13)
  - certificate signing request(CSR/PKCS#10) generation support
    asn1csr-1.0.js added
  - asn1 1.0.7 to 1.0.8
    - small API document update
  - base64x 1.1.4 to 1.1.5
    - function strdiffidx added
  - keyutil 1.0.9 to 1.0.10
    - fix and small program comment update
  - jws: small API document update

* Changes from 4.8.5 to 4.8.6
  - npm package and bower fix

* Changes from 4.8.4 to 4.8.5
  - some of small fix release for npm and jsrsasign-latest-all-min.
  - jwt 3.2.3 to 3.2.4
    - jws.js update for validation of jti confirming to RFC 7519
      as optional in verifyJWT method. Thanks @stephanbacheller.

* Changes from 4.8.3 to 4.8.4
  - some of small fix release for npm.

* Changes from 4.8.2 to 4.8.3
  - crypto 1.1.5 to 1.1.6
    - Signature.sign method fix in automatic detection of private key
  - asn1 1.0.6 to 1.0.7
    - ASN1Util.oidHexToInt() added
    - ASN1Util.oidIntToHex() added
  - asn1hex 1.1.5 to 1.1.6
    - ASN1HEX.dump() simple ASN.1 dump functionality added
    - ASN1HEX.isASN1HEX() added
  - tool_asn1dumper.html - Online ASN.1 dump tool added for demo
  - ** 4.8.3 updated files
    - ChangeLog.txt
    - asn1-1.0*.js
    - asn1hex-1.1*.js
    - crypto-1.1*.js
    - test/qunit-do-asn1-oidhex.html
    - test/qunit-do-asn1hex-dump.html

* Changes from 4.8.1 to 4.8.2
  - keyutil 1.0.8 to 1.0.9
    - getKey EC private/public key bug #69 fix
  - node npm module officially released at npmjs.com
  - ** 4.8.2 updated files
    - ChangeLog.txt
    - keyutil-1.0*.js

* Changes from 4.8.0 to 4.8.1
  - keyutil 1.0.7 to 1.0.8
    - RFC 7517 JSON Web Key(JWK) support 
      for RSA/ECC private/public key added in KEYUTIL.getKey method
  - ** 4.8.1 updated files
    - ChangeLog.txt
    - ecdsa-modified-1.0*.js (jsdoc fix)
    - keyutil-1.0*.js
    - base64x-1.1.js (b64utohex zero padding added)
    - test/qunit-do-base64x.html
    - test/qunit-do-keyutil-jwk.html
    - test/qunit-do-keyutil-pairpem.html

* Changes from 4.7.2 to 4.8.0 (2015-Jun-01)
  - Now jsjws JSON Web Signtaure library is merged into
    jsrsasign.
  - RFC 7519 JWT JSON Web Token full validation support.
  - jws 3.2.2 to 3.2.3
    - JWS.verifyJWT added to do full validation for JWT
    - JWS.inArray added
    - JWS.includedArray added
    - ChangeLogs for jws and jwsjs before jws 3.2.2
      please see ChangeLog_jws322.txt
  - asn1x509 1.0.11 to 1.0.12
    - subjectKeyIdentifier OID duplicate definition fix
  - JSON Web Token(JWT) full validation demo is available.
  - tool_jwt.html update to add 'aud' claim
  - ** 4.8.0 updated files
    - ChangeLog*.txt
    - jws-3.2.*
    - jwsjs-2.0.*
    - index_jws*.*
    - sample_jws*
    - tool_b64u*
    - tool_{jws,jwt}*.html
    - ext/json-sans-eval*.js
    - test/qunit-do-jws*.html

* Changes from 4.7.1 to 4.7.2 (2015-May-18)
  - x509 1.1.4 to 1.1.6
    - add some X.509v3 extension parsing methods.
      following methods are added:
      - getV3ExtInfoListOfCertHex
      - getV3ExtItemInfo_AtObj
      - getHexOfTLV_V3ExtValue
      - getHexOfV_V3ExtValue
      - getPosOfTLV_V3ExtValue
      - getExtKeyUsageBin
      - getExtKeyUsageString
      - getExtAIAInfo
  - asn1x509 1.0.10 to 1.0.11
    - OID.name2oidList updated for X.509v3 extension OIDs
    - OID.name2oid method added
    - OID.oid2name method added
  - ** 4.7.2 updated files **
    - ChangeLog.txt
    - asn1x509-1.0.js
    - test/qunit-do-x509-ext.html
    - test/qunit-do-asn1x509.html
    - x509-1.1
    - test/index.html
    - tool_httpscfg.html
    - ext/yahoo-min.js
    - ext/yahoo.js

