node-http-signature changelog

node-http-signature changelog


  • Version of dependency assert-plus updated: old version was missing some license information
  • Corrected examples in, added auto-tests to automatically validate these examples


  • Bump version of sshpk dependency, remove peerDependency on it since it now supports exchanging objects between multiple versions of itself where possible


  • Bump min version of jsprim dependency, to include fixes for using http-signature with browserify


  • Bump minimum version of sshpk dependency, to include fixes for whitespace tolerance in key parsing.


  • First semver release.
  • #36: Ensure verifySignature does not leak useful timing information
  • #42: Bring the library up to the latest version of the spec (including the request-target changes)
  • Support for ECDSA keys and signatures.
  • Now uses sshpk for key parsing, validation and conversion.
  • Fixes for #21, #47, #39 and compatibility with node 0.8


  • Split up HMAC and Signature verification to avoid vulnerabilities where a key intended for use with one can be validated against the other method instead.


  • Updated versions of most dependencies.
  • Utility functions exported for PEM => SSH-RSA conversion.
  • Improvements to tests and examples.