v1.16.1

• Fixes for #60 (correctly encoding certificates with expiry dates >=2050), #62 (accepting PKCS#8 EC private keys with missing public key parts)

v1.16.0

• Add support for SPKI fingerprints, PuTTY PPK format (public-key only for now), PKCS#8 PBKDF2 encrypted private keys
• Fix for #48

v1.15.2

• New API for accessing x509 extensions in certificates
• Fixes for #52, #50

v1.14.1

• Remove all remaining usage of jodid25519 (abandoned dep)
• Add support for DNSSEC key format
• Add support for Ed25519 keys in PEM format (according to draft-curdle-pkix)
• Fixes for X.509 encoding issues (asn.1 NULLs in RSA certs, cert string type mangling)
• Performance issues parsing long SSH public keys

v1.13.0

• Support SSH-format rsa-sha2-256 signatures (e.g. so the SSH agent can sign using RSA-SHA256)

v1.12.0

• Support for generating ECDSA keys using generatePrivateKey()
• Minimum for sshpk-agent to be able to sign new certificates using an agent key

v1.11.0

• Added support for X.509 extKeyUsage

v1.10.0

• Added support for OpenSSH format encrypted private keys (the ssh-keygen -o format, with a passphrase)

v1.9.1

• New Certificate API, basic support for OpenSSH and X.509 certificates
• Fixed a bug with padding on DSA signatures

v1.8.3

• Use plain hash algorithm names as the argument to crypto.createSign and createVerify -- avoids the output of spurious Unknown message digest to stdout on node 0.10.x