* Changes from 4.7.0 to 4.7.1 (2015-May-14)
  - asn1x509 1.0.9 to 1.0.10
    - certissuer and certsubj supported in GeneralName class
  - x509 1.1.3 to 1.1.4
    - getPublicKeyInfoPosOfCertHEX added
  - tool_httpscfg.html added

* Changes from 4.6.0 to 4.7.0 (2014-Jul-07)
  - RFC 5126 CAdES format supported
    - CAdES-BES/EPES/T support in this version.
  - asn1cades (NEW)
  - asn1tsp 1.0.0 to 1.0.1
    - AbstractTSAAdapter, Fixed/SimpleTSAAdapter class added
  - asn1cms 1.0.1 to 1.0.2
    - SigningCertificate and SigningCertificateV2
      attributes are added.
    - IssuerAndSerialNumber class constructor now 
      supports PEM string of certificate.
    - properties dDigestAlgs and dCerts of SignedData object
      are added for object preservation.
    - CMSUtil.newSignedData now supports
      SigningCertificate/V2 attributes.
  - asn1
    - add DEREnumerate class
  - x509
    - fix for strict mode
  - crypto
    - fix for Signature.signHex/Str

* Changes from 4.5.0 to 4.6.0 (2014-May-25)
  - RFC 3161 Time Stamp Protocol generator is now supported.
  - asn1tsp 1.0.0 (NEW)
  - asn1 1.0.5 to 1.0.6
    - AbstractTime/GeneralizedTime: millisecond support
  - asn1cms 1.0.0 to 1.0.1
    - IssuerAndSerialNumber: setByCertPEM method added
    - SigningCertificate attribute added
    - SigningCertificate attributeV2 added
  - asn1x509 1.0.8 to 1.0.9
    - OID.oid2name added
    - X500Name
      - add certissuer, certsubject parameter support
  - base64x 1.1.2 to 1.1.3
    - function hextob64, hextob64nl, b64nltohex added
  - tool_tsreq.html for TimeStamp Request demo (NEW)
  - tool_tsres.html for making TimeStampToken demo (NEW)
  - tool_ca.html
    - fix signing key bug
    - support ExtKeyUsage

* Changes from 4.2.3 to 4.5.0 (2014-May-17)
  - RFC 5652 CMS SignedData generator is now supported.
  - asn1cms 1.0.0 (NEW)
  - asn1 1.0.4 to 1.0.5
    - unsorted DERSet is now supported for ASN.1 BER
    - DERUTCTime/GeneralizedTime provides current time
      if arguments is not specified.
  - asn1x509 1.0.8 to 1.0.9
    - x509.Time: automatic detection for UTC/Gen by length
    - OID: some oids are added.
  - keyutil 1.0.6 to 1.0.7
    - KEYUTIL.getHexFromPEM can omit sHead now.

* Changes from 4.2.2 to 4.2.3 (2014-May-14) minor update
  - keyutil 1.0.6
    - isPublic and isPrivate flag fix for generateKey method.
  - tool_ca.html
    - fix keyutil.js reference

* Changes from 4.2.1 to 4.2.2 (2014-Apr-19)
  - asn1x509 1.0.7 to 1.0.8
    - add setSignatureHex method for Certificate class
    - modify newCertPEM method to support to specify signature
      by value.
    - add AuthorityKeyIdentifier X.509v3 extension class
  - keyutil 1.0.4 to 1.0.5
    - PKCS#10 CSR support. Following methods are added:
      - KEYUTIL.getKeyFromCSRPEM
      - KEYUTIL.getKeyFromCSRHex
      - KEYUTIL.parseCSRHex
  - Tool:
    - tool_forfact.html:
      CSR to fake certificate converter for factorable.net
      key weakness check.
  - Test codes:
    - add test/qunit-do-keyutil-csr.html

* Changes from 4.2.0 to 4.2.1 (2013-Oct-11)
  - keyutil 1.0.3 to 1.0.4
    - new getPEM method for exporting keys
    - exporting PKCS#8 encrypted private key also supported.
    - DES-CBC support for PKCS#5 encrypted private key
    - additional DSA support
    - make old methods are marked as deprecated.

