Jwcrypto

The jwcrypto implementation of the RSA1_5 algorithm was found vulnerable to the Million Message Attack described in RFC 3128.

A timing attack could be leveraged against the implementation to detect when a chosen ciphertext generates a valid header and padding because invalid header/padding generates a code exception and cryptographic operations are terminated earlier resulting in faster processing measurable over the network.

Many thanks to Dennis Detering dennis.deteringrub.de for discovering and reporting this vulnerability.

A regression was introduced in 0.3.0 that caused issues in FreeIPA and Custodia projects.
Also docs version and tox/travis configurations were improved to test Python 3.4 and 3.5
Python 3.3 is not officially supported anymore

This version completes the support for all algorithms specified by the JOSE RFCs, as well as adds better interfaces to deal with JWKs and implements the JWK Thumbprint standard too.

Some interfaces have also been deprecated, and marked as such in the documentation, they may be removed in a future release.

Fixed a few issues with symmetric and EC keys generation.
Added more tests and Travis CI integration.

Now that the JOSE working group has produced official RFC it is time for a new release that updates all references and fixes a few bugs recently discovered while using the library