* Changes from 4.1.6 to 4.2.0 (2013-Oct-06)
  - DSA support added to most of classes.
  - now RSAKey/KJUR.crypto.{ECDSA,DSA} class has new properties
    isPrivate and isPublic
  - asn1x509 1.0.5 to 1.0.6
    - new X509Util.newCertPEM method is added to provate
      easy certificate issuance by JSON object.
    - DSA/ECDSA support added to Signature, TBSCertificate, 
      AlgorithmIdentifier and SubjectPublicKeyInfo classes
  - keyutil 1.0.2 to 1.0.3
    - provide support for DSA
      - getKey
      - getKeyFromPublicPKCS8Hex,parsePublicPKCS8Hex
  - x509 1.1.1 to 1.1.2
    - ECDSA,DSA support added in X509.getPublicKeyFromCertPEM
  - dsa-modified 1.0.0 to 1.0.1
    - method setPrivateKey, setPublicKey are changed to
      setPrivate and setPublic respectively to align RSA/ECDSA class.

* Changes from 4.1.5 to 4.1.6 (2013-Oct-02)
  - newly dsa-modified 1.0.0 added
    - This is a DSA algorithm ported from github.com/openpgpjs
    - However Signature and KEYUTIL doesn't support DSA yet.
  - asn1 1.0.3 to 1.0.4
    - ASN1Util.jsonToASN1HEX method added.
  - asn1hex 1.1.3 to 1.1.4
    - ASN1HEX.getVbyList with tag checking method added.
  - keyutil 1.0.1 to 1.0.2
    - fix typo in newEncryptedPKCS5PEM method.

* Changes from 4.1.4 to 4.1.5 (2013-Sep-29)
  - keyutil 1.0.0 to 1.0.1
    - new generateKeypair method added
    - fix getKey method
  - add LICENSE file for YUI.
  - name jsrsasign-4.1.4-all-min.js is the same but updated.

* Changes from 4.1.3 to 4.1.4 (2013-Sep-24)
  - ext/cryptojs-312-core-fix*.js added to fix HmacSHA224/384 issue.
    Please use 
      'https://kjur.github.io/jsrsasign/ext/cryptojs-312-core-fix.js' or 
      'https://kjur.github.io/jsrsasign/ext/cryptojs-312-core-fix-min.js' or 
      'https://kjur.github.io/jsrsasign/jsrsasign-4.1.4-all-min.js'
    instead of orignal 'core.js' of CryptoJS.

* Changes from 4.1.2 to 4.1.3 (2013-Sep-23)
  - keyutil 1.0.0
    - PKCS5PKEY class is moved to KEYUTIL class.
      PKCS5PKEY is now deprecated and backward compatibility purpose only.
    - KEYUTIL.getKey() method added to private more generic access to
      private and public keys.
  - asn1 1.0.3 to 1.0.4
    - ASN1Util.newObject method now supports more simple 
      representation of tagged object like:
      newObject({tag: ['a1', true, {seq: [{int: 3}, {int: 4}]}]});
  - ext/base64.js
      fix for "var v;" for strict

* Changes from 4.1.1 to 4.1.2 (2013-Sep-12)
  - asn1 1.0.2 to 1.0.3
    - new method ASN1Util.newObject added.
  - all in one script 'jsrsasign-4.1.2-all-min.js' added.

* Changes from 4.1.0 to 4.1.1 (2013-Aug-27)
  - crypto 1.1.3 to 1.1.4
    - add hmacmd5, hmacripemd160 support and test code
  - ecdsa-modified 1.0.2 to 1.0.3
    - new static method added
      - parseSigHex
      - parseSigHexInHexRS
      - asn1SigToConcatSig
      - concatSigToASN1Sig
      - hexRSSigToASN1Sig
      - biRSSigToASN1Sig
  - all QUnit test code is moved for latest QUnit 1.12

* Changes from 4.0.5 to 4.1.0 (2013-Aug-25)
  - crypto 1.1.2 to 1.1.3
    - RSAPSS(*withRSAandMGF1) support in Signature class
    - powerful init method to specify any type of key and
      certificate and automatic initialization.
    - KJUR.crypto.OID class added for OID and hex conversion
  - pkcs5pkey 1.0.4 to 1.0.5
    - to support for KJUR.crypto.ECDSA:
      - getKeyFromEncryptedPKCS8PEM, parsePlainPrivetePKCS8Hex,
        getKeyFromPublicPKCS8PEM, getKeyFromPublicPKCS8Hex,
        parsePublicRawRSAKeyHex, parsePrivateRawRSAKeyHexAtObj,
        parsePrivateRawECKeyHexAtObj and parsePublicPKCS8Hex
        method added.
  - rsasign 1.2.5 to 1.2.7
    - RSAPSS saltlen default was changed from -2 to -1
    - add API document description about PSS salt length.
    - signWithMessageHashPSS, verifyWithMessageHashPSS 
      method added.
  - ecdsa-modified 1.0.1 to 1.0.2
    - method setNamedCurve, setPrivateKeyHex, setPublicKeyHex added
    - sign/verifyWithMessageHash method added to align RSAKey class
  - x509 1.1.0 to 1.1.1
    - encapsulated as class
    - getPublicKeyInfoPropOfCertPEM method added.
  - asn1hex 1.1.1 to 1.1.2
    - encapsulated as class

* Changes from 4.0.4 to 4.0.5 (2013-Aug-16)
  - crypto 1.1.1 to 1.1.2
    - KJUR.crypto.Mac (message authentication code) class added

* Changes from 4.0.3 to 4.0.4 (2013-Jul-30)
  - rsasign 1.2.4 to 1.2.5
    - verifyStringPSS argument change from BigInteger object biSig 
      to hexadecimal string hSig
      
* Changes from 4.0.2 to 4.0.3 (2013-Jul-29)
  - crypto.js 1.1.0 to 1.1.1
    - Signature and MessageDigest class supports default provider.
      So no need to specify provider.
    - DEFAULTPROVIDER property
    - add Util.hashString, Util.hashHex functions
  - pkcs5pkey 1.0.3 to 1.0.4 
    - add getRSAKeyFromPublicPKCS8PEM
    - add getRSAKeyFromPublicPKCS8Hex
  - rsasign 1.2.3 to 1.2.4
    - delete _RSASIGN_HASHHEXFUNC property
    - now rsasign supports any hash algorithm
      which is supported by KJUR.crypto.Util.hashString
  - add some QUnit test code
    - test/qunit-do-{pkcs5-pub, rsasign-pss}.html 

* Changes from 4.0.1 to 4.0.2 (2013-Jul-23)
  - RSAPSS signing and validation fix by Dave(github.com/davedoesdev)
    (base64x,crypto,rsasign)

* Changes from 4.0.0 to 4.0.1
  - rsasign-1.2.js
    - small fix for PSS by Dave's contribution (github.com/davedoesdev)
    - However still having issue in PSS
  - NEW base64x-1.1.js 
    - moved from github.com/kjur/jsjws

* Changes from 3.1.5 and 4.0.0 (2013-Jul-18)
  - newly added ECC key and ECDSA support
    - MODIFY crypto-1.1.js - Signature class now supports ECDSA
    - NEW ecdsa-modified-1.0.js - modifed version of Bitcoin ecdsa.js
    - NEW ecparam-1.0.js - ECC curve parameters definition
    - NEW ext/ec.js - Tom Wu's EC library
    - NEW ext/ec-patch.js - patch to Tom Wu's EC library by Bitcoin
    - supported curves are secp{256r1,256k1,384r1}

* Changes from 3.1.4 and 3.1.5 (2013-Jun-11)
  - move third party library to ext directory.
  - fix script URLs in sample-rsasign.html 

* Changes from 3.1.3 and 3.1.4 (2013-May-31)
  - asn1-1.0.js update 1.0.1 to 1.0.2
    - method ASN1Util.getPEMStringFromHex added
  - asn1x509-1.0.js update 1.0.3 to 1.0.4
    - mehtod X509Util.getPKCS8PubKeyPEMfromRSAKey added

* Changes from 3.1.2 and 3.1.3 (2013-May-28)
  - crypto-1.0.js update 1.0.3 to 1.0.4
    - support "sjcl" (i.e. Stanford JavaScript Crypto Library) 
      provider with sha256 in MessageDigest class

* Changes from 3.1.1 and 3.1.2 (2013-May-27)
  - pkcs5pkey-1.0.js update 1.0.2 to 1.0.3
    - following method added to support loading encrypted PKCS#8 priavte key
      - getRSAKeyFromEncryptedPKCS8PEM
      - getPlainPKCS8HexFromEncryptedPKCS8PEM
      - getPBKDF2KeyHexFromParam
      - parseHexOfEncryptedPKCS8
      - getRSAKeyFromPlainPKCS8Hex

* Changes from 3.1.0 and 3.1.1
  - pkcs5pkey-1.0.js update 1.0.1 to 1.0.2
    - method 'getRSAKeyFromEncryptedPKCS5PEM', 'getEryptedPKCS5PEMFromPrvKeyHex'
      'getEryptedPKCS5PEMFromRSAKey' and 'newEncryptedPKCS5PEM'
      added to PKCS5PKEY to get encrypted PEM key.

* Changes from 3.0.5 and 3.1.0
  - asn1x509-1.0.js update 1.0.2 to 1.0.3
    CRL, TBSCertList and CRLEntry class added to KJUR.asn1.x509
    to issue CRL.

* Changes from 3.0.4 and 3.0.5
  - pkcs5peky-1.0 update 1.0.0 to 1.0.1
    method getRSAKeyFromPlainPKCS8PEM added to PKCS5PKEY class to load
    unencrypted PEM formatted PKCS#8 private key.

* Changes from 3.0.3 and 3.0.4
  - rsasign-1.2.js update 1.2.1 to 1.2.2
    - hash algs used were changed from  to MessageDigest(CryptoJS base). 
      So now jsrsasign doesn't use Paul Johnston's
      hash library(http://pajhome.org.uk/crypt/md5/md5.html).
      Paul's scripts will be concluded approx. one year for know then
      their scripts and LICENSE notice will be removed then.
  - crypto-1.0.js update 1.0.2 to 1.0.3
    - add static hash functions {md5,sha1,sha256,sha512,ripemd160} to KJUR.crypto.Util

* Changes from 3.0.2 and 3.0.3
  - asn1x509-1.0.js update to 1.0.1
    - ExtKeyUsage extension class added.

* Changes from 3.0.1 and 3.0.2
  - crypto-1.0.js update to 1.0.2
    - Signature now supports signature verification:
      - initVerifyByPublicKey and initVerifyByCertificatePEM method
        added.

* Changes from 3.0.0 and 3.0.1
  - crypto-1.0.js update to 1.0.1
    - MessageDigest class now support md5, sha224, sha256, sha384, 
      sha512 and ripemd160 of 'cryptojs' provider.
    - Signature class now support {MD5,SHA224,SHA256,SHA384,
      SHA512,RIPEMD160}withRSA of 'cryptojs/jsrsa' provider.
    - Signature class constructor now supports 
      'prvkeypem' parameter to specify signing private key.
  - asn1x509-1.0.js update to 1.0.1
    - Certificate.setRsaPrvKeyByPEMandPass(pem,pass) method added and
      supports new constructor property 'rsaprvpem' and 'rsaprvpas'.

* Changes from 2.0.0 and 3.0.0
  - New features:
    - crypto-1.0.js: MessageDigest and Signature class like Java JCE
    - asn1-1.0.js  : ASN.1 Primitive Encoder class
    - asn1x509-1.0.js: ASN.1 class for X.509 certificate
  - merge David Halls's contribution. 
    (https://github.com/davedoesdev, Thanks! Dave.)
    - rsa.js: update for PKCS#1 OAEP support
    - rsa2.js: update for PKCS#1 OAEP support
    - rsasign-1.2.js: add PSS support (1.2.1)
    - jsbn.js: small fix
    - jsbn2.js: update for probable prime fix, bnSquare
    - base64.js: small fix
  - gradually moving to CryptoJS library from other hash library

* Changes from 1.3.1 and 2.0.0 [Apr 14, 2013]0
  - newly added pkcs5pkey.js and PKCS5PKEY class to support 
    passcode encrypted PKCS#5 private key.

* Changes from 1.3 and 1.3.1 [Apr 14, 2013]
  - rsapem.js updated to 1.1 to 1.1.1
    - method RSAKey.readPrivateKeyFromASN1HexString added.

* Changes from 1.2.1 and 1.3 [May 10, 2012]
  - ASN1HEX class defined in asn1hex.js
  - update x509.js and rsapem.js for ASN1HEX class.
  - enhance ASN1HEX and X509class.
  - JavaScript API document is available.

* Changes from 1.2 and 1.2.1 [May 03, 2012]
  - now minified files also provided

* Changes from 1.1 and 1.2 [Apr 30, 2012]
  - fixed critial signature generation and verification bug related to
    zero padding of big integer.
  - add MD5, SHA512 and RIPEMD-160 support
  - default hash libraries were changed which was developed by
    Paul Johnston (See http://pajhome.org.uk/crypt/md5/md5.html).
  - now download site is hosted on github.

* Changes from 1.0 and 1.1 [Sep 25, 2010]
  - some web contents update

* 1.0 Initial Relasse [Jun 03, 2010]


